Back to Operation

Azure Resilience Management Goals Administrator

Azure Built-in Role

Role Information

Details and metadata

Role ID
a2b7cc47-30ec-462f-a2f4-9ac6e1c266af
Type
BuiltInRole
Last Updated (Azure)
2025-10-22 15:31:31

Change History

Track all modifications to this role

2025-10-22 15:31:31 Created
View details
+ {
+ "properties": {
+ "roleName": "Azure Resilience Management Goals Administrator",
+ "type": "BuiltInRole",
+ "description": "This role allows users to view, assign and delete resiliency goals for the service group, as well as modify the list of service group members that get evaluated against the goal. This role also allows a user to assign goal related permissions to other users.",
+ "assignableScopes": [
+ "/"
+ ],
+ "permissions": [
+ {
+ "actions": [
+ "Microsoft.Authorization/roleAssignments/write"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": [],
+ "Condition": "@Resource[HasObotoken] boolequals true && (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {de754d53-652d-4c75-a67f-1e48d8b49c97, acdd72a7-3385-48ef-bd42-f606fba81ae7, b0d8363b-8ddd-447d-831f-62ca05bff136, b24988ac-6180-42a0-ab88-20f7382dd24c, 7c2e40b7-25eb-482a-82cb-78ba06cb46d5})",
+ "ConditionVersion": "2.0"
+ },
+ {
+ "actions": [
+ "Microsoft.Authorization/*/read",
+ "Microsoft.Management/ServiceGroups/read",
+ "Microsoft.Relationships/ServiceGroupMember/read",
+ "Microsoft.AzureResilienceManagement/goalTemplates/*",
+ "Microsoft.AzureResilienceManagement/goalAssignments/*",
+ "Microsoft.AzureResilienceManagement/goalAssignments/goalResources/*",
+ "Microsoft.AzureResilienceManagement/locations/operationStatuses/read",
+ "Microsoft.AzureResilienceManagement/operations/read"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": []
+ }
+ ],
+ "createdOn": "2025-10-22T15:31:31.373Z",
+ "updatedOn": "2025-10-22T15:31:31.373Z",
+ "createdBy": null,
+ "updatedBy": null
+ },
+ "id": "/providers/Microsoft.Authorization/roleDefinitions/a2b7cc47-30ec-462f-a2f4-9ac6e1c266af",
+ "type": "Microsoft.Authorization/roleDefinitions",
+ "name": "a2b7cc47-30ec-462f-a2f4-9ac6e1c266af"
+ }

Latest Role JSON

Raw definition from Azure

{
  "properties": {
    "roleName": "Azure Resilience Management Goals Administrator",
    "type": "BuiltInRole",
    "description": "This role allows users to view, assign and delete resiliency goals for the service group, as well as modify the list of service group members that get evaluated against the goal. This role also allows a user to assign goal related permissions to other users.",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Authorization/roleAssignments/write"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": [],
        "Condition": "@Resource[HasObotoken] boolequals true && (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {de754d53-652d-4c75-a67f-1e48d8b49c97, acdd72a7-3385-48ef-bd42-f606fba81ae7, b0d8363b-8ddd-447d-831f-62ca05bff136, b24988ac-6180-42a0-ab88-20f7382dd24c, 7c2e40b7-25eb-482a-82cb-78ba06cb46d5})",
        "ConditionVersion": "2.0"
      },
      {
        "actions": [
          "Microsoft.Authorization/*/read",
          "Microsoft.Management/ServiceGroups/read",
          "Microsoft.Relationships/ServiceGroupMember/read",
          "Microsoft.AzureResilienceManagement/goalTemplates/*",
          "Microsoft.AzureResilienceManagement/goalAssignments/*",
          "Microsoft.AzureResilienceManagement/goalAssignments/goalResources/*",
          "Microsoft.AzureResilienceManagement/locations/operationStatuses/read",
          "Microsoft.AzureResilienceManagement/operations/read"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      }
    ],
    "createdOn": "2025-10-22T15:31:31.373Z",
    "updatedOn": "2025-10-22T15:31:31.373Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/a2b7cc47-30ec-462f-a2f4-9ac6e1c266af",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "a2b7cc47-30ec-462f-a2f4-9ac6e1c266af"
}

Effective Permissions

Operations granted by this role (42 total)

Conditional Permissions

This role has conditions that may restrict effective permissions based on context (e.g., resource attributes, request properties).

Permission Patterns (from role definition)

Actions 9 patterns
Microsoft.Authorization/roleAssignments/write Microsoft.Authorization/*/read Microsoft.Management/ServiceGroups/read Microsoft.Relationships/ServiceGroupMember/read Microsoft.AzureResilienceManagement/goalTemplates/* Microsoft.AzureResilienceManagement/goalAssignments/* Microsoft.AzureResilienceManagement/goalAssignments/goalResources/* Microsoft.AzureResilienceManagement/locations/operationStatuses/read Microsoft.AzureResilienceManagement/operations/read

Control Plane Operations (42)

Data Plane Operations (0)

No data plane operations granted