/** * Do not update manually, this file is generated by following command: * az role definition list --query "[?roleType == \`BuiltInRole\`].{roleDefinitionId:name, roleName:roleName, roleType:roleType, description:description}" */ export const AzureBuiltInRoles = [ { description: "acr push", roleDefinitionId: "8311e382-0749-4cb8-b61a-304f252e45ec", roleName: "AcrPush", roleType: "BuiltInRole", }, { description: "Can manage service and the APIs", roleDefinitionId: "312a565d-c81f-4fd8-895a-4e21e48d571c", roleName: "API Management Service Contributor", roleType: "BuiltInRole", }, { description: "acr pull", roleDefinitionId: "7f951dda-4ed3-4680-a7ca-43fe172d538d", roleName: "AcrPull", roleType: "BuiltInRole", }, { description: "acr image signer", roleDefinitionId: "6cef56e8-d556-48e5-a04f-b8e64114680f", roleName: "AcrImageSigner", roleType: "BuiltInRole", }, { description: "acr delete", roleDefinitionId: "c2f4ef07-c644-48eb-af81-4b1b4947fb11", roleName: "AcrDelete", roleType: "BuiltInRole", }, { description: "acr quarantine data reader", roleDefinitionId: "cdda3590-29a3-44f6-95f2-9f980659eb04", roleName: "AcrQuarantineReader", roleType: "BuiltInRole", }, { description: "acr quarantine data writer", roleDefinitionId: "c8d4ff99-41c3-41a8-9f60-21dfdad59608", roleName: "AcrQuarantineWriter", roleType: "BuiltInRole", }, { description: "Can manage service but not the APIs", roleDefinitionId: "e022efe7-f5ba-4159-bbe4-b44f577e9b61", roleName: "API Management Service Operator Role", roleType: "BuiltInRole", }, { description: "Read-only access to service and APIs", roleDefinitionId: "71522526-b88f-4d52-b57f-d31fc3546d0d", roleName: "API Management Service Reader Role", roleType: "BuiltInRole", }, { description: "Can manage Application Insights components", roleDefinitionId: "ae349356-3a1b-4a5e-921d-050484c6347e", roleName: "Application Insights Component Contributor", roleType: "BuiltInRole", }, { description: "Gives user permission to use Application Insights Snapshot Debugger features", roleDefinitionId: "08954f03-6346-4c2e-81c0-ec3a5cfae23b", roleName: "Application Insights Snapshot Debugger", roleType: "BuiltInRole", }, { description: "Can read the attestation provider properties", roleDefinitionId: "fd1bd22b-8476-40bc-a0bc-69b95687b9f3", roleName: "Attestation Reader", roleType: "BuiltInRole", }, { description: "Create and Manage Jobs using Automation Runbooks.", roleDefinitionId: "4fe576fe-1146-4730-92eb-48519fa6bf9f", roleName: "Automation Job Operator", roleType: "BuiltInRole", }, { description: "Read Runbook properties - to be able to create Jobs of the runbook.", roleDefinitionId: "5fb5aef8-1081-4b8e-bb16-9d5d0385bab5", roleName: "Automation Runbook Operator", roleType: "BuiltInRole", }, { description: "Automation Operators are able to start, stop, suspend, and resume jobs", roleDefinitionId: "d3881f73-407a-4167-8283-e981cbba0404", roleName: "Automation Operator", roleType: "BuiltInRole", }, { description: "Can create and manage an Avere vFXT cluster.", roleDefinitionId: "4f8fab4f-1852-4a58-a46a-8eaf358af14a", roleName: "Avere Contributor", roleType: "BuiltInRole", }, { description: "Used by the Avere vFXT cluster to manage the cluster", roleDefinitionId: "c025889f-8102-4ebf-b32c-fc0c6f0c6bd9", roleName: "Avere Operator", roleType: "BuiltInRole", }, { description: "List cluster admin credential action.", roleDefinitionId: "0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8", roleName: "Azure Kubernetes Service Cluster Admin Role", roleType: "BuiltInRole", }, { description: "List cluster user credential action.", roleDefinitionId: "4abbcc35-e782-43d8-92c5-2d3f1bd2253f", roleName: "Azure Kubernetes Service Cluster User Role", roleType: "BuiltInRole", }, { description: "Grants access to read map related data from an Azure maps account.", roleDefinitionId: "423170ca-a8f6-4b0f-8487-9e4eb8f49bfa", roleName: "Azure Maps Data Reader", roleType: "BuiltInRole", }, { description: "Lets you manage Azure Stack registrations.", roleDefinitionId: "6f12a6df-dd06-4f3e-bcb1-ce8be600526a", roleName: "Azure Stack Registration Owner", roleType: "BuiltInRole", }, { description: "Lets you manage backup service,but can't create vaults and give access to others", roleDefinitionId: "5e467623-bb1f-42f4-a55d-6e525e11384b", roleName: "Backup Contributor", roleType: "BuiltInRole", }, { description: "Allows read access to billing data", roleDefinitionId: "fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64", roleName: "Billing Reader", roleType: "BuiltInRole", }, { description: "Lets you manage backup services, except removal of backup, vault creation and giving access to others", roleDefinitionId: "00c29273-979b-4161-815c-10b084fb9324", roleName: "Backup Operator", roleType: "BuiltInRole", }, { description: "Can view backup services, but can't make changes", roleDefinitionId: "a795c7a0-d4a2-40c1-ae25-d81f01202912", roleName: "Backup Reader", roleType: "BuiltInRole", }, { description: "Allows for access to Blockchain Member nodes", roleDefinitionId: "31a002a1-acaf-453e-8a5b-297c9ca1ea24", roleName: "Blockchain Member Node Access (Preview)", roleType: "BuiltInRole", }, { description: "Lets you manage BizTalk services, but not access to them.", roleDefinitionId: "5e3c6656-6cfa-4708-81fe-0de47ac73342", roleName: "BizTalk Contributor", roleType: "BuiltInRole", }, { description: "Can manage CDN endpoints, but can’t grant access to other users.", roleDefinitionId: "426e0c7f-0c7e-4658-b36f-ff54d6c29b45", roleName: "CDN Endpoint Contributor", roleType: "BuiltInRole", }, { description: "Can view CDN endpoints, but can’t make changes.", roleDefinitionId: "871e35f6-b5c1-49cc-a043-bde969a0f2cd", roleName: "CDN Endpoint Reader", roleType: "BuiltInRole", }, { description: "Can manage CDN profiles and their endpoints, but can’t grant access to other users.", roleDefinitionId: "ec156ff8-a8d1-4d15-830c-5b80698ca432", roleName: "CDN Profile Contributor", roleType: "BuiltInRole", }, { description: "Can view CDN profiles and their endpoints, but can’t make changes.", roleDefinitionId: "8f96442b-4075-438f-813d-ad51ab4019af", roleName: "CDN Profile Reader", roleType: "BuiltInRole", }, { description: "Lets you manage classic networks, but not access to them.", roleDefinitionId: "b34d265f-36f7-4a0d-a4d4-e158ca92e90f", roleName: "Classic Network Contributor", roleType: "BuiltInRole", }, { description: "Lets you manage classic storage accounts, but not access to them.", roleDefinitionId: "86e8f5dc-a6e9-4c67-9d15-de283e8eac25", roleName: "Classic Storage Account Contributor", roleType: "BuiltInRole", }, { description: "Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts", roleDefinitionId: "985d6b00-f706-48f5-a6fe-d0ca12fb668d", roleName: "Classic Storage Account Key Operator Service Role", roleType: "BuiltInRole", }, { description: "Lets you manage ClearDB MySQL databases, but not access to them.", roleDefinitionId: "9106cda0-8a86-4e81-b686-29a22c54effe", roleName: "ClearDB MySQL DB Contributor", roleType: "BuiltInRole", }, { description: "Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they’re connected to.", roleDefinitionId: "d73bb868-a0df-4d4d-bd69-98a00b01fccb", roleName: "Classic Virtual Machine Contributor", roleType: "BuiltInRole", }, { description: "Lets you read and list keys of Cognitive Services.", roleDefinitionId: "a97b65f3-24c7-4388-baec-2e87135dc908", roleName: "Cognitive Services User", roleType: "BuiltInRole", }, { description: "Lets you read Cognitive Services data.", roleDefinitionId: "b59867f0-fa02-499b-be73-45a86b5b3e1c", roleName: "Cognitive Services Data Reader (Preview)", roleType: "BuiltInRole", }, { description: "Lets you create, read, update, delete and manage keys of Cognitive Services.", roleDefinitionId: "25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68", roleName: "Cognitive Services Contributor", roleType: "BuiltInRole", }, { description: "Can submit restore request for a Cosmos DB database or a container for an account", roleDefinitionId: "db7b14f2-5adf-42da-9f96-f2ee17bab5cb", roleName: "CosmosBackupOperator", roleType: "BuiltInRole", }, { description: "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.", roleDefinitionId: "b24988ac-6180-42a0-ab88-20f7382dd24c", roleName: "Contributor", roleType: "BuiltInRole", }, { description: "Can read Azure Cosmos DB Accounts data", roleDefinitionId: "fbdf93bf-df7d-467e-a4d2-9458aa1360c8", roleName: "Cosmos DB Account Reader Role", roleType: "BuiltInRole", }, { description: "Can view costs and manage cost configuration (e.g. budgets, exports)", roleDefinitionId: "434105ed-43f6-45c7-a02f-909b2ba83430", roleName: "Cost Management Contributor", roleType: "BuiltInRole", }, { description: "Can view cost data and configuration (e.g. budgets, exports)", roleDefinitionId: "72fafb9e-0641-4937-9268-a91bfd8191a3", roleName: "Cost Management Reader", roleType: "BuiltInRole", }, { description: "Lets you manage everything under Data Box Service except giving access to others.", roleDefinitionId: "add466c9-e687-43fc-8d98-dfcf8d720be5", roleName: "Data Box Contributor", roleType: "BuiltInRole", }, { description: "Lets you manage Data Box Service except creating order or