Role Information
Details and metadata
a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2
Change History
Track all modifications to this role since 2025-12-15 01:08:16+00:00
Updated On
Event Type
Summary & Details
2025-12-14 23:49:13
Initial Scan
Show full JSON
{
"properties": {
"roleName": "LocalNGFirewallAdministrator role",
"type": "BuiltInRole",
"description": "Allows user to create, modify, describe, or delete NGFirewalls.",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"PaloAltoNetworks.Cloudngfw/firewalls/*",
"PaloAltoNetworks.Cloudngfw/localRulestacks/read",
"PaloAltoNetworks.Cloudngfw/globalRulestacks/read",
"PaloAltoNetworks.Cloudngfw/Locations/operationStatuses/read",
"Microsoft.OperationalInsights/workspaces/write",
"Microsoft.OperationalInsights/workspaces/sharedKeys/read",
"Microsoft.OperationalInsights/workspaces/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Support/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/publicIPAddresses/write",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/publicIPAddresses/join/action",
"Microsoft.Network/networkVirtualAppliances/read",
"Microsoft.Network/networkVirtualAppliances/write",
"Microsoft.Network/networkVirtualAppliances/delete",
"Microsoft.Network/virtualHubs/read",
"Microsoft.Network/virtualWans/read",
"Microsoft.Network/virtualWans/virtualHubs/read",
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/networkSecurityGroups/join/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"createdOn": "2023-02-07T16:15:04.736Z",
"updatedOn": "2023-03-15T15:30:00.14Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2"
}
2025-12-14 23:49:13
Initial Scan
View details
{
"properties": {
"roleName": "LocalNGFirewallAdministrator role",
"type": "BuiltInRole",
"description": "Allows user to create, modify, describe, or delete NGFirewalls.",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"PaloAltoNetworks.Cloudngfw/firewalls/*",
"PaloAltoNetworks.Cloudngfw/localRulestacks/read",
"PaloAltoNetworks.Cloudngfw/globalRulestacks/read",
"PaloAltoNetworks.Cloudngfw/Locations/operationStatuses/read",
"Microsoft.OperationalInsights/workspaces/write",
"Microsoft.OperationalInsights/workspaces/sharedKeys/read",
"Microsoft.OperationalInsights/workspaces/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Support/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/publicIPAddresses/write",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/publicIPAddresses/join/action",
"Microsoft.Network/networkVirtualAppliances/read",
"Microsoft.Network/networkVirtualAppliances/write",
"Microsoft.Network/networkVirtualAppliances/delete",
"Microsoft.Network/virtualHubs/read",
"Microsoft.Network/virtualWans/read",
"Microsoft.Network/virtualWans/virtualHubs/read",
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/networkSecurityGroups/join/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"createdOn": "2023-02-07T16:15:04.736Z",
"updatedOn": "2023-03-15T15:30:00.14Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2"
}
Latest Role JSON
Raw definition from Azure
{
"properties": {
"roleName": "LocalNGFirewallAdministrator role",
"type": "BuiltInRole",
"description": "Allows user to create, modify, describe, or delete NGFirewalls.",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"PaloAltoNetworks.Cloudngfw/firewalls/*",
"PaloAltoNetworks.Cloudngfw/localRulestacks/read",
"PaloAltoNetworks.Cloudngfw/globalRulestacks/read",
"PaloAltoNetworks.Cloudngfw/Locations/operationStatuses/read",
"Microsoft.OperationalInsights/workspaces/write",
"Microsoft.OperationalInsights/workspaces/sharedKeys/read",
"Microsoft.OperationalInsights/workspaces/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Support/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/publicIPAddresses/write",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/publicIPAddresses/join/action",
"Microsoft.Network/networkVirtualAppliances/read",
"Microsoft.Network/networkVirtualAppliances/write",
"Microsoft.Network/networkVirtualAppliances/delete",
"Microsoft.Network/virtualHubs/read",
"Microsoft.Network/virtualWans/read",
"Microsoft.Network/virtualWans/virtualHubs/read",
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/networkSecurityGroups/join/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"createdOn": "2023-02-07T16:15:04.736Z",
"updatedOn": "2023-03-15T15:30:00.14Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2"
}
Effective Permissions
Operations granted by this role (88 total)
Permission Patterns (from role definition)
Actions
28 patterns
PaloAltoNetworks.Cloudngfw/firewalls/*
PaloAltoNetworks.Cloudngfw/localRulestacks/read
PaloAltoNetworks.Cloudngfw/globalRulestacks/read
PaloAltoNetworks.Cloudngfw/Locations/operationStatuses/read
Microsoft.OperationalInsights/workspaces/write
Microsoft.OperationalInsights/workspaces/sharedKeys/read
Microsoft.OperationalInsights/workspaces/read
Microsoft.Authorization/*/read
Microsoft.Insights/alertRules/*
Microsoft.Insights/metrics/read
Microsoft.Insights/metricDefinitions/read
Microsoft.Resources/deployments/*
Microsoft.Resources/subscriptions/resourceGroups/read
Microsoft.ResourceHealth/availabilityStatuses/read
Microsoft.Support/*
Microsoft.Network/virtualNetworks/read
Microsoft.Network/virtualNetworks/subnets/join/action
Microsoft.Network/publicIPAddresses/write
Microsoft.Network/publicIPAddresses/read
Microsoft.Network/publicIPAddresses/join/action
Microsoft.Network/networkVirtualAppliances/read
Microsoft.Network/networkVirtualAppliances/write
Microsoft.Network/networkVirtualAppliances/delete
Microsoft.Network/virtualHubs/read
Microsoft.Network/virtualWans/read
Microsoft.Network/virtualWans/virtualHubs/read
Microsoft.Network/networkSecurityGroups/read
Microsoft.Network/networkSecurityGroups/join/action