Role Information
Details and metadata
c20ab07d-648c-4fed-977e-f917d8095dfc
Change History
Track all modifications to this role
Updated On
Event Type
Summary & Details
2024-07-19 15:30:36
Created
Show full JSON diff
+ {
+ "properties": {
+ "roleName": "Azure Migrate Management Role",
+ "type": "BuiltInRole",
+ "description": "This role will let users grant permission to HybridOnboarding RP to manage extensions on their infrastructure. ",
+ "assignableScopes": [
+ "/"
+ ],
+ "permissions": [
+ {
+ "actions": [
+ "Microsoft.Resources/subscriptions/read",
+ "Microsoft.Resources/subscriptions/resourceGroups/read",
+ "Microsoft.Authorization/*/read",
+ "Microsoft.Insights/alertRules/*",
+ "Microsoft.Resources/deployments/*"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": [],
+ "Condition": "@Resource[HasObotoken] boolequals true",
+ "ConditionVersion": "2.0"
+ },
+ {
+ "actions": [
+ "Microsoft.Authorization/roleAssignments/write",
+ "Microsoft.Authorization/roleAssignments/delete"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": [],
+ "Condition": "@Resource[HasObotoken] boolequals true AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{85cb6faf-e071-4c9b-8136-154b5a04f717})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{85cb6faf-e071-4c9b-8136-154b5a04f717}))",
+ "ConditionVersion": "2.0"
+ }
+ ],
+ "createdOn": "2024-07-19T15:30:36.056Z",
+ "updatedOn": "2024-07-19T15:30:36.056Z",
+ "createdBy": null,
+ "updatedBy": null
+ },
+ "id": "/providers/Microsoft.Authorization/roleDefinitions/c20ab07d-648c-4fed-977e-f917d8095dfc",
+ "type": "Microsoft.Authorization/roleDefinitions",
+ "name": "c20ab07d-648c-4fed-977e-f917d8095dfc"
+ }
2024-07-19 15:30:36
Created
View details
+ {
+ "properties": {
+ "roleName": "Azure Migrate Management Role",
+ "type": "BuiltInRole",
+ "description": "This role will let users grant permission to HybridOnboarding RP to manage extensions on their infrastructure. ",
+ "assignableScopes": [
+ "/"
+ ],
+ "permissions": [
+ {
+ "actions": [
+ "Microsoft.Resources/subscriptions/read",
+ "Microsoft.Resources/subscriptions/resourceGroups/read",
+ "Microsoft.Authorization/*/read",
+ "Microsoft.Insights/alertRules/*",
+ "Microsoft.Resources/deployments/*"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": [],
+ "Condition": "@Resource[HasObotoken] boolequals true",
+ "ConditionVersion": "2.0"
+ },
+ {
+ "actions": [
+ "Microsoft.Authorization/roleAssignments/write",
+ "Microsoft.Authorization/roleAssignments/delete"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": [],
+ "Condition": "@Resource[HasObotoken] boolequals true AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{85cb6faf-e071-4c9b-8136-154b5a04f717})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{85cb6faf-e071-4c9b-8136-154b5a04f717}))",
+ "ConditionVersion": "2.0"
+ }
+ ],
+ "createdOn": "2024-07-19T15:30:36.056Z",
+ "updatedOn": "2024-07-19T15:30:36.056Z",
+ "createdBy": null,
+ "updatedBy": null
+ },
+ "id": "/providers/Microsoft.Authorization/roleDefinitions/c20ab07d-648c-4fed-977e-f917d8095dfc",
+ "type": "Microsoft.Authorization/roleDefinitions",
+ "name": "c20ab07d-648c-4fed-977e-f917d8095dfc"
+ }
Latest Role JSON
Raw definition from Azure
{
"properties": {
"roleName": "Azure Migrate Management Role",
"type": "BuiltInRole",
"description": "This role will let users grant permission to HybridOnboarding RP to manage extensions on their infrastructure. ",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"Condition": "@Resource[HasObotoken] boolequals true",
"ConditionVersion": "2.0"
},
{
"actions": [
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Authorization/roleAssignments/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"Condition": "@Resource[HasObotoken] boolequals true AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{85cb6faf-e071-4c9b-8136-154b5a04f717})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{85cb6faf-e071-4c9b-8136-154b5a04f717}))",
"ConditionVersion": "2.0"
}
],
"createdOn": "2024-07-19T15:30:36.056Z",
"updatedOn": "2024-07-19T15:30:36.056Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/c20ab07d-648c-4fed-977e-f917d8095dfc",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "c20ab07d-648c-4fed-977e-f917d8095dfc"
}
Effective Permissions
Operations granted by this role (51 total)
Conditional Permissions
This role has conditions that may restrict effective permissions based on context (e.g., resource attributes, request properties).
Permission Patterns (from role definition)
Actions
7 patterns
Microsoft.Resources/subscriptions/read
Microsoft.Resources/subscriptions/resourceGroups/read
Microsoft.Authorization/*/read
Microsoft.Insights/alertRules/*
Microsoft.Resources/deployments/*
Microsoft.Authorization/roleAssignments/write
Microsoft.Authorization/roleAssignments/delete