editing order details and giving access to others.", roleDefinitionId: "028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027", roleName: "Data Box Reader", roleType: "BuiltInRole", }, { description: "Create and manage data factories, as well as child resources within them.", roleDefinitionId: "673868aa-7521-48a0-acc6-0f60742d39f5", roleName: "Data Factory Contributor", roleType: "BuiltInRole", }, { description: "Can purge analytics data", roleDefinitionId: "150f5e0c-0603-4f03-8c7f-cf70034c4e90", roleName: "Data Purger", roleType: "BuiltInRole", }, { description: "Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.", roleDefinitionId: "47b7735b-770e-4598-a7da-8b91488b4c88", roleName: "Data Lake Analytics Developer", roleType: "BuiltInRole", }, { description: "Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs.", roleDefinitionId: "76283e04-6283-4c54-8f91-bcf1374a3c64", roleName: "DevTest Labs User", roleType: "BuiltInRole", }, { description: "Lets you manage DocumentDB accounts, but not access to them.", roleDefinitionId: "5bd9cd88-fe45-4216-938b-f97437e15450", roleName: "DocumentDB Account Contributor", roleType: "BuiltInRole", }, { description: "Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.", roleDefinitionId: "befefa01-2a29-4197-83a8-272ff33ce314", roleName: "DNS Zone Contributor", roleType: "BuiltInRole", }, { description: "Lets you manage EventGrid event subscription operations.", roleDefinitionId: "428e0ff0-5e57-4d9c-a221-2c70d0e0a443", roleName: "EventGrid EventSubscription Contributor", roleType: "BuiltInRole", }, { description: "Lets you read EventGrid event subscriptions.", roleDefinitionId: "2414bbcf-6497-4faf-8c65-045460748405", roleName: "EventGrid EventSubscription Reader", roleType: "BuiltInRole", }, { description: "Create and manage all aspects of the Enterprise Graph - Ontology, Schema mapping, Conflation and Conversational AI and Ingestions", roleDefinitionId: "b60367af-1334-4454-b71e-769d9a4f83d9", roleName: "Graph Owner", roleType: "BuiltInRole", }, { description: "Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package", roleDefinitionId: "8d8d5a11-05d3-4bda-a417-a08778121c7c", roleName: "HDInsight Domain Services Contributor", roleType: "BuiltInRole", }, { description: "Lets you manage Intelligent Systems accounts, but not access to them.", roleDefinitionId: "03a6d094-3444-4b3d-88af-7477090a9e5e", roleName: "Intelligent Systems Account Contributor", roleType: "BuiltInRole", }, { description: "Lets you manage key vaults, but not access to them.", roleDefinitionId: "f25e0fa2-a7c8-4377-a976-54943a77a395", roleName: "Key Vault Contributor", roleType: "BuiltInRole", }, { description: "Knowledge Read permission to consume Enterprise Graph Knowledge using entity search and graph query", roleDefinitionId: "ee361c5d-f7b5-4119-b4b6-892157c8f64c", roleName: "Knowledge Consumer", roleType: "BuiltInRole", }, { description: "Lets you create new labs under your Azure Lab Accounts.", roleDefinitionId: "b97fb8bc-a8b2-4522-a38b-dd33c7e65ead", roleName: "Lab Creator", roleType: "BuiltInRole", }, { description: "Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.", roleDefinitionId: "73c42c96-874c-492b-b04d-ab87d138a893", roleName: "Log Analytics Reader", roleType: "BuiltInRole", }, { description: "Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; adding solutions; and configuring Azure diagnostics on all Azure resources.", roleDefinitionId: "92aaf0da-9dab-42b6-94a3-d43ce8d16293", roleName: "Log Analytics Contributor", roleType: "BuiltInRole", }, { description: "Lets you read, enable and disable logic app.", roleDefinitionId: "515c2055-d9d4-4321-b1b9-bd0c9a0f79fe", roleName: "Logic App Operator", roleType: "BuiltInRole", }, { description: "Lets you manage logic app, but not access to them.", roleDefinitionId: "87a39d53-fc1b-424a-814c-f7e04687dc9e", roleName: "Logic App Contributor", roleType: "BuiltInRole", }, { description: "Lets you read and perform actions on Managed Application resources", roleDefinitionId: "c7393b34-138c-406f-901b-d8cf2b17e6ae", roleName: "Managed Application Operator Role", roleType: "BuiltInRole", }, { description: "Lets you read resources in a managed app and request JIT access.", roleDefinitionId: "b9331d33-8a36-4f8c-b097-4f54124fdb44", roleName: "Managed Applications Reader", roleType: "BuiltInRole", }, { description: "Read and Assign User Assigned Identity", roleDefinitionId: "f1a07417-d97a-45cb-824c-7a7467783830", roleName: "Managed Identity Operator", roleType: "BuiltInRole", }, { description: "Create, Read, Update, and Delete User Assigned Identity", roleDefinitionId: "e40ec5ca-96e0-45a2-b4ff-59039f2c2b59", roleName: "Managed Identity Contributor", roleType: "BuiltInRole", }, { description: "Management Group Contributor Role", roleDefinitionId: "5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c", roleName: "Management Group Contributor", roleType: "BuiltInRole", }, { description: "Management Group Reader Role", roleDefinitionId: "ac63b705-f282-497d-ac71-919bf39d939d", roleName: "Management Group Reader", roleType: "BuiltInRole", }, { description: "Enables publishing metrics against Azure resources", roleDefinitionId: "3913510d-42f4-4e42-8a64-420c390055eb", roleName: "Monitoring Metrics Publisher", roleType: "BuiltInRole", }, { description: "Can read all monitoring data.", roleDefinitionId: "43d0d8ad-25c7-4714-9337-8ba259a9fe05", roleName: "Monitoring Reader", roleType: "BuiltInRole", }, { description: "Lets you manage networks, but not access to them.", roleDefinitionId: "4d97b98b-1d4f-4787-a291-c67834d212e7", roleName: "Network Contributor", roleType: "BuiltInRole", }, { description: "Can read all monitoring data and update monitoring settings.", roleDefinitionId: "749f88d5-cbae-40b8-bcfc-e573ddc772fa", roleName: "Monitoring Contributor", roleType: "BuiltInRole", }, { description: "Lets you manage New Relic Application Performance Management accounts and applications, but not access to them.", roleDefinitionId: "5d28c62d-5b37-4476-8438-e587778df237", roleName: "New Relic APM Account Contributor", roleType: "BuiltInRole", }, { description: "Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.", roleDefinitionId: "8e3af657-a8ff-443c-a75c-2fe8c4bcb635", roleName: "Owner", roleType: "BuiltInRole", }, { description: "View all resources, but does not allow you to make any changes.", roleDefinitionId: "acdd72a7-3385-48ef-bd42-f606fba81ae7", roleName: "Reader", roleType: "BuiltInRole", }, { description: "Lets you manage Redis caches, but not access to them.", roleDefinitionId: "e0f68234-74aa-48ed-b826-c38b57376e17", roleName: "Redis Cache Contributor", roleType: "BuiltInRole", }, { description: "Lets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.", roleDefinitionId: "c12c1c16-33a1-487b-954d-41c89c60f349", roleName: "Reader and Data Access", roleType: "BuiltInRole", }, { description: "Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy.", roleDefinitionId: "36243c78-bf99-498c-9df9-86d9f8d28608", roleName: "Resource Policy Contributor", roleType: "BuiltInRole", }, { description: "Lets you manage Scheduler job collections, but not access to them.", roleDefinitionId: "188a0f2f-5c9e-469b-ae67-2aa5ce574b94", roleName: "Scheduler Job Collections Contributor", roleType: "BuiltInRole", }, { description: "Lets you manage Search services, but not access to them.", roleDefinitionId: "7ca78c08-252a-4471-8644-bb5ff32d4ba0", roleName: "Search Service Contributor", roleType: "BuiltInRole", }, { description: "Security Admin Role", roleDefinitionId: "fb1c8493-542b-48eb-b624-b4c8fea62acd", roleName: "Security Admin", roleType: "BuiltInRole", }, { description: "This is a legacy role. Please use Security Administrator instead", roleDefinitionId: "e3d13bf0-dd5a-482e-ba6b-9b8433878d10", roleName: "Security Manager (Legacy)", roleType: "BuiltInRole", }, { description: "Security Reader Role", roleDefinitionId: "39bc4728-0917-49c7-9d2c-d95423bc2eb4", roleName: "Security Reader", roleType: "BuiltInRole", }, { description: "Lets you manage spatial anchors in your account, but not delete them", roleDefinitionId: "8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827", roleName: "Spatial Anchors Account Contributor", roleType: "BuiltInRole", }, { description: "Lets you manage Site Recovery service except vault creation and role assignment", roleDefinitionId: "6670b86e-a3f7-4917-ac9b-5d6ab1be4567", roleName: "Site Recovery Contributor", roleType: "BuiltInRole", }, { description: "Lets you failover and failback but not perform other Site Recovery management operations", roleDefinitionId: "494ae006-db33-4328-bf46-533a6560a3ca", roleName: "Site Recovery Operator", roleType: "BuiltInRole", }, { description: "Lets you locate and read properties of spatial anchors in your account", roleDefinitionId: "5d51204f-eb77-4b1c-b86a-2ec626c49413", roleName: "Spatial Anchors Account Reader", roleType: "BuiltInRole", }, { description: "Lets you view Site Recovery status but not perform other management operations", roleDefinitionId: "dbaa88c4-0c30-4179-9fb3-46319faa6149", roleName: "Site Recovery Reader", roleType: "BuiltInRole", }, { description: "Lets you manage spatial