Back to Operation

Azure Stack HCI VM Contributor

Azure Built-in Role

Role Information

Details and metadata

Role ID
874d1c73-6003-4e60-a13a-cb31ea190a85
Type
BuiltInRole
Last Updated (Azure)
2024-06-25 15:20:19

Change History

Track all modifications to this role since 2025-12-15 01:08:16+00:00

2024-06-25 15:20:19 Initial Scan
View details 
{
  "properties": {
    "roleName": "Azure Stack HCI VM Contributor",
    "type": "BuiltInRole",
    "description": "Grants permissions to perform all VM actions",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.AzureStackHCI/VirtualMachines/*",
          "Microsoft.AzureStackHCI/virtualMachineInstances/*",
          "Microsoft.AzureStackHCI/NetworkInterfaces/*",
          "Microsoft.AzureStackHCI/VirtualHardDisks/*",
          "Microsoft.AzureStackHCI/VirtualNetworks/Read",
          "Microsoft.AzureStackHCI/VirtualNetworks/join/action",
          "Microsoft.AzureStackHCI/LogicalNetworks/Read",
          "Microsoft.AzureStackHCI/LogicalNetworks/join/action",
          "Microsoft.AzureStackHCI/GalleryImages/Read",
          "Microsoft.AzureStackHCI/GalleryImages/deploy/action",
          "Microsoft.AzureStackHCI/StorageContainers/Read",
          "Microsoft.AzureStackHCI/StorageContainers/deploy/action",
          "Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read",
          "Microsoft.AzureStackHCI/MarketPlaceGalleryImages/deploy/action",
          "Microsoft.AzureStackHCI/Clusters/Read",
          "Microsoft.AzureStackHCI/Clusters/ArcSettings/Read",
          "Microsoft.AzureStackHCI/NetworkSecurityGroups/Read",
          "Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read",
          "Microsoft.Insights/AlertRules/Write",
          "Microsoft.Insights/AlertRules/Delete",
          "Microsoft.Insights/AlertRules/Read",
          "Microsoft.Insights/AlertRules/Activated/Action",
          "Microsoft.Insights/AlertRules/Resolved/Action",
          "Microsoft.Insights/AlertRules/Throttled/Action",
          "Microsoft.Insights/AlertRules/Incidents/Read",
          "Microsoft.Resources/deployments/read",
          "Microsoft.Resources/deployments/write",
          "Microsoft.Resources/deployments/delete",
          "Microsoft.Resources/deployments/cancel/action",
          "Microsoft.Resources/deployments/validate/action",
          "Microsoft.Resources/deployments/whatIf/action",
          "Microsoft.Resources/deployments/exportTemplate/action",
          "Microsoft.Resources/deployments/operations/read",
          "Microsoft.Resources/deployments/operationstatuses/read",
          "Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
          "Microsoft.Resources/subscriptions/resourcegroups/deployments/write",
          "Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
          "Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read",
          "Microsoft.ResourceHealth/availabilityStatuses/read",
          "Microsoft.Authorization/*/read",
          "Microsoft.Resources/subscriptions/read",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Resources/subscriptions/operationresults/read",
          "Microsoft.HybridCompute/machines/read",
          "Microsoft.HybridCompute/machines/write",
          "Microsoft.HybridCompute/machines/delete",
          "Microsoft.HybridCompute/machines/UpgradeExtensions/action",
          "Microsoft.HybridCompute/machines/assessPatches/action",
          "Microsoft.HybridCompute/machines/installPatches/action",
          "Microsoft.HybridCompute/machines/extensions/read",
          "Microsoft.HybridCompute/machines/extensions/write",
          "Microsoft.HybridCompute/machines/extensions/delete",
          "Microsoft.HybridCompute/operations/read",
          "Microsoft.HybridCompute/locations/operationresults/read",
          "Microsoft.HybridCompute/locations/operationstatus/read",
          "Microsoft.HybridCompute/machines/patchAssessmentResults/read",
          "Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read",
          "Microsoft.HybridCompute/machines/patchInstallationResults/read",
          "Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read",
          "Microsoft.HybridCompute/locations/updateCenterOperationResults/read",
          "Microsoft.HybridCompute/machines/hybridIdentityMetadata/read",
          "Microsoft.HybridCompute/osType/agentVersions/read",
          "Microsoft.HybridCompute/osType/agentVersions/latest/read",
          "Microsoft.HybridCompute/machines/runcommands/read",
          "Microsoft.HybridCompute/machines/runcommands/write",
          "Microsoft.HybridCompute/machines/runcommands/delete",
          "Microsoft.HybridCompute/machines/licenseProfiles/read",
          "Microsoft.HybridCompute/machines/licenseProfiles/write",
          "Microsoft.HybridCompute/machines/licenseProfiles/delete",
          "Microsoft.HybridCompute/licenses/read",
          "Microsoft.HybridCompute/licenses/write",
          "Microsoft.HybridCompute/licenses/delete",
          "Microsoft.ExtendedLocation/customLocations/Read",
          "Microsoft.ExtendedLocation/customLocations/deploy/action",
          "Microsoft.KubernetesConfiguration/extensions/read"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      }
    ],
    "createdOn": "2023-10-24T15:25:57.305Z",
    "updatedOn": "2024-06-25T15:20:19.474Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/874d1c73-6003-4e60-a13a-cb31ea190a85",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "874d1c73-6003-4e60-a13a-cb31ea190a85"
}

