Back to Operation

Azure AI Account Owner

Azure Built-in Role

Role Information

Details and metadata

Role ID
e47c6f54-e4a2-4754-9501-8e0985b135e1
Type
BuiltInRole
Last Updated (Azure)
2025-05-05 15:00:32

Change History

Track all modifications to this role since 2025-12-15 01:08:16+00:00

2025-05-05 15:00:32 Created
View details
+ {
+ "properties": {
+ "roleName": "Azure AI Account Owner",
+ "type": "BuiltInRole",
+ "description": "Grants full access to manage AI projects and accounts. Grants conditional assignment of the Azure AI User role to other user principles.",
+ "assignableScopes": [
+ "/"
+ ],
+ "permissions": [
+ {
+ "actions": [
+ "Microsoft.Authorization/*/read",
+ "Microsoft.Authorization/roleAssignments/write",
+ "Microsoft.Authorization/roleAssignments/delete",
+ "Microsoft.CognitiveServices/*",
+ "Microsoft.Features/features/read",
+ "Microsoft.Features/providers/features/read",
+ "Microsoft.Features/providers/features/register/action",
+ "Microsoft.Insights/alertRules/*",
+ "Microsoft.Insights/diagnosticSettings/*",
+ "Microsoft.Insights/logDefinitions/read",
+ "Microsoft.Insights/metricdefinitions/read",
+ "Microsoft.Insights/metrics/read",
+ "Microsoft.ResourceHealth/availabilityStatuses/read",
+ "Microsoft.Resources/deployments/*",
+ "Microsoft.Resources/deployments/operations/read",
+ "Microsoft.Resources/subscriptions/operationresults/read",
+ "Microsoft.Resources/subscriptions/read",
+ "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
+ "Microsoft.Resources/subscriptions/resourceGroups/read",
+ "Microsoft.Support/*"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": [],
+ "Condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{53ca6127-db72-4b80-b1b0-d745d6d5456d})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{53ca6127-db72-4b80-b1b0-d745d6d5456d}))",
+ "ConditionVersion": "2.0"
+ }
+ ],
+ "createdOn": "2025-05-05T15:00:32.606Z",
+ "updatedOn": "2025-05-05T15:00:32.606Z",
+ "createdBy": null,
+ "updatedBy": null
+ },
+ "id": "/providers/Microsoft.Authorization/roleDefinitions/e47c6f54-e4a2-4754-9501-8e0985b135e1",
+ "type": "Microsoft.Authorization/roleDefinitions",
+ "name": "e47c6f54-e4a2-4754-9501-8e0985b135e1"
+ }

Latest Role JSON

Raw definition from Azure

{
  "properties": {
    "roleName": "Azure AI Account Owner",
    "type": "BuiltInRole",
    "description": "Grants full access to manage AI projects and accounts. Grants conditional assignment of the Azure AI User role to other user principles.",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Authorization/*/read",
          "Microsoft.Authorization/roleAssignments/write",
          "Microsoft.Authorization/roleAssignments/delete",
          "Microsoft.CognitiveServices/*",
          "Microsoft.Features/features/read",
          "Microsoft.Features/providers/features/read",
          "Microsoft.Features/providers/features/register/action",
          "Microsoft.Insights/alertRules/*",
          "Microsoft.Insights/diagnosticSettings/*",
          "Microsoft.Insights/logDefinitions/read",
          "Microsoft.Insights/metricdefinitions/read",
          "Microsoft.Insights/metrics/read",
          "Microsoft.ResourceHealth/availabilityStatuses/read",
          "Microsoft.Resources/deployments/*",
          "Microsoft.Resources/deployments/operations/read",
          "Microsoft.Resources/subscriptions/operationresults/read",
          "Microsoft.Resources/subscriptions/read",
          "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Support/*"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": [],
        "Condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{53ca6127-db72-4b80-b1b0-d745d6d5456d})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{53ca6127-db72-4b80-b1b0-d745d6d5456d}))",
        "ConditionVersion": "2.0"
      }
    ],
    "createdOn": "2025-05-05T15:00:32.606Z",
    "updatedOn": "2025-05-05T15:00:32.606Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/e47c6f54-e4a2-4754-9501-8e0985b135e1",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "e47c6f54-e4a2-4754-9501-8e0985b135e1"
}

Effective Permissions

Operations granted by this role (205 total)

Conditional Permissions

This role has conditions that may restrict effective permissions based on context (e.g., resource attributes, request properties).

Permission Patterns (from role definition)

Actions 20 patterns
Microsoft.Authorization/*/read Microsoft.Authorization/roleAssignments/write Microsoft.Authorization/roleAssignments/delete Microsoft.CognitiveServices/* Microsoft.Features/features/read Microsoft.Features/providers/features/read Microsoft.Features/providers/features/register/action Microsoft.Insights/alertRules/* Microsoft.Insights/diagnosticSettings/* Microsoft.Insights/logDefinitions/read Microsoft.Insights/metricdefinitions/read Microsoft.Insights/metrics/read Microsoft.ResourceHealth/availabilityStatuses/read Microsoft.Resources/deployments/* Microsoft.Resources/deployments/operations/read Microsoft.Resources/subscriptions/operationresults/read Microsoft.Resources/subscriptions/read Microsoft.Resources/subscriptions/resourcegroups/deployments/* Microsoft.Resources/subscriptions/resourceGroups/read Microsoft.Support/*

Control Plane Operations (205)

Data Plane Operations (0)

No data plane operations granted