anchors in your account, including deleting them", roleDefinitionId: "70bbe301-9835-447d-afdd-19eb3167307c", roleName: "Spatial Anchors Account Owner", roleType: "BuiltInRole", }, { description: "Lets you manage SQL Managed Instances and required network configuration, but can’t give access to others.", roleDefinitionId: "4939a1f6-9ae0-4e48-a1e0-f2cbe897382d", roleName: "SQL Managed Instance Contributor", roleType: "BuiltInRole", }, { description: "Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers.", roleDefinitionId: "9b7fa17d-e63e-47b0-bb0a-15c516ac86ec", roleName: "SQL DB Contributor", roleType: "BuiltInRole", }, { description: "Lets you manage the security-related policies of SQL servers and databases, but not access to them.", roleDefinitionId: "056cd41c-7e88-42e1-933e-88ba6a50c9c3", roleName: "SQL Security Manager", roleType: "BuiltInRole", }, { description: "Lets you manage storage accounts, including accessing storage account keys which provide full access to storage account data.", roleDefinitionId: "17d1049b-9a84-46fb-8f53-869881c3d3ab", roleName: "Storage Account Contributor", roleType: "BuiltInRole", }, { description: "Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.", roleDefinitionId: "6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437", roleName: "SQL Server Contributor", roleType: "BuiltInRole", }, { description: "Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts", roleDefinitionId: "81a9662b-bebf-436f-a333-f67b29880f12", roleName: "Storage Account Key Operator Service Role", roleType: "BuiltInRole", }, { description: "Allows for read, write and delete access to Azure Storage blob containers and data", roleDefinitionId: "ba92f5b4-2d11-453d-a403-e96b0029c9fe", roleName: "Storage Blob Data Contributor", roleType: "BuiltInRole", }, { description: "Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control.", roleDefinitionId: "b7e6dc6d-f1e8-4753-8033-0f276bb0955b", roleName: "Storage Blob Data Owner", roleType: "BuiltInRole", }, { description: "Allows for read access to Azure Storage blob containers and data", roleDefinitionId: "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1", roleName: "Storage Blob Data Reader", roleType: "BuiltInRole", }, { description: "Allows for read, write, and delete access to Azure Storage queues and queue messages", roleDefinitionId: "974c5e8b-45b9-4653-ba55-5f855dd0fb88", roleName: "Storage Queue Data Contributor", roleType: "BuiltInRole", }, { description: "Allows for peek, receive, and delete access to Azure Storage queue messages", roleDefinitionId: "8a0f0c08-91a1-4084-bc3d-661d67233fed", roleName: "Storage Queue Data Message Processor", roleType: "BuiltInRole", }, { description: "Allows for sending of Azure Storage queue messages", roleDefinitionId: "c6a89b2d-59bc-44d0-9896-0f6e12d7b80a", roleName: "Storage Queue Data Message Sender", roleType: "BuiltInRole", }, { description: "Allows for read access to Azure Storage queues and queue messages", roleDefinitionId: "19e7f393-937e-4f77-808e-94535e297925", roleName: "Storage Queue Data Reader", roleType: "BuiltInRole", }, { description: "Lets you create and manage Support requests", roleDefinitionId: "cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e", roleName: "Support Request Contributor", roleType: "BuiltInRole", }, { description: "Lets you manage Traffic Manager profiles, but does not let you control who has access to them.", roleDefinitionId: "a4b10055-b0c7-44c2-b00f-c7b5b3550cf7", roleName: "Traffic Manager Contributor", roleType: "BuiltInRole", }, { description: "View Virtual Machines in the portal and login as administrator", roleDefinitionId: "1c0163c0-47e6-4577-8991-ea5c82e286e4", roleName: "Virtual Machine Administrator Login", roleType: "BuiltInRole", }, { description: "Lets you manage user access to Azure resources.", roleDefinitionId: "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9", roleName: "User Access Administrator", roleType: "BuiltInRole", }, { description: "View Virtual Machines in the portal and login as a regular user.", roleDefinitionId: "fb879df8-f326-4884-b1cf-06f3ad86be52", roleName: "Virtual Machine User Login", roleType: "BuiltInRole", }, { description: "Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.", roleDefinitionId: "9980e02c-c2be-4d73-94e8-173b1dc7cf3c", roleName: "Virtual Machine Contributor", roleType: "BuiltInRole", }, { description: "Lets you manage the web plans for websites, but not access to them.", roleDefinitionId: "2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b", roleName: "Web Plan Contributor", roleType: "BuiltInRole", }, { description: "Lets you manage websites (not web plans), but not access to them.", roleDefinitionId: "de139f84-1756-47ae-9be6-808fbbe84772", roleName: "Website Contributor", roleType: "BuiltInRole", }, { description: "Allows for full access to Azure Service Bus resources.", roleDefinitionId: "090c5cfd-751d-490a-894a-3ce6f1109419", roleName: "Azure Service Bus Data Owner", roleType: "BuiltInRole", }, { description: "Allows for full access to Azure Event Hubs resources.", roleDefinitionId: "f526a384-b230-433a-b45c-95f59c4a2dec", roleName: "Azure Event Hubs Data Owner", roleType: "BuiltInRole", }, { description: "Can read write or delete the attestation provider instance", roleDefinitionId: "bbf86eb8-f7b4-4cce-96e4-18cddf81d86e", roleName: "Attestation Contributor", roleType: "BuiltInRole", }, { description: "Lets you read and modify HDInsight cluster configurations.", roleDefinitionId: "61ed4efc-fab3-44fd-b111-e24485cc132a", roleName: "HDInsight Cluster Operator", roleType: "BuiltInRole", }, { description: "Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings.", roleDefinitionId: "230815da-be43-4aae-9cb4-875f7bd000aa", roleName: "Cosmos DB Operator", roleType: "BuiltInRole", }, { description: "Can read, write, delete, and re-onboard Hybrid servers to the Hybrid Resource Provider.", roleDefinitionId: "48b40c6e-82e0-4eb3-90d5-19e40f49b624", roleName: "Hybrid Server Resource Administrator", roleType: "BuiltInRole", }, { description: "Can onboard new Hybrid servers to the Hybrid Resource Provider.", roleDefinitionId: "5d1e5ee4-7c68-4a71-ac8b-0739630a3dfb", roleName: "Hybrid Server Onboarding", roleType: "BuiltInRole", }, { description: "Allows receive access to Azure Event Hubs resources.", roleDefinitionId: "a638d3c7-ab3a-418d-83e6-5f17a39d4fde", roleName: "Azure Event Hubs Data Receiver", roleType: "BuiltInRole", }, { description: "Allows send access to Azure Event Hubs resources.", roleDefinitionId: "2b629674-e913-4c01-ae53-ef4638d8f975", roleName: "Azure Event Hubs Data Sender", roleType: "BuiltInRole", }, { description: "Allows for receive access to Azure Service Bus resources.", roleDefinitionId: "4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0", roleName: "Azure Service Bus Data Receiver", roleType: "BuiltInRole", }, { description: "Allows for send access to Azure Service Bus resources.", roleDefinitionId: "69a216fc-b8fb-44d8-bc22-1f3c2cd27a39", roleName: "Azure Service Bus Data Sender", roleType: "BuiltInRole", }, { description: "Allows for read access to Azure File Share over SMB", roleDefinitionId: "aba4ae5f-2193-4029-9191-0cb91df5e314", roleName: "Storage File Data SMB Share Reader", roleType: "BuiltInRole", }, { description: "Allows for read, write, and delete access in Azure Storage file shares over SMB", roleDefinitionId: "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb", roleName: "Storage File Data SMB Share Contributor", roleType: "BuiltInRole", }, { description: "Lets you manage private DNS zone resources, but not the virtual networks they are linked to.", roleDefinitionId: "b12aa53e-6015-4669-85d0-8515ebb3ae7f", roleName: "Private DNS Zone Contributor", roleType: "BuiltInRole", }, { description: "Allows for generation of a user delegation key which can be used to sign SAS tokens", roleDefinitionId: "db58b8e5-c6ad-4a2a-8342-4190687cbf4a", roleName: "Storage Blob Delegator", roleType: "BuiltInRole", }, { description: "Allows user to use the applications in an application group.", roleDefinitionId: "1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63", roleName: "Desktop Virtualization User", roleType: "BuiltInRole", }, { description: "Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB", roleDefinitionId: "a7264617-510b-434b-a828-9731dc254ea7", roleName: "Storage File Data SMB Share Elevated Contributor", roleType: "BuiltInRole", }, { description: "Can manage blueprint definitions, but not assign them.", roleDefinitionId: "41077137-e803-4205-871c-5a86e6a753b4", roleName: "Blueprint Contributor", roleType: "BuiltInRole", }, { description: "Can assign existing published blueprints, but cannot create new blueprints. NOTE: this only works if the assignment is done with a user-assigned managed identity.", roleDefinitionId: "437d2ced-4a38-4302-8479-ed2bcb43d090", roleName: "Blueprint Operator", roleType: "BuiltInRole", }, { description: "Microsoft Sentinel Contributor", roleDefinitionId: "ab8e14d6-4a74-4a29-9ba8-549422addade", roleName: "Microsoft Sentinel Contributor", roleType: "BuiltInRole", }, { description: "Microsoft Sentinel