Latest Role JSON

Raw definition from Azure

{
  "properties": {
    "roleName": "Azure Stack HCI VM Contributor",
    "type": "BuiltInRole",
    "description": "Grants permissions to perform all VM actions",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.AzureStackHCI/VirtualMachines/*",
          "Microsoft.AzureStackHCI/virtualMachineInstances/*",
          "Microsoft.AzureStackHCI/NetworkInterfaces/*",
          "Microsoft.AzureStackHCI/VirtualHardDisks/*",
          "Microsoft.AzureStackHCI/VirtualNetworks/Read",
          "Microsoft.AzureStackHCI/VirtualNetworks/join/action",
          "Microsoft.AzureStackHCI/LogicalNetworks/Read",
          "Microsoft.AzureStackHCI/LogicalNetworks/join/action",
          "Microsoft.AzureStackHCI/GalleryImages/Read",
          "Microsoft.AzureStackHCI/GalleryImages/deploy/action",
          "Microsoft.AzureStackHCI/StorageContainers/Read",
          "Microsoft.AzureStackHCI/StorageContainers/deploy/action",
          "Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read",
          "Microsoft.AzureStackHCI/MarketPlaceGalleryImages/deploy/action",
          "Microsoft.AzureStackHCI/Clusters/Read",
          "Microsoft.AzureStackHCI/Clusters/ArcSettings/Read",
          "Microsoft.AzureStackHCI/NetworkSecurityGroups/Read",
          "Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read",
          "Microsoft.Insights/AlertRules/Write",
          "Microsoft.Insights/AlertRules/Delete",
          "Microsoft.Insights/AlertRules/Read",
          "Microsoft.Insights/AlertRules/Activated/Action",
          "Microsoft.Insights/AlertRules/Resolved/Action",
          "Microsoft.Insights/AlertRules/Throttled/Action",
          "Microsoft.Insights/AlertRules/Incidents/Read",
          "Microsoft.Resources/deployments/read",
          "Microsoft.Resources/deployments/write",
          "Microsoft.Resources/deployments/delete",
          "Microsoft.Resources/deployments/cancel/action",
          "Microsoft.Resources/deployments/validate/action",
          "Microsoft.Resources/deployments/whatIf/action",
          "Microsoft.Resources/deployments/exportTemplate/action",
          "Microsoft.Resources/deployments/operations/read",
          "Microsoft.Resources/deployments/operationstatuses/read",
          "Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
          "Microsoft.Resources/subscriptions/resourcegroups/deployments/write",
          "Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
          "Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read",
          "Microsoft.ResourceHealth/availabilityStatuses/read",
          "Microsoft.Authorization/*/read",
          "Microsoft.Resources/subscriptions/read",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Resources/subscriptions/operationresults/read",
          "Microsoft.HybridCompute/machines/read",
          "Microsoft.HybridCompute/machines/write",
          "Microsoft.HybridCompute/machines/delete",
          "Microsoft.HybridCompute/machines/UpgradeExtensions/action",
          "Microsoft.HybridCompute/machines/assessPatches/action",
          "Microsoft.HybridCompute/machines/installPatches/action",
          "Microsoft.HybridCompute/machines/extensions/read",
          "Microsoft.HybridCompute/machines/extensions/write",
          "Microsoft.HybridCompute/machines/extensions/delete",
          "Microsoft.HybridCompute/operations/read",
          "Microsoft.HybridCompute/locations/operationresults/read",
          "Microsoft.HybridCompute/locations/operationstatus/read",
          "Microsoft.HybridCompute/machines/patchAssessmentResults/read",
          "Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read",
          "Microsoft.HybridCompute/machines/patchInstallationResults/read",
          "Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read",
          "Microsoft.HybridCompute/locations/updateCenterOperationResults/read",
          "Microsoft.HybridCompute/machines/hybridIdentityMetadata/read",
          "Microsoft.HybridCompute/osType/agentVersions/read",
          "Microsoft.HybridCompute/osType/agentVersions/latest/read",
          "Microsoft.HybridCompute/machines/runcommands/read",
          "Microsoft.HybridCompute/machines/runcommands/write",
          "Microsoft.HybridCompute/machines/runcommands/delete",
          "Microsoft.HybridCompute/machines/licenseProfiles/read",
          "Microsoft.HybridCompute/machines/licenseProfiles/write",
          "Microsoft.HybridCompute/machines/licenseProfiles/delete",
          "Microsoft.HybridCompute/licenses/read",
          "Microsoft.HybridCompute/licenses/write",
          "Microsoft.HybridCompute/licenses/delete",
          "Microsoft.ExtendedLocation/customLocations/Read",
          "Microsoft.ExtendedLocation/customLocations/deploy/action",
          "Microsoft.KubernetesConfiguration/extensions/read"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      }
    ],
    "createdOn": "2023-10-24T15:25:57.305Z",
    "updatedOn": "2024-06-25T15:20:19.474Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/874d1c73-6003-4e60-a13a-cb31ea190a85",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "874d1c73-6003-4e60-a13a-cb31ea190a85"
}

