Back to Operation

Foundational RP Contributor

Azure Built-in Role

Role Information

Details and metadata

Role ID
c840cbbc-8508-4228-b700-ec6522a74314
Type
BuiltInRole
Last Updated (Azure)
2025-08-13 15:27:49

Change History

Track all modifications to this role

2025-08-13 15:27:49 Initial Scan
View details 
{
  "properties": {
    "roleName": "Foundational RP Contributor",
    "type": "BuiltInRole",
    "description": "Role for FRP customers to provision ARM resource types",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Authorization/locks/read",
          "Microsoft.Authorization/locks/write",
          "Microsoft.Authorization/roleAssignments/read",
          "Microsoft.Authorization/roleAssignments/write",
          "Microsoft.Cache/redis/read",
          "Microsoft.Cache/redis/write",
          "Microsoft.Compute/virtualMachines/read",
          "Microsoft.Compute/virtualMachines/write",
          "Microsoft.DocumentDB/databaseAccounts/read",
          "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/read",
          "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/write",
          "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/read",
          "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/storedProcedures/read",
          "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/storedProcedures/write",
          "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/throughputSettings/read",
          "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/throughputSettings/write",
          "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/write",
          "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/read",
          "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/write",
          "Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/write",
          "Microsoft.DocumentDB/databaseAccounts/tables/operationResults/read",
          "Microsoft.DocumentDB/databaseAccounts/tables/read",
          "Microsoft.DocumentDB/databaseAccounts/tables/write",
          "Microsoft.DocumentDB/databaseAccounts/write",
          "Microsoft.EventGrid/eventSubscriptions/read",
          "Microsoft.EventGrid/eventSubscriptions/write",
          "Microsoft.EventGrid/topics/read",
          "Microsoft.EventGrid/topics/write",
          "Microsoft.EventHub/namespaces/authorizationRules/read",
          "Microsoft.EventHub/namespaces/authorizationRules/write",
          "Microsoft.EventHub/namespaces/eventHubs/consumerGroups/read",
          "Microsoft.EventHub/namespaces/eventHubs/consumerGroups/write",
          "Microsoft.EventHub/namespaces/eventHubs/read",
          "Microsoft.EventHub/namespaces/eventHubs/write",
          "Microsoft.EventHub/namespaces/networkRuleSets/read",
          "Microsoft.EventHub/namespaces/networkRuleSets/write",
          "Microsoft.EventHub/namespaces/read",
          "Microsoft.EventHub/namespaces/write",
          "Microsoft.Insights/diagnosticSettings/read",
          "Microsoft.Insights/diagnosticSettings/write",
          "Microsoft.Insights/metricAlerts/read",
          "Microsoft.Insights/metricAlerts/write",
          "Microsoft.KeyVault/vaults/keys/read",
          "Microsoft.KeyVault/vaults/keys/write",
          "Microsoft.KeyVault/vaults/read",
          "Microsoft.KeyVault/vaults/secrets/read",
          "Microsoft.KeyVault/vaults/secrets/write",
          "Microsoft.KeyVault/vaults/write",
          "Microsoft.Kusto/clusters/databases/read",
          "Microsoft.Kusto/clusters/databases/write",
          "Microsoft.Kusto/clusters/dataConnections/read",
          "Microsoft.Kusto/clusters/dataConnections/write",
          "Microsoft.Kusto/clusters/read",
          "Microsoft.Kusto/clusters/write",
          "Microsoft.ManagedIdentity/userAssignedIdentities/read",
          "Microsoft.ManagedIdentity/userAssignedIdentities/write",
          "Microsoft.Network/dnsZones/A/read",
          "Microsoft.Network/dnsZones/A/write",
          "Microsoft.Network/dnsZones/CNAME/read",
          "Microsoft.Network/dnsZones/CNAME/write",
          "Microsoft.Network/dnsZones/NS/write",
          "Microsoft.Network/dnsZones/ptr/read",
          "Microsoft.Network/dnsZones/ptr/write",
          "Microsoft.Network/dnsZones/read",
          "Microsoft.Network/dnsZones/SRV/read",
          "Microsoft.Network/dnsZones/SRV/write",
          "Microsoft.Network/dnsZones/write",
          "Microsoft.Network/privateDnsZones/CNAME/read",