Responder", roleDefinitionId: "3e150937-b8fe-4cfb-8069-0eaf05ecd056", roleName: "Microsoft Sentinel Responder", roleType: "BuiltInRole", }, { description: "Microsoft Sentinel Reader", roleDefinitionId: "8d289c81-5878-46d4-8554-54e1e3d8b5cb", roleName: "Microsoft Sentinel Reader", roleType: "BuiltInRole", }, { description: "Can read workbooks.", roleDefinitionId: "b279062a-9be3-42a0-92ae-8b3cf002ec4d", roleName: "Workbook Reader", roleType: "BuiltInRole", }, { description: "Can save shared workbooks.", roleDefinitionId: "e8ddcd69-c73f-4f9f-9844-4100522f16ad", roleName: "Workbook Contributor", roleType: "BuiltInRole", }, { description: "Allows read access to resource policies and write access to resource component policy events.", roleDefinitionId: "66bb4e9e-b016-4a94-8249-4c0511c2be84", roleName: "Policy Insights Data Writer (Preview)", roleType: "BuiltInRole", }, { description: "Read SignalR Service Access Keys", roleDefinitionId: "04165923-9d83-45d5-8227-78b77b0a687e", roleName: "SignalR AccessKey Reader", roleType: "BuiltInRole", }, { description: "Create, Read, Update, and Delete SignalR service resources", roleDefinitionId: "8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761", roleName: "SignalR/Web PubSub Contributor", roleType: "BuiltInRole", }, { description: "Can onboard Azure Connected Machines.", roleDefinitionId: "b64e21ea-ac4e-4cdf-9dc9-5b892992bee7", roleName: "Azure Connected Machine Onboarding", roleType: "BuiltInRole", }, { description: "Can read, write, delete and re-onboard Azure Connected Machines.", roleDefinitionId: "cd570a14-e51a-42ad-bac8-bafd67325302", roleName: "Azure Connected Machine Resource Administrator", roleType: "BuiltInRole", }, { description: "Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant.", roleDefinitionId: "91c1777a-f3dc-4fae-b103-61d183457e46", roleName: "Managed Services Registration assignment Delete Role", roleType: "BuiltInRole", }, { description: "Allows full access to App Configuration data.", roleDefinitionId: "5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b", roleName: "App Configuration Data Owner", roleType: "BuiltInRole", }, { description: "Allows read access to App Configuration data.", roleDefinitionId: "516239f1-63e1-4d78-a4de-a74fb236a071", roleName: "App Configuration Data Reader", roleType: "BuiltInRole", }, { description: "Role definition to authorize any user/service to create connectedClusters resource", roleDefinitionId: "34e09817-6cbe-4d01-b1a2-e0eac5743d41", roleName: "Kubernetes Cluster - Azure Arc Onboarding", roleType: "BuiltInRole", }, { description: "Experimentation Contributor", roleDefinitionId: "7f646f1b-fa08-80eb-a22b-edd6ce5c915c", roleName: "Experimentation Contributor", roleType: "BuiltInRole", }, { description: "Let’s you read and test a KB only.", roleDefinitionId: "466ccd10-b268-4a11-b098-b4849f024126", roleName: "Cognitive Services QnA Maker Reader", roleType: "BuiltInRole", }, { description: "Let’s you create, edit, import and export a KB. You cannot publish or delete a KB.", roleDefinitionId: "f4cc2bf9-21be-47a1-bdf1-5c5804381025", roleName: "Cognitive Services QnA Maker Editor", roleType: "BuiltInRole", }, { description: "Experimentation Administrator", roleDefinitionId: "7f646f1b-fa08-80eb-a33b-edd6ce5c915c", roleName: "Experimentation Administrator", roleType: "BuiltInRole", }, { description: "Provides user with conversion, manage session, rendering and diagnostics capabilities for Azure Remote Rendering", roleDefinitionId: "3df8b902-2a6f-47c7-8cc5-360e9b272a7e", roleName: "Remote Rendering Administrator", roleType: "BuiltInRole", }, { description: "Provides user with manage session, rendering and diagnostics capabilities for Azure Remote Rendering.", roleDefinitionId: "d39065c4-c120-43c9-ab0a-63eed9795f0a", roleName: "Remote Rendering Client", roleType: "BuiltInRole", }, { description: "Allows for creating managed application resources.", roleDefinitionId: "641177b8-a67a-45b9-a033-47bc880bb21e", roleName: "Managed Application Contributor Role", roleType: "BuiltInRole", }, { description: "Lets you push assessments to Security Center", roleDefinitionId: "612c2aa1-cb24-443b-ac28-3ab7272de6f5", roleName: "Security Assessment Contributor", roleType: "BuiltInRole", }, { description: "Lets you manage tags on entities, without providing access to the entities themselves.", roleDefinitionId: "4a9ae827-6dc8-4573-8ac7-8239d42aa03f", roleName: "Tag Contributor", roleType: "BuiltInRole", }, { description: "Allows developers to create and update workflows, integration accounts and API connections in integration service environments.", roleDefinitionId: "c7aa55d3-1abb-444a-a5ca-5e51e485d6ec", roleName: "Integration Service Environment Developer", roleType: "BuiltInRole", }, { description: "Lets you manage integration service environments, but not access to them.", roleDefinitionId: "a41e2c5b-bd99-4a07-88f4-9bf657a760b8", roleName: "Integration Service Environment Contributor", roleType: "BuiltInRole", }, { description: "Grants access to read and write Azure Kubernetes Service clusters", roleDefinitionId: "ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8", roleName: "Azure Kubernetes Service Contributor Role", roleType: "BuiltInRole", }, { description: "Read-only role for Digital Twins data-plane properties", roleDefinitionId: "d57506d4-4c8d-48b1-8587-93c323f6a5a3", roleName: "Azure Digital Twins Data Reader", roleType: "BuiltInRole", }, { description: "Full access role for Digital Twins data-plane", roleDefinitionId: "bcd981a7-7f74-457b-83e1-cceb9e632ffe", roleName: "Azure Digital Twins Data Owner", roleType: "BuiltInRole", }, { description: "Allows users to edit and delete Hierarchy Settings", roleDefinitionId: "350f8d15-c687-4448-8ae1-157740a3936d", roleName: "Hierarchy Settings Administrator", roleType: "BuiltInRole", }, { description: "Role allows user or principal full access to FHIR Data", roleDefinitionId: "5a1fc7df-4bf1-4951-a576-89034ee01acd", roleName: "FHIR Data Contributor", roleType: "BuiltInRole", }, { description: "Role allows user or principal to read and export FHIR Data", roleDefinitionId: "3db33094-8700-4567-8da5-1501d4e7e843", roleName: "FHIR Data Exporter", roleType: "BuiltInRole", }, { description: "Role allows user or principal to read FHIR Data", roleDefinitionId: "4c8d0bbc-75d3-4935-991f-5f3c56d81508", roleName: "FHIR Data Reader", roleType: "BuiltInRole", }, { description: "Role allows user or principal to read and write FHIR Data", roleDefinitionId: "3f88fce4-5892-4214-ae73-ba5294559913", roleName: "FHIR Data Writer", roleType: "BuiltInRole", }, { description: "Experimentation Reader", roleDefinitionId: "49632ef5-d9ac-41f4-b8e7-bbe587fa74a1", roleName: "Experimentation Reader", roleType: "BuiltInRole", }, { description: "Provides user with ingestion capabilities for Azure Object Understanding.", roleDefinitionId: "4dd61c23-6743-42fe-a388-d8bdd41cb745", roleName: "Object Understanding Account Owner", roleType: "BuiltInRole", }, { description: "Grants access to read, write, and delete access to map related data from an Azure maps account.", roleDefinitionId: "8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204", roleName: "Azure Maps Data Contributor", roleType: "BuiltInRole", }, { description: "Full access to the project, including the ability to view, create, edit, or delete projects.", roleDefinitionId: "c1ff6cc2-c111-46fe-8896-e0ef812ad9f3", roleName: "Cognitive Services Custom Vision Contributor", roleType: "BuiltInRole", }, { description: "Publish, unpublish or export models. Deployment can view the project but can’t update.", roleDefinitionId: "5c4089e1-6d96-4d2f-b296-c1bc7137275f", roleName: "Cognitive Services Custom Vision Deployment", roleType: "BuiltInRole", }, { description: "View, edit training images and create, add, remove, or delete the image tags. Labelers can view the project but can’t update anything other than training images and tags.", roleDefinitionId: "88424f51-ebe7-446f-bc41-7fa16989e96c", roleName: "Cognitive Services Custom Vision Labeler", roleType: "BuiltInRole", }, { description: "Read-only actions in the project. Readers can’t create or update the project.", roleDefinitionId: "93586559-c37d-4a6b-ba08-b9f0940c2d73", roleName: "Cognitive Services Custom Vision Reader", roleType: "BuiltInRole", }, { description: "View, edit projects and train the models, including the ability to publish, unpublish, export the models. Trainers can’t create or delete the project.", roleDefinitionId: "0a5ae4ab-0d65-4eeb-be61-29fc9b54394b", roleName: "Cognitive Services Custom Vision Trainer", roleType: "BuiltInRole", }, { description: "Perform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets. Cannot manage key vault resources or manage role assignments. Only works for key vaults that use the 'Azure role-based access control' permission model.", roleDefinitionId: "00482a5a-887f-4fb3-b363-3b7fe8e74483", roleName: "Key Vault Administrator", roleType: "BuiltInRole", }, { description: "Perform any action on the keys of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model.", roleDefinitionId: "14b46e9e-c2b7-41b4-b07b-48a6ebf60603", roleName: "Key Vault Crypto Officer", roleType: "BuiltInRole", }, { description: "Perform cryptographic operations using keys. Only works for key vaults that use the 'Azure role-based access control' permission model.", roleDefinitionId: "12338af0-0e69-4776-bea7-57ae8d297424", roleName: "Key Vault Crypto User", roleType: "BuiltInRole", }, { description: "Perform any action on the secrets of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model.", roleDefinitionId: "b86a8fe4-44ce-4948-aee5-eccb2c155cd7", roleName: "Key Vault Secrets Officer", roleType: "BuiltInRole", }, { description: "Read secret contents. Only works for key vaults that use the 'Azure role-based access control' permission model.", roleDefinitionId: "4633458b-17de-408a-b874-0445c86b69e6", roleName: "Key Vault Secrets User", roleType: "BuiltInRole", }, { description: "Perform any action on the certificates of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model.", roleDefinitionId: "a4417e6f-fecd-4de8-b567-7b0420556985", roleName: "Key Vault Certificates Officer", roleType: "BuiltInRole", }, { description: "Read metadata of key vaults and its certificates, keys, and secrets. Cannot read sensitive values such as secret contents or key material. Only works for key vaults that use the 'Azure role-based access control' permission model.", roleDefinitionId: "21090545-7ca7-4776-b22c-e363652d74d2", roleName: "Key Vault Reader", roleType: "BuiltInRole", }, { description: "Read metadata of keys and perform wrap/unwrap operations. Only works for key vaults that use the 'Azure role-based access control' permission model.", roleDefinitionId: "e147488a-f6f5-4113-8e2d-b22465e65bf6", roleName: "Key Vault Crypto Service Encryption User", roleType: "BuiltInRole", }, { description: "Lets you view all resources in cluster/namespace, except secrets.", roleDefinitionId: "63f0a09d-1495-4db4-a681-037d84835eb4", roleName: "Azure Arc Kubernetes Viewer", roleType: "BuiltInRole", }, { description: "Lets you update everything in cluster/namespace, except (cluster)roles and (cluster)role bindings.", roleDefinitionId: "5b999177-9696-4545-85c7-50de3797e5a1", roleName: "Azure Arc Kubernetes Writer", roleType: "BuiltInRole", }, { description: "Lets you manage all resources in the cluster.", roleDefinitionId: "8393591c-06b9-48a2-a542-1bd6b377f6a2", roleName: "Azure Arc Kubernetes Cluster Admin", roleType: "BuiltInRole", }, { description: "Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.", roleDefinitionId: "dffb1e0c-446f-4dde-a09f-99eb5cc68b96", roleName: "Azure Arc Kubernetes Admin", roleType: "BuiltInRole", }, { description: "Lets you manage all resources in the cluster.", roleDefinitionId: "b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b", roleName: "Azure Kubernetes Service RBAC Cluster Admin", roleType: "BuiltInRole", }, { description: "Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.", roleDefinitionId: "3498e952-d568-435e-9b2c-8d77e338d7f7", roleName: "Azure Kubernetes Service RBAC Admin", roleType: "BuiltInRole", }, { description: "Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces.", roleDefinitionId: "7f6c6a51-bcf8-42ba-9220-52d62157d7db", roleName: "Azure Kubernetes Service RBAC Reader", roleType: "BuiltInRole", }, { description: "Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces.", roleDefinitionId: "a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb", roleName: "Azure Kubernetes Service RBAC Writer", roleType: "BuiltInRole", }, { description: "Services Hub Operator allows you to perform all read, write, and deletion operations related to Services Hub Connectors.", roleDefinitionId: "82200a5b-e217-47a5-b665-6d8765ee745b", roleName: "Services Hub Operator", roleType: "BuiltInRole", }, { description: "Lets you read ingestion jobs for an object understanding account.", roleDefinitionId: "d18777c0-1514-4662-8490-608db7d334b6", roleName: "Object Understanding Account Reader", roleType: "BuiltInRole", }, { description: "List cluster user credentials action.", roleDefinitionId: "00493d72-78f6-4148-b6c5-d3ce8e4799dd", roleName: "Azure Arc Enabled Kubernetes Cluster User Role", roleType: "BuiltInRole", }, { description: "Lets your app server access SignalR Service with AAD auth options.", roleDefinitionId: "420fcaa2-552c-430f-98ca-3264be4806c7", roleName: "SignalR App Server", roleType: "BuiltInRole", }, { description: "Full access to Azure SignalR Service REST APIs", roleDefinitionId: "fd53cd77-2268-407a-8f46-7e7863d0f521", roleName: "SignalR REST API Owner", roleType: "BuiltInRole", }, { description: "Can manage data packages of a collaborative.", roleDefinitionId: "daa9e50b-21df-454c-94a6-a8050adab352", roleName: "Collaborative Data Contributor", roleType: "BuiltInRole", }, { description: "Gives you read access to management and content operations, but does not allow making changes", roleDefinitionId: "e9dba6fb-3d52-4cf0-bce3-f06ce71b9e0f", roleName: "Device Update Reader", roleType: "BuiltInRole", }, { description: "Gives you full access to management and content operations", roleDefinitionId: "02ca0879-e8e4-47a5-a61e-5c618b76e64a", roleName: "Device Update Administrator", roleType: "BuiltInRole", }, { description: "Gives you full access to content operations", roleDefinitionId: "0378884a-3af5-44ab-8323-f5b22f9f3c98", roleName: "Device Update Content Administrator", roleType: "BuiltInRole", }, { description: "Gives you full access to management operations", roleDefinitionId: "e4237640-0e3d-4a46-8fda-70bc94856432", roleName: "Device Update Deployments Administrator", roleType: "BuiltInRole", }, { description: "Gives you read access to management operations, but does not allow making changes", roleDefinitionId: "49e2f5d2-7741-4835-8efa-19e1fe35e47f", roleName: "Device Update Deployments Reader", roleType: "BuiltInRole", }, { description: "Gives you read access to content operations, but does not allow making changes", roleDefinitionId: "d1ee9a80-8b14-47f0-bdc2-f4a351625a7b", roleName: "Device Update Content Reader", roleType: "BuiltInRole", }, { description: "Full access to the project, including the system level configuration.", roleDefinitionId: "cb43c632-a144-4ec5-977c-e80c4affc34a", roleName: "Cognitive Services Metrics Advisor Administrator", roleType: "BuiltInRole", }, { description: "Access to the project.", roleDefinitionId: "3b20f47b-3825-43cb-8114-4bd2201156a8", roleName: "Cognitive Services Metrics Advisor User", roleType: "BuiltInRole", }, { description: "Read and list Schema Registry groups and schemas.", roleDefinitionId: "2c56ea50-c6b3-40a6-83c0-9d98858bc7d2", roleName: "Schema Registry Reader (Preview)", roleType: "BuiltInRole", }, { description: "Read, write, and delete Schema Registry groups and schemas.", roleDefinitionId: "5dffeca3-4936-4216-b2bc-10343a5abb25", roleName: "Schema Registry Contributor (Preview)", roleType: "BuiltInRole", }, { description: "Provides read access to AgFood Platform Service", roleDefinitionId: "7ec7ccdc-f61e-41fe-9aaf-980df0a44eba", roleName: "AgFood Platform Service Reader", roleType: "BuiltInRole", }, { description: "Provides contribute access to AgFood Platform Service", roleDefinitionId: "8508508a-4469-4e45-963b-2518ee0bb728", roleName: "AgFood Platform Service Contributor", roleType: "BuiltInRole", }, { description: "Provides admin access to AgFood Platform Service", roleDefinitionId: "f8da80de-1ff9-4747-ad80-a19b7f6079e3", roleName: "AgFood Platform Service Admin", roleType: "BuiltInRole", }, { description: "Lets you manage managed HSM pools, but not access to them.", roleDefinitionId: "18500a29-7fe2-46b2-a342-b16a415e101d", roleName: "Managed HSM contributor", roleType: "BuiltInRole", }, { description: "Allowed to create submissions to Security Detonation Chamber", roleDefinitionId: "0b555d9b-b4a7-4f43-b330-627f0e5be8f0", roleName: "Security Detonation Chamber Submitter", roleType: "BuiltInRole", }, { description: "Read-only access to Azure SignalR Service REST APIs", roleDefinitionId: "ddde6b66-c0df-4114-a159-3618637b3035", roleName: "SignalR REST API Reader", roleType: "BuiltInRole", }, { description: "Full access to Azure SignalR Service REST APIs", roleDefinitionId: "7e4f1700-ea5a-4f59-8f37-079cfe29dce3", roleName: "SignalR Service Owner", roleType: "BuiltInRole", }, { description: "Lets you purchase reservations", roleDefinitionId: "f7b75c60-3036-4b75-91c3-6b41c27c1689", roleName: "Reservation Purchaser", roleType: "BuiltInRole", }, { description: "Lets you write metrics to AzureML workspace", roleDefinitionId: "635dd51f-9968-44d3-b7fb-6d9a6bd613ae", roleName: "AzureML Metrics Writer (preview)", roleType: "BuiltInRole", }, { description: "Lets you perform backup and restore operations using Azure Backup on the storage account.", roleDefinitionId: "e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1", roleName: "Storage Account Backup Contributor", roleType: "BuiltInRole", }, { description: "Allows for creation, writes and reads to the metric set via the metrics service APIs.", roleDefinitionId: "6188b7c9-7d01-4f99-a59f-c88b630326c0", roleName: "Experimentation Metric Contributor", roleType: "BuiltInRole", }, { description: "The Microsoft.ProjectBabylon data curator can create, read, modify and