Role Information
Details and metadata
d715fb95-a0f0-4f1c-8be6-5ad2d2767f67
Change History
Track all modifications to this role
Updated On
Event Type
Summary & Details
2025-02-17 16:06:34
Initial Scan
Show full JSON
{
"properties": {
"roleName": "AVS Orchestrator Role",
"type": "BuiltInRole",
"description": "Do not remove this role from your resource group because it is critical to enable your AVS private cloud to operate. If the role is removed, it will cause your AVS private cloud control plane to no longer operate correctly. The role is used to enable the AVS private cloud control plane to create the supporting resources in the resource group of the private clouds attached virtual network and bind them to the attached virtual network. This role is not intended for use cases outside of assignment to the associated AVS identity in your entra-id tenant.",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Resources/subscriptions/resourcegroups/read",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/deployments/operationStatuses/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/delete",
"Microsoft.Resources/deployments/read",
"Microsoft.Network/virtualHubs/delete",
"Microsoft.Network/publicIPAddresses/delete",
"Microsoft.Network/networkInterfaces/delete",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/networkInterfaces/join/action",
"Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/delete",
"Microsoft.Network/virtualNetworks/subnets/delete",
"Microsoft.Network/networkIntentPolicies/read",
"Microsoft.Network/networkIntentPolicies/delete",
"Microsoft.Network/networkIntentPolicies/write",
"Microsoft.Network/networkSecurityGroups/delete",
"Microsoft.Network/networkSecurityGroups/write",
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Network/networkSecurityGroups/securityRules/read",
"Microsoft.Network/networkSecurityGroups/securityRules/write",
"Microsoft.Network/networkSecurityGroups/securityRules/delete",
"Microsoft.Network/virtualNetworks/subnets/write",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/write",
"Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/read",
"Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/delete",
"Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action",
"Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action",
"Microsoft.Network/virtualHubs/write",
"Microsoft.Network/publicIPAddresses/write",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualHubs/ipConfigurations/write",
"Microsoft.Network/networkSecurityGroups/securityRules/read",
"Microsoft.Network/virtualHubs/ipConfigurations/read",
"Microsoft.Network/virtualHubs/bgpConnections/write",
"Microsoft.Network/virtualHubs/bgpConnections/read",
"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write",
"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read",
"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete",
"Microsoft.Network/virtualNetworks/peer/action",
"Microsoft.Network/locations/operations/read",
"Microsoft.Network/locations/operationResults/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/write",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/routeTables/read",
"Microsoft.Network/routeTables/write",
"Microsoft.Network/routeTables/delete",
"Microsoft.Network/routeTables/join/action",
"Microsoft.Network/routeTables/routes/read",
"Microsoft.Network/routeTables/routes/write",
"Microsoft.Network/routeTables/routes/delete",
"Microsoft.Network/virtualNetworks/join/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
},
{
"actions": [
"Microsoft.Authorization/roleAssignments/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"Condition": "(!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{d715fb95a0f04f1c8be65ad2d2767f67, 4d97b98b1d4f4787a291c67834d212e7, 49fc33c1886f4b21a00e1d9993234734}",
"ConditionVersion": "2.0"
}
],
"createdOn": "2024-08-29T15:27:16.58Z",
"updatedOn": "2025-02-17T16:06:34.702Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/d715fb95-a0f0-4f1c-8be6-5ad2d2767f67",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "d715fb95-a0f0-4f1c-8be6-5ad2d2767f67"
}
2025-02-17 16:06:34
Initial Scan
View details
{
"properties": {
"roleName": "AVS Orchestrator Role",
"type": "BuiltInRole",
"description": "Do not remove this role from your resource group because it is critical to enable your AVS private cloud to operate. If the role is removed, it will cause your AVS private cloud control plane to no longer operate correctly. The role is used to enable the AVS private cloud control plane to create the supporting resources in the resource group of the private clouds attached virtual network and bind them to the attached virtual network. This role is not intended for use cases outside of assignment to the associated AVS identity in your entra-id tenant.",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Resources/subscriptions/resourcegroups/read",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/deployments/operationStatuses/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/delete",
"Microsoft.Resources/deployments/read",
"Microsoft.Network/virtualHubs/delete",
"Microsoft.Network/publicIPAddresses/delete",
"Microsoft.Network/networkInterfaces/delete",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/networkInterfaces/join/action",
"Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/delete",
"Microsoft.Network/virtualNetworks/subnets/delete",
"Microsoft.Network/networkIntentPolicies/read",
"Microsoft.Network/networkIntentPolicies/delete",
"Microsoft.Network/networkIntentPolicies/write",
"Microsoft.Network/networkSecurityGroups/delete",
"Microsoft.Network/networkSecurityGroups/write",
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Network/networkSecurityGroups/securityRules/read",
"Microsoft.Network/networkSecurityGroups/securityRules/write",
"Microsoft.Network/networkSecurityGroups/securityRules/delete",
"Microsoft.Network/virtualNetworks/subnets/write",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/write",
"Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/read",
"Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/delete",
"Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action",
"Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action",
"Microsoft.Network/virtualHubs/write",
"Microsoft.Network/publicIPAddresses/write",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualHubs/ipConfigurations/write",
"Microsoft.Network/networkSecurityGroups/securityRules/read",
"Microsoft.Network/virtualHubs/ipConfigurations/read",
"Microsoft.Network/virtualHubs/bgpConnections/write",
"Microsoft.Network/virtualHubs/bgpConnections/read",
"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write",
"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read",
"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete",
"Microsoft.Network/virtualNetworks/peer/action",
"Microsoft.Network/locations/operations/read",
"Microsoft.Network/locations/operationResults/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/write",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/routeTables/read",
"Microsoft.Network/routeTables/write",
"Microsoft.Network/routeTables/delete",
"Microsoft.Network/routeTables/join/action",
"Microsoft.Network/routeTables/routes/read",
"Microsoft.Network/routeTables/routes/write",
"Microsoft.Network/routeTables/routes/delete",
"Microsoft.Network/virtualNetworks/join/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
},
{
"actions": [
"Microsoft.Authorization/roleAssignments/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"Condition": "(!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{d715fb95a0f04f1c8be65ad2d2767f67, 4d97b98b1d4f4787a291c67834d212e7, 49fc33c1886f4b21a00e1d9993234734}",
"ConditionVersion": "2.0"
}
],
"createdOn": "2024-08-29T15:27:16.58Z",
"updatedOn": "2025-02-17T16:06:34.702Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/d715fb95-a0f0-4f1c-8be6-5ad2d2767f67",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "d715fb95-a0f0-4f1c-8be6-5ad2d2767f67"
}
Latest Role JSON
Raw definition from Azure
{
"properties": {
"roleName": "AVS Orchestrator Role",
"type": "BuiltInRole",
"description": "Do not remove this role from your resource group because it is critical to enable your AVS private cloud to operate. If the role is removed, it will cause your AVS private cloud control plane to no longer operate correctly. The role is used to enable the AVS private cloud control plane to create the supporting resources in the resource group of the private clouds attached virtual network and bind them to the attached virtual network. This role is not intended for use cases outside of assignment to the associated AVS identity in your entra-id tenant.",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Resources/subscriptions/resourcegroups/read",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/deployments/operationStatuses/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/delete",
"Microsoft.Resources/deployments/read",
"Microsoft.Network/virtualHubs/delete",
"Microsoft.Network/publicIPAddresses/delete",
"Microsoft.Network/networkInterfaces/delete",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/networkInterfaces/join/action",
"Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/delete",
"Microsoft.Network/virtualNetworks/subnets/delete",
"Microsoft.Network/networkIntentPolicies/read",
"Microsoft.Network/networkIntentPolicies/delete",
"Microsoft.Network/networkIntentPolicies/write",
"Microsoft.Network/networkSecurityGroups/delete",
"Microsoft.Network/networkSecurityGroups/write",
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Network/networkSecurityGroups/securityRules/read",
"Microsoft.Network/networkSecurityGroups/securityRules/write",
"Microsoft.Network/networkSecurityGroups/securityRules/delete",
"Microsoft.Network/virtualNetworks/subnets/write",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/write",
"Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/read",
"Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/delete",
"Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action",
"Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action",
"Microsoft.Network/virtualHubs/write",
"Microsoft.Network/publicIPAddresses/write",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualHubs/ipConfigurations/write",
"Microsoft.Network/networkSecurityGroups/securityRules/read",
"Microsoft.Network/virtualHubs/ipConfigurations/read",
"Microsoft.Network/virtualHubs/bgpConnections/write",
"Microsoft.Network/virtualHubs/bgpConnections/read",
"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write",
"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read",
"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete",
"Microsoft.Network/virtualNetworks/peer/action",
"Microsoft.Network/locations/operations/read",
"Microsoft.Network/locations/operationResults/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/write",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/routeTables/read",
"Microsoft.Network/routeTables/write",
"Microsoft.Network/routeTables/delete",
"Microsoft.Network/routeTables/join/action",
"Microsoft.Network/routeTables/routes/read",
"Microsoft.Network/routeTables/routes/write",
"Microsoft.Network/routeTables/routes/delete",
"Microsoft.Network/virtualNetworks/join/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
},
{
"actions": [
"Microsoft.Authorization/roleAssignments/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"Condition": "(!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{d715fb95a0f04f1c8be65ad2d2767f67, 4d97b98b1d4f4787a291c67834d212e7, 49fc33c1886f4b21a00e1d9993234734}",
"ConditionVersion": "2.0"
}
],
"createdOn": "2024-08-29T15:27:16.58Z",
"updatedOn": "2025-02-17T16:06:34.702Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/d715fb95-a0f0-4f1c-8be6-5ad2d2767f67",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "d715fb95-a0f0-4f1c-8be6-5ad2d2767f67"
}
Effective Permissions
Operations granted by this role (54 total)
Conditional Permissions
This role has conditions that may restrict effective permissions based on context (e.g., resource attributes, request properties).
Control Plane Operations (54)
No matching operations
/ shown
Data Plane Operations (0)
No data plane operations granted