          "Microsoft.Network/privateDnsZones/CNAME/write",
          "Microsoft.Network/publicIPAddresses/read",
          "Microsoft.Network/publicIPAddresses/write",
          "Microsoft.Network/trafficManagerProfiles/externalEndpoints/read",
          "Microsoft.Network/trafficManagerProfiles/externalEndpoints/write",
          "Microsoft.Network/trafficManagerProfiles/read",
          "Microsoft.Network/trafficManagerProfiles/write",
          "Microsoft.ProviderHub/providerRegistrations/customRollouts/read",
          "Microsoft.ProviderHub/providerRegistrations/customRollouts/write",
          "Microsoft.ProviderHub/providerRegistrations/resourceTypeRegistrations/read",
          "Microsoft.ProviderHub/providerRegistrations/resourceTypeRegistrations/write",
          "Microsoft.Resources/deployments/operationStatuses/read",
          "Microsoft.Resources/deployments/read",
          "Microsoft.Resources/deployments/write",
          "Microsoft.Resources/subscriptions/read",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Resources/subscriptions/resourceGroups/write",
          "Microsoft.Resources/subscriptions/tagNames/read",
          "Microsoft.Resources/subscriptions/tagNames/write",
          "Microsoft.Resources/subscriptions/tagNames/delete",
          "Microsoft.Resources/subscriptions/tagNames/tagValues/read",
          "Microsoft.Resources/subscriptions/tagNames/tagValues/write",
          "Microsoft.Resources/subscriptions/tagNames/tagValues/delete",
          "Microsoft.Resources/tags/read",
          "Microsoft.Resources/tags/write",
          "Microsoft.SQL/servers/databases/read",
          "Microsoft.SQL/servers/databases/write",
          "Microsoft.SQL/servers/elasticPools/read",
          "Microsoft.SQL/servers/elasticPools/write",
          "Microsoft.SQL/servers/read",
          "Microsoft.SQL/servers/write",
          "Microsoft.Storage/checkNameAvailability/read",
          "Microsoft.Storage/operations/read",
          "Microsoft.Storage/storageAccounts/blobServices/containers/read",
          "Microsoft.Storage/storageAccounts/blobServices/containers/write",
          "Microsoft.Storage/storageAccounts/blobServices/read",
          "Microsoft.Storage/storageAccounts/blobServices/write",
          "Microsoft.Storage/storageAccounts/fileServices/read",
          "Microsoft.Storage/storageAccounts/fileServices/write",
          "Microsoft.Storage/storageAccounts/managementPolicies/read",
          "Microsoft.Storage/storageAccounts/managementPolicies/write",
          "Microsoft.Storage/storageAccounts/privateEndpointConnections/read",
          "Microsoft.Storage/storageAccounts/providers/roleAssignments/read",
          "Microsoft.Storage/storageAccounts/providers/roleAssignments/write",
          "Microsoft.Storage/storageAccounts/queueServices/queues/read",
          "Microsoft.Storage/storageAccounts/queueServices/queues/write",
          "Microsoft.Storage/storageAccounts/queueServices/read",
          "Microsoft.Storage/storageAccounts/queueServices/write",
          "Microsoft.Storage/storageAccounts/read",
          "Microsoft.Storage/storageAccounts/tableServices/tables/read",
          "Microsoft.Storage/storageAccounts/tableServices/tables/write",
          "Microsoft.Storage/storageAccounts/tableServices/read",
          "Microsoft.Storage/storageAccounts/tableServices/write",
          "Microsoft.Storage/storageAccounts/write",
          "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/operationResults/read",
          "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/operationResults/read",
          "Microsoft.Network/networkSecurityPerimeters/profiles/write",
          "Microsoft.Network/networkSecurityPerimeters/write",
          "Microsoft.Insights/actionGroups/read",
          "Microsoft.Insights/actionGroups/write",
          "Microsoft.Storage/storageAccounts/fileServices/shares/read",
          "Microsoft.Storage/storageAccounts/fileServices/shares/write",
          "Microsoft.Network/networkSecurityPerimeters/resourceAssociations/read",
          "Microsoft.Network/networkSecurityPerimeters/resourceAssociations/write"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      }
    ],
    "createdOn": "2024-10-10T15:41:09.543Z",
    "updatedOn": "2025-08-13T15:27:49.075Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/c840cbbc-8508-4228-b700-ec6522a74314",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "c840cbbc-8508-4228-b700-ec6522a74314"
}