delete catalog data objects and establish relationships between objects. This role is in preview and subject to change.", roleDefinitionId: "9ef4ef9c-a049-46b0-82ab-dd8ac094c889", roleName: "Project Babylon Data Curator", roleType: "BuiltInRole", }, { description: "The Microsoft.ProjectBabylon data reader can read catalog data objects. This role is in preview and subject to change.", roleDefinitionId: "c8d896ba-346d-4f50-bc1d-7d1c84130446", roleName: "Project Babylon Data Reader", roleType: "BuiltInRole", }, { description: "The Microsoft.ProjectBabylon data source administrator can manage data sources and data scans. This role is in preview and subject to change.", roleDefinitionId: "05b7651b-dc44-475e-b74d-df3db49fae0f", roleName: "Project Babylon Data Source Administrator", roleType: "BuiltInRole", }, { description: "Deprecated role.", roleDefinitionId: "8a3c2885-9b38-4fd2-9d99-91af537c1347", roleName: "Purview role 1 (Deprecated)", roleType: "BuiltInRole", }, { description: "Deprecated role.", roleDefinitionId: "ff100721-1b9d-43d8-af52-42b69c1272db", roleName: "Purview role 3 (Deprecated)", roleType: "BuiltInRole", }, { description: "Deprecated role.", roleDefinitionId: "200bba9e-f0c8-430f-892b-6f0794863803", roleName: "Purview role 2 (Deprecated)", roleType: "BuiltInRole", }, { description: "Contributor of the Application Group.", roleDefinitionId: "ca6382a4-1721-4bcf-a114-ff0c70227b6b", roleName: "Application Group Contributor", roleType: "BuiltInRole", }, { description: "Reader of Desktop Virtualization.", roleDefinitionId: "49a72310-ab8d-41df-bbb0-79b649203868", roleName: "Desktop Virtualization Reader", roleType: "BuiltInRole", }, { description: "Contributor of Desktop Virtualization.", roleDefinitionId: "082f0a83-3be5-4ba1-904c-961cca79b387", roleName: "Desktop Virtualization Contributor", roleType: "BuiltInRole", }, { description: "Contributor of the Desktop Virtualization Workspace.", roleDefinitionId: "21efdde3-836f-432b-bf3d-3e8e734d4b2b", roleName: "Desktop Virtualization Workspace Contributor", roleType: "BuiltInRole", }, { description: "Operator of the Desktop Virtualization Uesr Session.", roleDefinitionId: "ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6", roleName: "Desktop Virtualization User Session Operator", roleType: "BuiltInRole", }, { description: "Operator of the Desktop Virtualization Session Host.", roleDefinitionId: "2ad6aaab-ead9-4eaa-8ac5-da422f562408", roleName: "Desktop Virtualization Session Host Operator", roleType: "BuiltInRole", }, { description: "Reader of the Desktop Virtualization Host Pool.", roleDefinitionId: "ceadfde2-b300-400a-ab7b-6143895aa822", roleName: "Desktop Virtualization Host Pool Reader", roleType: "BuiltInRole", }, { description: "Contributor of the Desktop Virtualization Host Pool.", roleDefinitionId: "e307426c-f9b6-4e81-87de-d99efb3c32bc", roleName: "Desktop Virtualization Host Pool Contributor", roleType: "BuiltInRole", }, { description: "Reader of the Desktop Virtualization Application Group.", roleDefinitionId: "aebf23d0-b568-4e86-b8f9-fe83a2c6ab55", roleName: "Desktop Virtualization Application Group Reader", roleType: "BuiltInRole", }, { description: "Contributor of the Desktop Virtualization Application Group.", roleDefinitionId: "86240b0e-9422-4c43-887b-b61143f32ba8", roleName: "Desktop Virtualization Application Group Contributor", roleType: "BuiltInRole", }, { description: "Reader of the Desktop Virtualization Workspace.", roleDefinitionId: "0fa44ee9-7a7d-466b-9bb2-2bf446b1204d", roleName: "Desktop Virtualization Workspace Reader", roleType: "BuiltInRole", }, { description: "Provides permission to backup vault to perform disk backup.", roleDefinitionId: "3e5e47e6-65f7-47ef-90b5-e5dd4d455f24", roleName: "Disk Backup Reader", roleType: "BuiltInRole", }, { description: "Grants permissions to upload and manage new Autonomous Development Platform measurements.", roleDefinitionId: "b8b15564-4fa6-4a59-ab12-03e1d9594795", roleName: "Autonomous Development Platform Data Contributor (Preview)", roleType: "BuiltInRole", }, { description: "Grants read access to Autonomous Development Platform data.", roleDefinitionId: "d63b75f7-47ea-4f27-92ac-e0d173aaf093", roleName: "Autonomous Development Platform Data Reader (Preview)", roleType: "BuiltInRole", }, { description: "Grants full access to Autonomous Development Platform data.", roleDefinitionId: "27f8b550-c507-4db9-86f2-f4b8e816d59d", roleName: "Autonomous Development Platform Data Owner (Preview)", roleType: "BuiltInRole", }, { description: "Provides permission to backup vault to perform disk restore.", roleDefinitionId: "b50d9833-a0cb-478e-945f-707fcc997c13", roleName: "Disk Restore Operator", roleType: "BuiltInRole", }, { description: "Provides permission to backup vault to manage disk snapshots.", roleDefinitionId: "7efff54f-a5b4-42b5-a1c5-5411624893ce", roleName: "Disk Snapshot Contributor", roleType: "BuiltInRole", }, { description: "Microsoft.Kubernetes connected cluster role.", roleDefinitionId: "5548b2cf-c94c-4228-90ba-30851930a12f", roleName: "Microsoft.Kubernetes connected cluster role", roleType: "BuiltInRole", }, { description: "Allowed to create and manage submissions to Security Detonation Chamber", roleDefinitionId: "a37b566d-3efa-4beb-a2f2-698963fa42ce", roleName: "Security Detonation Chamber Submission Manager", roleType: "BuiltInRole", }, { description: "Allowed to publish and modify platforms, workflows and toolsets to Security Detonation Chamber", roleDefinitionId: "352470b3-6a9c-4686-b503-35deb827e500", roleName: "Security Detonation Chamber Publisher", roleType: "BuiltInRole", }, { description: "Can manage resources created by AICS at runtime", roleDefinitionId: "7a6f0e70-c033-4fb1-828c-08514e5f4102", roleName: "Collaborative Runtime Operator", roleType: "BuiltInRole", }, { description: "Can perform restore action for Cosmos DB database account with continuous backup mode", roleDefinitionId: "5432c526-bc82-444a-b7ba-57c5b0b5b34f", roleName: "CosmosRestoreOperator", roleType: "BuiltInRole", }, { description: "Role allows user or principal to convert data from legacy format to FHIR", roleDefinitionId: "a1705bd2-3a8f-45a5-8683-466fcfd5cc24", roleName: "FHIR Data Converter", roleType: "BuiltInRole", }, { description: "Microsoft Sentinel Automation Contributor", roleDefinitionId: "f4c81013-99ee-4d62-a7ee-b3f1f648599a", roleName: "Microsoft Sentinel Automation Contributor", roleType: "BuiltInRole", }, { description: "Read and create quota requests, get quota request status, and create support tickets.", roleDefinitionId: "0e5f05e5-9ab9-446b-b98d-1e2157c94125", roleName: "Quota Request Operator", roleType: "BuiltInRole", }, { description: "Lets you manage EventGrid operations.", roleDefinitionId: "1e241071-0855-49ea-94dc-649edcd759de", roleName: "EventGrid Contributor", roleType: "BuiltInRole", }, { description: "Allowed to query submission info and files from Security Detonation Chamber", roleDefinitionId: "28241645-39f8-410b-ad48-87863e2951d5", roleName: "Security Detonation Chamber Reader", roleType: "BuiltInRole", }, { description: "Lets you read ingestion jobs for an object anchors account.", roleDefinitionId: "4a167cdf-cb95-4554-9203-2347fe489bd9", roleName: "Object Anchors Account Reader", roleType: "BuiltInRole", }, { description: "Provides user with ingestion capabilities for an object anchors account.", roleDefinitionId: "ca0835dd-bacc-42dd-8ed2-ed5e7230d15b", roleName: "Object Anchors Account Owner", roleType: "BuiltInRole", }, { description: "WorkloadBuilder Migration Agent Role.", roleDefinitionId: "d17ce0a2-0697-43bc-aac5-9113337ab61c", roleName: "WorkloadBuilder Migration Agent Role", roleType: "BuiltInRole", }, { description: "Full access to Azure Web PubSub Service REST APIs", roleDefinitionId: "12cf5a90-567b-43ae-8102-96cf46c7d9b4", roleName: "Web PubSub Service Owner (Preview)", roleType: "BuiltInRole", }, { description: "Read-only access to Azure Web PubSub Service REST APIs", roleDefinitionId: "bfb1c7d2-fb1a-466b-b2ba-aee63b92deaf", roleName: "Web PubSub Service Reader (Preview)", roleType: "BuiltInRole", }, { description: "Allow read access to Azure Spring Cloud Data", roleDefinitionId: "b5537268-8956-4941-a8f0-646150406f0c", roleName: "Azure Spring Cloud Data Reader", roleType: "BuiltInRole", }, { description: "Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can’t create, delete or modify the data/test/model/endpoint for custom models.", roleDefinitionId: "f2dc8367-1007-4938-bd23-fe263f013447", roleName: "Cognitive Services Speech User", roleType: "BuiltInRole", }, { description: "Full access to Speech projects, including read, write and delete all entities, for real-time speech recognition and batch transcription tasks, real-time speech synthesis and long audio tasks, custom speech and custom voice.", roleDefinitionId: "0e75ca1e-0464-4b4d-8b93-68208a576181", roleName: "Cognitive Services Speech Contributor", roleType: "BuiltInRole", }, { description: "Lets you perform detect, verify, identify, group, and find similar operations on Face API. This role does not allow create or delete operations, which makes it well suited for endpoints that only need