Back to Operation

Container Registry Tasks Contributor

Azure Built-in Role

Role Information

Details and metadata

Role ID
fb382eab-e894-4461-af04-94435c366c3f
Type
BuiltInRole
Last Updated (Azure)
2025-01-14 16:18:32

Change History

Track all modifications to this role since 2025-12-15 01:08:16+00:00

2025-01-14 16:18:32 Created
View details
+ {
+ "properties": {
+ "roleName": "Container Registry Tasks Contributor",
+ "type": "BuiltInRole",
+ "description": "Provides permissions to configure, read, list, trigger, or cancel Container Registry Tasks, Task Runs, Task Logs, Quick Runs, Quick Builds, and Task Agent Pools. Permissions granted for Tasks management can be used for full registry data plane permissions including reading/writing/deleting container images in registries. Permissions granted for Tasks management can also be used to run customer authored build directives and run scripts to build software artifacts.",
+ "assignableScopes": [
+ "/"
+ ],
+ "permissions": [
+ {
+ "actions": [
+ "Microsoft.ContainerRegistry/registries/agentpools/read",
+ "Microsoft.ContainerRegistry/registries/agentpools/write",
+ "Microsoft.ContainerRegistry/registries/agentpools/delete",
+ "Microsoft.ContainerRegistry/registries/agentpools/listQueueStatus/action",
+ "Microsoft.ContainerRegistry/registries/agentpools/operationResults/status/read",
+ "Microsoft.ContainerRegistry/registries/agentpools/operationStatuses/read",
+ "Microsoft.ContainerRegistry/registries/tasks/read",
+ "Microsoft.ContainerRegistry/registries/tasks/write",
+ "Microsoft.ContainerRegistry/registries/tasks/delete",
+ "Microsoft.ContainerRegistry/registries/tasks/listDetails/action",
+ "Microsoft.ContainerRegistry/registries/scheduleRun/action",
+ "Microsoft.ContainerRegistry/registries/listBuildSourceUploadUrl/action",
+ "Microsoft.ContainerRegistry/registries/runs/read",
+ "Microsoft.ContainerRegistry/registries/runs/write",
+ "Microsoft.ContainerRegistry/registries/runs/listLogSasUrl/action",
+ "Microsoft.ContainerRegistry/registries/runs/cancel/action",
+ "Microsoft.ContainerRegistry/registries/taskruns/read",
+ "Microsoft.ContainerRegistry/registries/taskruns/write",
+ "Microsoft.ContainerRegistry/registries/taskruns/delete",
+ "Microsoft.ContainerRegistry/registries/taskruns/listDetails/action",
+ "Microsoft.ContainerRegistry/registries/taskruns/operationStatuses/read",
+ "Microsoft.Resources/deployments/*",
+ "Microsoft.Resources/subscriptions/resourceGroups/read",
+ "Microsoft.ContainerRegistry/registries/read"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": []
+ }
+ ],
+ "createdOn": "2025-01-14T16:18:32.894Z",
+ "updatedOn": "2025-01-14T16:18:32.894Z",
+ "createdBy": null,
+ "updatedBy": null
+ },
+ "id": "/providers/Microsoft.Authorization/roleDefinitions/fb382eab-e894-4461-af04-94435c366c3f",
+ "type": "Microsoft.Authorization/roleDefinitions",
+ "name": "fb382eab-e894-4461-af04-94435c366c3f"
+ }

Latest Role JSON

Raw definition from Azure

{
  "properties": {
    "roleName": "Container Registry Tasks Contributor",
    "type": "BuiltInRole",
    "description": "Provides permissions to configure, read, list, trigger, or cancel Container Registry Tasks, Task Runs, Task Logs, Quick Runs, Quick Builds, and Task Agent Pools. Permissions granted for Tasks management can be used for full registry data plane permissions including reading/writing/deleting container images in registries. Permissions granted for Tasks management can also be used to run customer authored build directives and run scripts to build software artifacts.",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.ContainerRegistry/registries/agentpools/read",
          "Microsoft.ContainerRegistry/registries/agentpools/write",
          "Microsoft.ContainerRegistry/registries/agentpools/delete",
          "Microsoft.ContainerRegistry/registries/agentpools/listQueueStatus/action",
          "Microsoft.ContainerRegistry/registries/agentpools/operationResults/status/read",
          "Microsoft.ContainerRegistry/registries/agentpools/operationStatuses/read",
          "Microsoft.ContainerRegistry/registries/tasks/read",
          "Microsoft.ContainerRegistry/registries/tasks/write",
          "Microsoft.ContainerRegistry/registries/tasks/delete",
          "Microsoft.ContainerRegistry/registries/tasks/listDetails/action",
          "Microsoft.ContainerRegistry/registries/scheduleRun/action",
          "Microsoft.ContainerRegistry/registries/listBuildSourceUploadUrl/action",
          "Microsoft.ContainerRegistry/registries/runs/read",
          "Microsoft.ContainerRegistry/registries/runs/write",
          "Microsoft.ContainerRegistry/registries/runs/listLogSasUrl/action",
          "Microsoft.ContainerRegistry/registries/runs/cancel/action",
          "Microsoft.ContainerRegistry/registries/taskruns/read",
          "Microsoft.ContainerRegistry/registries/taskruns/write",
          "Microsoft.ContainerRegistry/registries/taskruns/delete",
          "Microsoft.ContainerRegistry/registries/taskruns/listDetails/action",
          "Microsoft.ContainerRegistry/registries/taskruns/operationStatuses/read",
          "Microsoft.Resources/deployments/*",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.ContainerRegistry/registries/read"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      }
    ],
    "createdOn": "2025-01-14T16:18:32.894Z",
    "updatedOn": "2025-01-14T16:18:32.894Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/fb382eab-e894-4461-af04-94435c366c3f",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "fb382eab-e894-4461-af04-94435c366c3f"
}

Effective Permissions

Operations granted by this role (32 total)

Permission Patterns (from role definition)

Actions 24 patterns
Microsoft.ContainerRegistry/registries/agentpools/read Microsoft.ContainerRegistry/registries/agentpools/write Microsoft.ContainerRegistry/registries/agentpools/delete Microsoft.ContainerRegistry/registries/agentpools/listQueueStatus/action Microsoft.ContainerRegistry/registries/agentpools/operationResults/status/read Microsoft.ContainerRegistry/registries/agentpools/operationStatuses/read Microsoft.ContainerRegistry/registries/tasks/read Microsoft.ContainerRegistry/registries/tasks/write Microsoft.ContainerRegistry/registries/tasks/delete Microsoft.ContainerRegistry/registries/tasks/listDetails/action Microsoft.ContainerRegistry/registries/scheduleRun/action Microsoft.ContainerRegistry/registries/listBuildSourceUploadUrl/action Microsoft.ContainerRegistry/registries/runs/read Microsoft.ContainerRegistry/registries/runs/write Microsoft.ContainerRegistry/registries/runs/listLogSasUrl/action Microsoft.ContainerRegistry/registries/runs/cancel/action Microsoft.ContainerRegistry/registries/taskruns/read Microsoft.ContainerRegistry/registries/taskruns/write Microsoft.ContainerRegistry/registries/taskruns/delete Microsoft.ContainerRegistry/registries/taskruns/listDetails/action Microsoft.ContainerRegistry/registries/taskruns/operationStatuses/read Microsoft.Resources/deployments/* Microsoft.Resources/subscriptions/resourceGroups/read Microsoft.ContainerRegistry/registries/read

Control Plane Operations (32)

Data Plane Operations (0)

No data plane operations granted