Latest Role JSON

Raw definition from Azure

{
  "properties": {
    "roleName": "Foundational RP Contributor",
    "type": "BuiltInRole",
    "description": "Role for FRP customers to provision ARM resource types",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Authorization/locks/read",
          "Microsoft.Authorization/locks/write",
          "Microsoft.Authorization/roleAssignments/read",
          "Microsoft.Authorization/roleAssignments/write",
          "Microsoft.Cache/redis/read",
          "Microsoft.Cache/redis/write",
          "Microsoft.Compute/virtualMachines/read",
          "Microsoft.Compute/virtualMachines/write",
          "Microsoft.DocumentDB/databaseAccounts/read",
          "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/read",
          "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/write",
          "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/read",
          "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/storedProcedures/read",
          "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/storedProcedures/write",
          "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/throughputSettings/read",
          "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/throughputSettings/write",
          "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/write",
          "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/read",
          "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/write",
          "Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/write",
          "Microsoft.DocumentDB/databaseAccounts/tables/operationResults/read",
          "Microsoft.DocumentDB/databaseAccounts/tables/read",
          "Microsoft.DocumentDB/databaseAccounts/tables/write",
          "Microsoft.DocumentDB/databaseAccounts/write",
          "Microsoft.EventGrid/eventSubscriptions/read",
          "Microsoft.EventGrid/eventSubscriptions/write",
          "Microsoft.EventGrid/topics/read",
          "Microsoft.EventGrid/topics/write",
          "Microsoft.EventHub/namespaces/authorizationRules/read",
          "Microsoft.EventHub/namespaces/authorizationRules/write",
          "Microsoft.EventHub/namespaces/eventHubs/consumerGroups/read",
          "Microsoft.EventHub/namespaces/eventHubs/consumerGroups/write",
          "Microsoft.EventHub/namespaces/eventHubs/read",
          "Microsoft.EventHub/namespaces/eventHubs/write",
          "Microsoft.EventHub/namespaces/networkRuleSets/read",
          "Microsoft.EventHub/namespaces/networkRuleSets/write",
          "Microsoft.EventHub/namespaces/read",
          "Microsoft.EventHub/namespaces/write",
          "Microsoft.Insights/diagnosticSettings/read",
          "Microsoft.Insights/diagnosticSettings/write",
          "Microsoft.Insights/metricAlerts/read",
          "Microsoft.Insights/metricAlerts/write",
          "Microsoft.KeyVault/vaults/keys/read",
          "Microsoft.KeyVault/vaults/keys/write",
          "Microsoft.KeyVault/vaults/read",
          "Microsoft.KeyVault/vaults/secrets/read",
          "Microsoft.KeyVault/vaults/secrets/write",
          "Microsoft.KeyVault/vaults/write",
          "Microsoft.Kusto/clusters/databases/read",
          "Microsoft.Kusto/clusters/databases/write",
          "Microsoft.Kusto/clusters/dataConnections/read",
          "Microsoft.Kusto/clusters/dataConnections/write",
          "Microsoft.Kusto/clusters/read",
          "Microsoft.Kusto/clusters/write",
          "Microsoft.ManagedIdentity/userAssignedIdentities/read",
          "Microsoft.ManagedIdentity/userAssignedIdentities/write",
          "Microsoft.Network/dnsZones/A/read",
          "Microsoft.Network/dnsZones/A/write",
          "Microsoft.Network/dnsZones/CNAME/read",
          "Microsoft.Network/dnsZones/CNAME/write",
          "Microsoft.Network/dnsZones/NS/write",
          "Microsoft.Network/dnsZones/ptr/read",
          "Microsoft.Network/dnsZones/ptr/write",
          "Microsoft.Network/dnsZones/read",
          "Microsoft.Network/dnsZones/SRV/read",
          "Microsoft.Network/dnsZones/SRV/write",
          "Microsoft.Network/dnsZones/write",
          "Microsoft.Network/privateDnsZones/CNAME/read",
          "Microsoft.Network/privateDnsZones/CNAME/write",
          "Microsoft.Network/publicIPAddresses/read",
          "Microsoft.Network/publicIPAddresses/write",
          "Microsoft.Network/trafficManagerProfiles/externalEndpoints/read",
