Role Information
Details and metadata
bf2b6809-e9a5-4aea-a6e1-40a9dc8c43a7
Change History
Track all modifications to this role since 2025-12-15 01:08:16+00:00
Updated On
Event Type
Summary & Details
2024-10-16 15:31:52
Created
Show full JSON diff
+ {
+ "properties": {
+ "roleName": "Landing Zone Account Owner",
+ "type": "BuiltInRole",
+ "description": "Microsoft.Sovereign Landing Zone Account Owner allowing to review and modify Landing Zone Account, Landing Zone Configurations, as well as reading and adding Landing Zone Registrations. Also enables read-access to policies and management groups for enabling the full user experience of the Sovereign Services RP in the Azure Portal (as otherwise some elements might not be accessible to end users).",
+ "assignableScopes": [
+ "/"
+ ],
+ "permissions": [
+ {
+ "actions": [
+ "Microsoft.Sovereign/landingZoneAccounts/*",
+ "Microsoft.Authorization/*/read",
+ "Microsoft.Resources/deployments/*"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": []
+ }
+ ],
+ "createdOn": "2024-10-16T15:31:52.076Z",
+ "updatedOn": "2024-10-16T15:31:52.076Z",
+ "createdBy": null,
+ "updatedBy": null
+ },
+ "id": "/providers/Microsoft.Authorization/roleDefinitions/bf2b6809-e9a5-4aea-a6e1-40a9dc8c43a7",
+ "type": "Microsoft.Authorization/roleDefinitions",
+ "name": "bf2b6809-e9a5-4aea-a6e1-40a9dc8c43a7"
+ }
2024-10-16 15:31:52
Created
View details
+ {
+ "properties": {
+ "roleName": "Landing Zone Account Owner",
+ "type": "BuiltInRole",
+ "description": "Microsoft.Sovereign Landing Zone Account Owner allowing to review and modify Landing Zone Account, Landing Zone Configurations, as well as reading and adding Landing Zone Registrations. Also enables read-access to policies and management groups for enabling the full user experience of the Sovereign Services RP in the Azure Portal (as otherwise some elements might not be accessible to end users).",
+ "assignableScopes": [
+ "/"
+ ],
+ "permissions": [
+ {
+ "actions": [
+ "Microsoft.Sovereign/landingZoneAccounts/*",
+ "Microsoft.Authorization/*/read",
+ "Microsoft.Resources/deployments/*"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": []
+ }
+ ],
+ "createdOn": "2024-10-16T15:31:52.076Z",
+ "updatedOn": "2024-10-16T15:31:52.076Z",
+ "createdBy": null,
+ "updatedBy": null
+ },
+ "id": "/providers/Microsoft.Authorization/roleDefinitions/bf2b6809-e9a5-4aea-a6e1-40a9dc8c43a7",
+ "type": "Microsoft.Authorization/roleDefinitions",
+ "name": "bf2b6809-e9a5-4aea-a6e1-40a9dc8c43a7"
+ }
Latest Role JSON
Raw definition from Azure
{
"properties": {
"roleName": "Landing Zone Account Owner",
"type": "BuiltInRole",
"description": "Microsoft.Sovereign Landing Zone Account Owner allowing to review and modify Landing Zone Account, Landing Zone Configurations, as well as reading and adding Landing Zone Registrations. Also enables read-access to policies and management groups for enabling the full user experience of the Sovereign Services RP in the Azure Portal (as otherwise some elements might not be accessible to end users).",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"Microsoft.Sovereign/landingZoneAccounts/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"createdOn": "2024-10-16T15:31:52.076Z",
"updatedOn": "2024-10-16T15:31:52.076Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/bf2b6809-e9a5-4aea-a6e1-40a9dc8c43a7",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "bf2b6809-e9a5-4aea-a6e1-40a9dc8c43a7"
}
Effective Permissions
Operations granted by this role (52 total)
Permission Patterns (from role definition)
Actions
3 patterns
Microsoft.Sovereign/landingZoneAccounts/*
Microsoft.Authorization/*/read
Microsoft.Resources/deployments/*
Control Plane Operations (52)
No matching operations
/ shown
Data Plane Operations (0)
No data plane operations granted