Managed Identity Contributor - Azure Built-in Role Definition (e40ec5ca-96e0-45a2-b4ff-59039f2c2b59)

Role Information

Details and metadata

Role ID

e40ec5ca-96e0-45a2-b4ff-59039f2c2b59

Type

BuiltInRole

Last Updated (Azure)

2024-04-02 15:41:08

Change History

Track all modifications to this role since 2025-12-15 01:08:16+00:00

Updated On

Event Type

Summary & Details

2024-04-02 15:41:08

Initial Scan

Show full JSON

{
  "properties": {
    "roleName": "Managed Identity Contributor",
    "type": "BuiltInRole",
    "description": "Create, Read, Update, and Delete User Assigned Identity",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.ManagedIdentity/userAssignedIdentities/read",
          "Microsoft.ManagedIdentity/userAssignedIdentities/write",
          "Microsoft.ManagedIdentity/userAssignedIdentities/delete",
          "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/read",
          "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/write",
          "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/delete",
          "Microsoft.ManagedIdentity/userAssignedIdentities/revokeTokens/action",
          "Microsoft.Authorization/*/read",
          "Microsoft.Insights/alertRules/*",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Resources/deployments/*",
          "Microsoft.Support/*"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      }
    ],
    "createdOn": "2017-12-14T19:53:42.88Z",
    "updatedOn": "2024-04-02T15:41:08.379Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/e40ec5ca-96e0-45a2-b4ff-59039f2c2b59",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "e40ec5ca-96e0-45a2-b4ff-59039f2c2b59"
}

2024-04-02 15:41:08 Initial Scan

View details

{
  "properties": {
    "roleName": "Managed Identity Contributor",
    "type": "BuiltInRole",
    "description": "Create, Read, Update, and Delete User Assigned Identity",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.ManagedIdentity/userAssignedIdentities/read",
          "Microsoft.ManagedIdentity/userAssignedIdentities/write",
          "Microsoft.ManagedIdentity/userAssignedIdentities/delete",
          "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/read",
          "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/write",
          "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/delete",
          "Microsoft.ManagedIdentity/userAssignedIdentities/revokeTokens/action",
          "Microsoft.Authorization/*/read",
          "Microsoft.Insights/alertRules/*",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Resources/deployments/*",
          "Microsoft.Support/*"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      }
    ],
    "createdOn": "2017-12-14T19:53:42.88Z",
    "updatedOn": "2024-04-02T15:41:08.379Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/e40ec5ca-96e0-45a2-b4ff-59039f2c2b59",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "e40ec5ca-96e0-45a2-b4ff-59039f2c2b59"
}

Latest Role JSON

Raw definition from Azure

{
  "properties": {
    "roleName": "Managed Identity Contributor",
    "type": "BuiltInRole",
    "description": "Create, Read, Update, and Delete User Assigned Identity",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.ManagedIdentity/userAssignedIdentities/read",
          "Microsoft.ManagedIdentity/userAssignedIdentities/write",
          "Microsoft.ManagedIdentity/userAssignedIdentities/delete",
          "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/read",
          "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/write",
          "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/delete",
          "Microsoft.ManagedIdentity/userAssignedIdentities/revokeTokens/action",
          "Microsoft.Authorization/*/read",
          "Microsoft.Insights/alertRules/*",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Resources/deployments/*",
          "Microsoft.Support/*"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      }
    ],
    "createdOn": "2017-12-14T19:53:42.88Z",
    "updatedOn": "2024-04-02T15:41:08.379Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/e40ec5ca-96e0-45a2-b4ff-59039f2c2b59",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "e40ec5ca-96e0-45a2-b4ff-59039f2c2b59"
}

Effective Permissions

Operations granted by this role (67 total)

Permission Patterns (from role definition)

Actions 12 patterns

Microsoft.ManagedIdentity/userAssignedIdentities/read Microsoft.ManagedIdentity/userAssignedIdentities/write Microsoft.ManagedIdentity/userAssignedIdentities/delete Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/read Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/write Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/delete Microsoft.ManagedIdentity/userAssignedIdentities/revokeTokens/action Microsoft.Authorization/*/read Microsoft.Insights/alertRules/* Microsoft.Resources/subscriptions/resourceGroups/read Microsoft.Resources/deployments/* Microsoft.Support/*

Control Plane Operations (67)

Data Plane Operations (0)

No data plane operations granted