Back to Dashboard

Azure Connected Machine Resource Manager

Azure Built-in Role

Role Information

Details and metadata

Role ID
f5819b54-e033-4d82-ac66-4fec3cbf3f4c
Type
BuiltInRole
Last Updated (Azure)
2024-08-28 15:23:35

Change History

Track all modifications to this role

2024-08-28 15:23:35 Initial Scan
View details 
{
  "properties": {
    "roleName": "Azure Connected Machine Resource Manager",
    "type": "BuiltInRole",
    "description": "Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Authorization/*/read",
          "Microsoft.GuestConfiguration/guestConfigurationAssignments/*/read",
          "Microsoft.GuestConfiguration/guestConfigurationAssignments/read",
          "Microsoft.GuestConfiguration/guestConfigurationAssignments/write",
          "Microsoft.HybridCompute/machines/read",
          "Microsoft.HybridCompute/machines/extensions/read",
          "Microsoft.HybridCompute/*/read",
          "Microsoft.HybridCompute/machines/delete",
          "Microsoft.HybridCompute/machines/extensions/delete",
          "Microsoft.HybridCompute/machines/extensions/write",
          "Microsoft.HybridCompute/machines/licenseProfiles/delete",
          "Microsoft.HybridCompute/machines/licenseProfiles/read",
          "Microsoft.HybridCompute/machines/licenseProfiles/write",
          "Microsoft.HybridCompute/machines/UpgradeExtensions/action",
          "Microsoft.HybridCompute/machines/write",
          "Microsoft.HybridConnectivity/endpoints/read",
          "Microsoft.HybridConnectivity/endpoints/serviceConfigurations/read",
          "Microsoft.HybridConnectivity/endpoints/serviceConfigurations/write",
          "Microsoft.HybridConnectivity/endpoints/write",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.EdgeMarketplace/locations/operationStatuses/read",
          "Microsoft.EdgeMarketPlace/offers/getAccessToken/action",
          "Microsoft.EdgeMarketPlace/offers/generateAccessToken/action",
          "Microsoft.EdgeMarketplace/publishers/read",
          "Microsoft.EdgeMarketplace/offers/read",
          "Microsoft.ExtendedLocation/customLocations/read",
          "Microsoft.Attestation/attestationProviders/write",
          "Microsoft.Attestation/attestationProviders/read",
          "Microsoft.Attestation/attestationProviders/delete",
          "Microsoft.Attestation/attestationProviders/attestation/read",
          "Microsoft.Attestation/attestationProviders/attestation/write",
          "Microsoft.Attestation/attestationProviders/attestation/delete"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      }
    ],
    "createdOn": "2022-11-15T16:12:11.408Z",
    "updatedOn": "2024-08-28T15:23:35.899Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/f5819b54-e033-4d82-ac66-4fec3cbf3f4c",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "f5819b54-e033-4d82-ac66-4fec3cbf3f4c"
}

Latest Role JSON

Raw definition from Azure

{
  "properties": {
    "roleName": "Azure Connected Machine Resource Manager",
    "type": "BuiltInRole",
    "description": "Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Authorization/*/read",
          "Microsoft.GuestConfiguration/guestConfigurationAssignments/*/read",
          "Microsoft.GuestConfiguration/guestConfigurationAssignments/read",
          "Microsoft.GuestConfiguration/guestConfigurationAssignments/write",
          "Microsoft.HybridCompute/machines/read",
          "Microsoft.HybridCompute/machines/extensions/read",
          "Microsoft.HybridCompute/*/read",
          "Microsoft.HybridCompute/machines/delete",
          "Microsoft.HybridCompute/machines/extensions/delete",
          "Microsoft.HybridCompute/machines/extensions/write",
          "Microsoft.HybridCompute/machines/licenseProfiles/delete",
          "Microsoft.HybridCompute/machines/licenseProfiles/read",
          "Microsoft.HybridCompute/machines/licenseProfiles/write",
          "Microsoft.HybridCompute/machines/UpgradeExtensions/action",
          "Microsoft.HybridCompute/machines/write",
          "Microsoft.HybridConnectivity/endpoints/read",
          "Microsoft.HybridConnectivity/endpoints/serviceConfigurations/read",
          "Microsoft.HybridConnectivity/endpoints/serviceConfigurations/write",
          "Microsoft.HybridConnectivity/endpoints/write",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.EdgeMarketplace/locations/operationStatuses/read",
          "Microsoft.EdgeMarketPlace/offers/getAccessToken/action",
          "Microsoft.EdgeMarketPlace/offers/generateAccessToken/action",
          "Microsoft.EdgeMarketplace/publishers/read",
          "Microsoft.EdgeMarketplace/offers/read",
          "Microsoft.ExtendedLocation/customLocations/read",
          "Microsoft.Attestation/attestationProviders/write",
          "Microsoft.Attestation/attestationProviders/read",
          "Microsoft.Attestation/attestationProviders/delete",
          "Microsoft.Attestation/attestationProviders/attestation/read",
          "Microsoft.Attestation/attestationProviders/attestation/write",
          "Microsoft.Attestation/attestationProviders/attestation/delete"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      }
    ],
    "createdOn": "2022-11-15T16:12:11.408Z",
    "updatedOn": "2024-08-28T15:23:35.899Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/f5819b54-e033-4d82-ac66-4fec3cbf3f4c",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "f5819b54-e033-4d82-ac66-4fec3cbf3f4c"
}

Effective Permissions

Operations granted by this role (83 total)

Permission Patterns (from role definition)

Actions 32 patterns
Microsoft.Authorization/*/read Microsoft.GuestConfiguration/guestConfigurationAssignments/*/read Microsoft.GuestConfiguration/guestConfigurationAssignments/read Microsoft.GuestConfiguration/guestConfigurationAssignments/write Microsoft.HybridCompute/machines/read Microsoft.HybridCompute/machines/extensions/read Microsoft.HybridCompute/*/read Microsoft.HybridCompute/machines/delete Microsoft.HybridCompute/machines/extensions/delete Microsoft.HybridCompute/machines/extensions/write Microsoft.HybridCompute/machines/licenseProfiles/delete Microsoft.HybridCompute/machines/licenseProfiles/read Microsoft.HybridCompute/machines/licenseProfiles/write Microsoft.HybridCompute/machines/UpgradeExtensions/action Microsoft.HybridCompute/machines/write Microsoft.HybridConnectivity/endpoints/read Microsoft.HybridConnectivity/endpoints/serviceConfigurations/read Microsoft.HybridConnectivity/endpoints/serviceConfigurations/write Microsoft.HybridConnectivity/endpoints/write Microsoft.Resources/subscriptions/resourceGroups/read Microsoft.EdgeMarketplace/locations/operationStatuses/read Microsoft.EdgeMarketPlace/offers/getAccessToken/action Microsoft.EdgeMarketPlace/offers/generateAccessToken/action Microsoft.EdgeMarketplace/publishers/read Microsoft.EdgeMarketplace/offers/read Microsoft.ExtendedLocation/customLocations/read Microsoft.Attestation/attestationProviders/write Microsoft.Attestation/attestationProviders/read Microsoft.Attestation/attestationProviders/delete Microsoft.Attestation/attestationProviders/attestation/read Microsoft.Attestation/attestationProviders/attestation/write Microsoft.Attestation/attestationProviders/attestation/delete

Control Plane Operations (83)

Data Plane Operations (0)

No data plane operations granted