          "Microsoft.Network/trafficManagerProfiles/externalEndpoints/write",
          "Microsoft.Network/trafficManagerProfiles/read",
          "Microsoft.Network/trafficManagerProfiles/write",
          "Microsoft.ProviderHub/providerRegistrations/customRollouts/read",
          "Microsoft.ProviderHub/providerRegistrations/customRollouts/write",
          "Microsoft.ProviderHub/providerRegistrations/resourceTypeRegistrations/read",
          "Microsoft.ProviderHub/providerRegistrations/resourceTypeRegistrations/write",
          "Microsoft.Resources/deployments/operationStatuses/read",
          "Microsoft.Resources/deployments/read",
          "Microsoft.Resources/deployments/write",
          "Microsoft.Resources/subscriptions/read",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Resources/subscriptions/resourceGroups/write",
          "Microsoft.Resources/subscriptions/tagNames/read",
          "Microsoft.Resources/subscriptions/tagNames/write",
          "Microsoft.Resources/subscriptions/tagNames/delete",
          "Microsoft.Resources/subscriptions/tagNames/tagValues/read",
          "Microsoft.Resources/subscriptions/tagNames/tagValues/write",
          "Microsoft.Resources/subscriptions/tagNames/tagValues/delete",
          "Microsoft.Resources/tags/read",
          "Microsoft.Resources/tags/write",
          "Microsoft.SQL/servers/databases/read",
          "Microsoft.SQL/servers/databases/write",
          "Microsoft.SQL/servers/elasticPools/read",
          "Microsoft.SQL/servers/elasticPools/write",
          "Microsoft.SQL/servers/read",
          "Microsoft.SQL/servers/write",
          "Microsoft.Storage/checkNameAvailability/read",
          "Microsoft.Storage/operations/read",
          "Microsoft.Storage/storageAccounts/blobServices/containers/read",
          "Microsoft.Storage/storageAccounts/blobServices/containers/write",
          "Microsoft.Storage/storageAccounts/blobServices/read",
          "Microsoft.Storage/storageAccounts/blobServices/write",
          "Microsoft.Storage/storageAccounts/fileServices/read",
          "Microsoft.Storage/storageAccounts/fileServices/write",
          "Microsoft.Storage/storageAccounts/managementPolicies/read",
          "Microsoft.Storage/storageAccounts/managementPolicies/write",
          "Microsoft.Storage/storageAccounts/privateEndpointConnections/read",
          "Microsoft.Storage/storageAccounts/providers/roleAssignments/read",
          "Microsoft.Storage/storageAccounts/providers/roleAssignments/write",
          "Microsoft.Storage/storageAccounts/queueServices/queues/read",
          "Microsoft.Storage/storageAccounts/queueServices/queues/write",
          "Microsoft.Storage/storageAccounts/queueServices/read",
          "Microsoft.Storage/storageAccounts/queueServices/write",
          "Microsoft.Storage/storageAccounts/read",
          "Microsoft.Storage/storageAccounts/tableServices/tables/read",
          "Microsoft.Storage/storageAccounts/tableServices/tables/write",
          "Microsoft.Storage/storageAccounts/tableServices/read",
          "Microsoft.Storage/storageAccounts/tableServices/write",
          "Microsoft.Storage/storageAccounts/write",
          "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/operationResults/read",
          "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/operationResults/read",
          "Microsoft.Network/networkSecurityPerimeters/profiles/write",
          "Microsoft.Network/networkSecurityPerimeters/write",
          "Microsoft.Insights/actionGroups/read",
          "Microsoft.Insights/actionGroups/write",
          "Microsoft.Storage/storageAccounts/fileServices/shares/read",
          "Microsoft.Storage/storageAccounts/fileServices/shares/write",
          "Microsoft.Network/networkSecurityPerimeters/resourceAssociations/read",
          "Microsoft.Network/networkSecurityPerimeters/resourceAssociations/write"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      }
    ],
    "createdOn": "2024-10-10T15:41:09.543Z",
    "updatedOn": "2025-08-13T15:27:49.075Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/c840cbbc-8508-4228-b700-ec6522a74314",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "c840cbbc-8508-4228-b700-ec6522a74314"
}

Effective Permissions

Operations granted by this role (88 total)

Control Plane Operations (88)

Data Plane Operations (0)

No data plane operations granted