Effective Permissions

Operations granted by this role (125 total)

Permission Patterns (from role definition)

Actions 75 patterns
Microsoft.AzureStackHCI/VirtualMachines/* Microsoft.AzureStackHCI/virtualMachineInstances/* Microsoft.AzureStackHCI/NetworkInterfaces/* Microsoft.AzureStackHCI/VirtualHardDisks/* Microsoft.AzureStackHCI/VirtualNetworks/Read Microsoft.AzureStackHCI/VirtualNetworks/join/action Microsoft.AzureStackHCI/LogicalNetworks/Read Microsoft.AzureStackHCI/LogicalNetworks/join/action Microsoft.AzureStackHCI/GalleryImages/Read Microsoft.AzureStackHCI/GalleryImages/deploy/action Microsoft.AzureStackHCI/StorageContainers/Read Microsoft.AzureStackHCI/StorageContainers/deploy/action Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read Microsoft.AzureStackHCI/MarketPlaceGalleryImages/deploy/action Microsoft.AzureStackHCI/Clusters/Read Microsoft.AzureStackHCI/Clusters/ArcSettings/Read Microsoft.AzureStackHCI/NetworkSecurityGroups/Read Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read Microsoft.Insights/AlertRules/Write Microsoft.Insights/AlertRules/Delete Microsoft.Insights/AlertRules/Read Microsoft.Insights/AlertRules/Activated/Action Microsoft.Insights/AlertRules/Resolved/Action Microsoft.Insights/AlertRules/Throttled/Action Microsoft.Insights/AlertRules/Incidents/Read Microsoft.Resources/deployments/read Microsoft.Resources/deployments/write Microsoft.Resources/deployments/delete Microsoft.Resources/deployments/cancel/action Microsoft.Resources/deployments/validate/action Microsoft.Resources/deployments/whatIf/action Microsoft.Resources/deployments/exportTemplate/action Microsoft.Resources/deployments/operations/read Microsoft.Resources/deployments/operationstatuses/read Microsoft.Resources/subscriptions/resourcegroups/deployments/read Microsoft.Resources/subscriptions/resourcegroups/deployments/write Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read Microsoft.ResourceHealth/availabilityStatuses/read Microsoft.Authorization/*/read Microsoft.Resources/subscriptions/read Microsoft.Resources/subscriptions/resourceGroups/read Microsoft.Resources/subscriptions/operationresults/read Microsoft.HybridCompute/machines/read Microsoft.HybridCompute/machines/write Microsoft.HybridCompute/machines/delete Microsoft.HybridCompute/machines/UpgradeExtensions/action Microsoft.HybridCompute/machines/assessPatches/action Microsoft.HybridCompute/machines/installPatches/action Microsoft.HybridCompute/machines/extensions/read Microsoft.HybridCompute/machines/extensions/write Microsoft.HybridCompute/machines/extensions/delete Microsoft.HybridCompute/operations/read Microsoft.HybridCompute/locations/operationresults/read Microsoft.HybridCompute/locations/operationstatus/read Microsoft.HybridCompute/machines/patchAssessmentResults/read Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read Microsoft.HybridCompute/machines/patchInstallationResults/read Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read Microsoft.HybridCompute/locations/updateCenterOperationResults/read Microsoft.HybridCompute/machines/hybridIdentityMetadata/read Microsoft.HybridCompute/osType/agentVersions/read Microsoft.HybridCompute/osType/agentVersions/latest/read Microsoft.HybridCompute/machines/runcommands/read Microsoft.HybridCompute/machines/runcommands/write Microsoft.HybridCompute/machines/runcommands/delete Microsoft.HybridCompute/machines/licenseProfiles/read Microsoft.HybridCompute/machines/licenseProfiles/write Microsoft.HybridCompute/machines/licenseProfiles/delete Microsoft.HybridCompute/licenses/read Microsoft.HybridCompute/licenses/write Microsoft.HybridCompute/licenses/delete Microsoft.ExtendedLocation/customLocations/Read Microsoft.ExtendedLocation/customLocations/deploy/action Microsoft.KubernetesConfiguration/extensions/read

Control Plane Operations (125)

Data Plane Operations (0)

No data plane operations granted