inferencing capabilities, following 'least privilege' best practices.", roleDefinitionId: "9894cab4-e18a-44aa-828b-cb588cd6f2d7", roleName: "Cognitive Services Face Recognizer", roleType: "BuiltInRole", }, { description: "Create, read, modify, and delete Media Services accounts; read-only access to other Media Services resources.", roleDefinitionId: "054126f8-9a2b-4f1c-a9ad-eca461f08466", roleName: "Media Services Account Administrator", roleType: "BuiltInRole", }, { description: "Create, read, modify, and delete Live Events, Assets, Asset Filters, and Streaming Locators; read-only access to other Media Services resources.", roleDefinitionId: "532bc159-b25e-42c0-969e-a1d439f60d77", roleName: "Media Services Live Events Administrator", roleType: "BuiltInRole", }, { description: "Create, read, modify, and delete Assets, Asset Filters, Streaming Locators, and Jobs; read-only access to other Media Services resources.", roleDefinitionId: "e4395492-1534-4db2-bedf-88c14621589c", roleName: "Media Services Media Operator", roleType: "BuiltInRole", }, { description: "Create, read, modify, and delete Account Filters, Streaming Policies, Content Key Policies, and Transforms; read-only access to other Media Services resources. Cannot create Jobs, Assets or Streaming resources.", roleDefinitionId: "c4bba371-dacd-4a26-b320-7250bca963ae", roleName: "Media Services Policy Administrator", roleType: "BuiltInRole", }, { description: "Create, read, modify, and delete Streaming Endpoints; read-only access to other Media Services resources.", roleDefinitionId: "99dba123-b5fe-44d5-874c-ced7199a5804", roleName: "Media Services Streaming Endpoints Administrator", roleType: "BuiltInRole", }, { description: "Lets you perform query testing without creating a stream analytics job first", roleDefinitionId: "1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf", roleName: "Stream Analytics Query Tester", roleType: "BuiltInRole", }, { description: "Basic user role for AnyBuild. This role allows listing of agent information and execution of remote build capabilities.", roleDefinitionId: "a2138dac-4907-4679-a376-736901ed8ad8", roleName: "AnyBuild Builder", roleType: "BuiltInRole", }, { description: "Allows for full read access to IoT Hub data-plane properties", roleDefinitionId: "b447c946-2db7-41ec-983d-d8bf3b1c77e3", roleName: "IoT Hub Data Reader", roleType: "BuiltInRole", }, { description: "Allows for read and write access to all IoT Hub device and module twins.", roleDefinitionId: "494bdba2-168f-4f31-a0a1-191d2f7c028c", roleName: "IoT Hub Twin Contributor", roleType: "BuiltInRole", }, { description: "Allows for full access to IoT Hub device registry.", roleDefinitionId: "4ea46cd5-c1b2-4a8e-910b-273211f9ce47", roleName: "IoT Hub Registry Contributor", roleType: "BuiltInRole", }, { description: "Allows for full access to IoT Hub data plane operations.", roleDefinitionId: "4fc6c259-987e-4a07-842e-c321cc9d413f", roleName: "IoT Hub Data Contributor", roleType: "BuiltInRole", }, { description: "Let you view and download packages and test results.", roleDefinitionId: "15e0f5a1-3450-4248-8e25-e2afe88a9e85", roleName: "Test Base Reader", roleType: "BuiltInRole", }, { description: "Grants read access to Azure Cognitive Search index data.", roleDefinitionId: "1407120a-92aa-4202-b7e9-c0e197c71c8f", roleName: "Search Index Data Reader", roleType: "BuiltInRole", }, { description: "Grants full access to Azure Cognitive Search index data.", roleDefinitionId: "8ebe5a00-799e-43f5-93ac-243d3dce84a7", roleName: "Search Index Data Contributor", roleType: "BuiltInRole", }, { description: "Allows for read access to Azure Storage tables and entities", roleDefinitionId: "76199698-9eea-4c19-bc75-cec21354c6b6", roleName: "Storage Table Data Reader", roleType: "BuiltInRole", }, { description: "Allows for read, write and delete access to Azure Storage tables and entities", roleDefinitionId: "0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3", roleName: "Storage Table Data Contributor", roleType: "BuiltInRole", }, { description: "Read and search DICOM data.", roleDefinitionId: "e89c7a3c-2f64-4fa1-a847-3e4c9ba4283a", roleName: "DICOM Data Reader", roleType: "BuiltInRole", }, { description: "Full access to DICOM data.", roleDefinitionId: "58a3b984-7adf-4c20-983a-32417c86fbc8", roleName: "DICOM Data Owner", roleType: "BuiltInRole", }, { description: "Allows send access to event grid events.", roleDefinitionId: "d5a91429-5739-47e2-a06b-3470a27159e7", roleName: "EventGrid Data Sender", roleType: "BuiltInRole", }, { description: "Used by the StoragePool Resource Provider to manage Disks added to a Disk Pool.", roleDefinitionId: "60fc6e62-5479-42d4-8bf4-67625fcc2840", roleName: "Disk Pool Operator", roleType: "BuiltInRole", }, { description: "Can perform all actions within an Azure Machine Learning workspace, except for creating or deleting compute resources and modifying the workspace itself.", roleDefinitionId: "f6c7c914-8db3-469d-8ca1-694a8f32e121", roleName: "AzureML Data Scientist", roleType: "BuiltInRole", }, { description: "Built-in Grafana admin role", roleDefinitionId: "22926164-76b3-42b3-bc55-97df8dab3e41", roleName: "Grafana Admin", roleType: "BuiltInRole", }, { description: "Microsoft.AzureArcData service role to access the resources of Microsoft.AzureArcData stored with RPSAAS.", roleDefinitionId: "e8113dce-c529-4d33-91fa-e9b972617508", roleName: "Azure Connected SQL Server Onboarding", roleType: "BuiltInRole", }, { description: "Allows for send access to Azure Relay resources.", roleDefinitionId: "26baccc8-eea7-41f1-98f4-1762cc7f685d", roleName: "Azure Relay Sender", roleType: "BuiltInRole", }, { description: "Allows for full access to Azure Relay resources.", roleDefinitionId: "2787bf04-f1f5-4bfe-8383-c8a24483ee38", roleName: "Azure Relay Owner", roleType: "BuiltInRole", }, { description: "Allows for listen access to Azure Relay resources.", roleDefinitionId: "26e0b698-aa6d-4085-9386-aadae190014d", roleName: "Azure Relay Listener", roleType: "BuiltInRole", }, { description: "Built-in Grafana Viewer role", roleDefinitionId: "60921a7e-fef1-4a43-9b16-a26c52ad4769", roleName: "Grafana Viewer", roleType: "BuiltInRole", }, { description: "Built-in Grafana Editor role", roleDefinitionId: "a79a5197-3a5c-4973-a920-486035ffd60f", roleName: "Grafana Editor", roleType: "BuiltInRole", }, { description: "Manage azure automation resources and other resources using azure automation.", roleDefinitionId: "f353d9bd-d4a6-484e-a77a-8050b599b867", roleName: "Automation Contributor", roleType: "BuiltInRole", }, { description: "Can create, update, get, list and delete Kubernetes Extensions, and get extension async operations", roleDefinitionId: "85cb6faf-e071-4c9b-8136-154b5a04f717", roleName: "Kubernetes Extension Contributor", roleType: "BuiltInRole", }, { description: "Allows for full read access to Device Provisioning Service data-plane properties.", roleDefinitionId: "10745317-c249-44a1-a5ce-3a4353c0bbd8", roleName: "Device Provisioning Service Data Reader", roleType: "BuiltInRole", }, { description: "Allows for full access to Device Provisioning Service data-plane operations.", roleDefinitionId: "dfce44e4-17b7-4bd1-a6d1-04996ec95633", roleName: "Device Provisioning Service Data Contributor", roleType: "BuiltInRole", }, { description: "Sign files with a certificate profile. This role is in preview and subject to change.", roleDefinitionId: "2837e146-70d7-4cfd-ad55-7efa6464f958", roleName: "CodeSigning Certificate Profile Signer", roleType: "BuiltInRole", }, { description: "Allow read access to Azure Spring Cloud Service Registry", roleDefinitionId: "cff1b556-2399-4e7e-856d-a8f754be7b65", roleName: "Azure Spring Cloud Service Registry Reader", roleType: "BuiltInRole", }, { description: "Allow read, write and delete access to Azure Spring Cloud Service Registry", roleDefinitionId: "f5880b48-c26d-48be-b172-7927bfa1c8f1", roleName: "Azure Spring Cloud Service Registry Contributor", roleType: "BuiltInRole", }, { description: "Allow read access to Azure Spring Cloud Config Server", roleDefinitionId: "d04c6db6-4947-4782-9e91-30a88feb7be7", roleName: "Azure Spring Cloud Config Server Reader", roleType: "BuiltInRole", }, { description: "Allow read, write and delete access to Azure Spring Cloud Config Server", roleDefinitionId: "a06f5c24-21a7-4e1a-aa2b-f19eb6684f5b", roleName: "Azure Spring Cloud Config Server Contributor", roleType: "BuiltInRole", }, { description: "Azure VM Managed identities restore Contributors are allowed to perform Azure VM Restores with managed identities both user and system", roleDefinitionId: "6ae96244-5829-4925-a7d3-5975537d91dd", roleName: "Azure VM Managed identities restore Contributor", roleType: "BuiltInRole", }, { description: "Grants access to very limited set of data APIs for common visual web SDK scenarios. Specifically, render and search data APIs.", roleDefinitionId: "6be48352-4f82-47c9-ad5e-0acacefdb005", roleName: "Azure Maps Search and Render Data Reader", roleType: "BuiltInRole", }, { description: "Grants access all Azure Maps resource management.", roleDefinitionId: "dba33070-676a-4fb0-87fa-064dc56ff7fb", roleName: "Azure Maps Contributor", roleType: "BuiltInRole", }, { description: "Arc VMware VM Contributor has permissions to perform all VM actions.", roleDefinitionId: "b748a06d-6150-4f8a-aaa9-ce3940cd96cb", roleName: "Azure Arc VMware VM Contributor", roleType: "BuiltInRole", }, { description: "Azure Arc VMware Private Cloud User has permissions to use the VMware cloud resources to deploy VMs.", roleDefinitionId: "ce551c02-7c42-47e0-9deb-e3b6fc3a9a83", roleName: "Azure Arc VMware Private Cloud User", roleType: "BuiltInRole", }, { description: "Arc VMware VM Contributor has permissions to perform all connected VMwarevSphere actions.", roleDefinitionId: "ddc140ed-e463-4246-9145-7c664192013f", roleName: "Azure Arc VMware Administrator role ", roleType: "BuiltInRole", }, { description: "Azure Arc VMware Private Clouds Onboarding role has permissions to provision all the required resources for onboard and deboard vCenter instances to Azure.", roleDefinitionId: "67d33e57-3129-45e6-bb0b-7cc522f762fa", roleName: "Azure Arc VMware Private Clouds Onboarding", roleType: "BuiltInRole", }, { description: " Has access to all Read, Test, Write, Deploy and Delete functions under LUIS", roleDefinitionId: "f72c8140-2111-481c-87ff-72b910f6e3f8", roleName: "Cognitive Services LUIS Owner", roleType: "BuiltInRole", }, { description: "Has access to Read and Test functions under Language portal", roleDefinitionId: "7628b7b8-a8b2-4cdc-b46f-e9b35248918e", roleName: "Cognitive Services Language Reader", roleType: "BuiltInRole", }, { description: " Has access to all Read, Test, and Write functions under Language Portal", roleDefinitionId: "f2310ca1-dc64-4889-bb49-c8e0fa3d47a8", roleName: "Cognitive Services Language Writer", roleType: "BuiltInRole", }, { description: "Has access to all Read, Test, Write, Deploy and Delete functions under Language portal", roleDefinitionId: "f07febfe-79bc-46b1-8b37-790e26e6e498", roleName: "Cognitive Services Language Owner", roleType: "BuiltInRole", }, { description: "Has access to Read and Test functions under LUIS.", roleDefinitionId: "18e81cdc-4e98-4e29-a639-e7d10c5a6226", roleName: "Cognitive Services LUIS Reader", roleType: "BuiltInRole", }, { description: "Has access to all Read, Test, and Write functions under LUIS", roleDefinitionId: "6322a993-d5c9-4bed-b113-e49bbea25b27", roleName: "Cognitive Services LUIS Writer", roleType: "BuiltInRole", }, { description: "Provides read access to PlayFab resources", roleDefinitionId: "a9a19cc5-31f4-447c-901f-56c0bb18fcaf", roleName: "PlayFab Reader", roleType: "BuiltInRole", }, { description: "View, create, update, delete and execute load tests. View and list load test resources but can not make any changes.", roleDefinitionId: "749a398d-560b-491b-bb21-08924219302e", roleName: "Load Test Contributor", roleType: "BuiltInRole", }, { description: "Execute all operations on load test resources and load tests", roleDefinitionId: "45bb0b16-2f0c-4e78-afaa-a07599b003f6", roleName: "Load Test Owner", roleType: "BuiltInRole", }, { description: "Provides contributor access to PlayFab resources", roleDefinitionId: "0c8b84dc-067c-4039-9615-fa1a4b77c726", roleName: "PlayFab Contributor", roleType: "BuiltInRole", }, { description: "View and list all load tests and load test resources but can not make any changes", roleDefinitionId: "3ae3fb29-0000-4ccd-bf80-542e7b26e081", roleName: "Load Test Reader", roleType: "BuiltInRole", }, { description: "Provides access to create Immersive Reader sessions and call APIs", roleDefinitionId: "b2de6794-95db-4659-8781-7e080d3f2b9d", roleName: "Cognitive Services Immersive Reader User", roleType: "BuiltInRole", }, { description: "The lab services contributor role", roleDefinitionId: "f69b8690-cc87-41d6-b77a-a4bc3c0a966f", roleName: "Lab Services Contributor", roleType: "BuiltInRole", }, { description: "The lab services reader role", roleDefinitionId: "2a5c394f-5eb7-4d4f-9c8e-e8eae39faebc", roleName: "Lab Services Reader", roleType: "BuiltInRole", }, { description: "The lab assistant role", roleDefinitionId: "ce40b423-cede-4313-a93f-9b28290b72e1", roleName: "Lab Assistant", roleType: "BuiltInRole", }, { description: "The lab operator role", roleDefinitionId: "a36e6959-b6be-4b12-8e9f-ef4b474d304d", roleName: "Lab Operator", roleType: "BuiltInRole", }, { description: "The lab contributor role", roleDefinitionId: "5daaa2af-1fe8-407c-9122-bba179798270", roleName: "Lab Contributor", roleType: "BuiltInRole", }, { description: "Lets you view everything under your HPC Workbench chamber, but not make any changes.", roleDefinitionId: "4447db05-44ed-4da3-ae60-6cbece780e32", roleName: "Chamber User", roleType: "BuiltInRole", }, { description: "Lets you manage everything under your HPC Workbench chamber.", roleDefinitionId: "4e9b8407-af2e-495b-ae54-bb60a55b1b5a", roleName: "Chamber Admin", roleType: "BuiltInRole", }, { description: "Let's you manage the OS of your resource via Windows Admin Center as an administrator.", roleDefinitionId: "a6333a3e-0164-44c3-b281-7a577aff287f", roleName: "Windows Admin Center Administrator Login", roleType: "BuiltInRole", }, { description: "Lets you read, write Guest Configuration Resource.", roleDefinitionId: "088ab73d-1256-47ae-bea9-9de8e7131f31", roleName: "Guest Configuration Resource Contributor", roleType: "BuiltInRole", }, { description: "Deploy the Azure Policy add-on on Azure Kubernetes Service clusters", roleDefinitionId: "18ed5180-3e48-46fd-8541-4ea054d57064", roleName: "Azure Kubernetes Service Policy Add-on Deployment", roleType: "BuiltInRole", }, { description: "Can view Azure AD Domain Services and related network configurations", roleDefinitionId: "361898ef-9ed1-48c2-849c-a832951106bb", roleName: "Domain Services Reader", roleType: "BuiltInRole", }, { description: "Can manage Azure AD Domain Services and related network configurations", roleDefinitionId: "eeaeda52-9324-47f6-8069-5d5bade478b2", roleName: "Domain Services Contributor", roleType: "BuiltInRole", }, { description: "Lets you manage DNS resolver resources.", roleDefinitionId: "0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d", roleName: "DNS Resolver Contributor", roleType: "BuiltInRole", }, { description: "Provides permissions to upload data to empty managed disks, read, or export data of managed disks (not attached to running VMs) and snapshots using SAS URIs and Azure AD authentication.", roleDefinitionId: "959f8984-c045-4866-89c7-12bf9737be2e", roleName: "Data Operator for Managed Disks", roleType: "BuiltInRole", }, { description: "Provides contribute access to manage sensor related entities in AgFood Platform Service", roleDefinitionId: "6b77f0a0-0d89-41cc-acd1-579c22c17a67", roleName: "AgFood Platform Sensor Partner Contributor", roleType: "BuiltInRole", }, { description: "This role allows user to share gallery to another subscription/tenant or share it to the public.", roleDefinitionId: "1ef6a3be-d0ac-425d-8c01-acb62866290b", roleName: "Compute Gallery Sharing Admin", roleType: "BuiltInRole", }, { description: "Provides access to manage maintenance configurations with maintenance scope InGuestPatch and corresponding configuration assignments", roleDefinitionId: "cd08ab90-6b14-449c-ad9a-8f8e549482c6", roleName: "Scheduled Patching Contributor", roleType: "BuiltInRole", }, { description: "Provides access to create and manage dev boxes.", roleDefinitionId: "45d50f46-0b78-4001-a660-4198cbe8cd05", roleName: "DevCenter Dev Box User", roleType: "BuiltInRole", }, { description: "Provides access to manage project resources.", roleDefinitionId: "331c37c6-af14-46d9-b9f4-e1909e1b95a0", roleName: "DevCenter Project Admin", roleType: "BuiltInRole", }, { description: "View Virtual Machines in the portal and login as a local user configured on the arc server", roleDefinitionId: "602da2ba-a5c2-41da-b01d-5360126ab525", roleName: "Virtual Machine Local User Login", roleType: "BuiltInRole", }, { description: "Arc ScVmm VM Contributor has permissions to perform all VM actions.", roleDefinitionId: "e582369a-e17b-42a5-b10c-874c387c530b", roleName: "Azure Arc ScVmm VM Contributor", roleType: "BuiltInRole", }, { description: "Azure Arc ScVmm Private Clouds Onboarding role has permissions to provision all the required resources for onboard and deboard vmm server instances to Azure.", roleDefinitionId: "6aac74c4-6311-40d2-bbdd-7d01e7c6e3a9", roleName: "Azure Arc ScVmm Private Clouds Onboarding", roleType: "BuiltInRole", }, { description: "Azure Arc ScVmm Private Cloud User has permissions to use the ScVmm resources to deploy VMs.", roleDefinitionId: "c0781e91-8102-4553-8951-97c6d4243cda", roleName: "Azure Arc ScVmm Private Cloud User", roleType: "BuiltInRole", }, { description: "Arc ScVmm VM Administrator has permissions to perform all ScVmm actions.", roleDefinitionId: "a92dfd61-77f9-4aec-a531-19858b406c87", roleName: "Azure Arc ScVmm Administrator role", roleType: "BuiltInRole", }, { description: "Role allows user or principal to read and import FHIR Data", roleDefinitionId: "4465e953-8ced-4406-a58e-0f6e3f3b530b", roleName: "FHIR Data Importer", roleType: "BuiltInRole", }, { description: "Can customize the developer portal, edit its content, and publish it.", roleDefinitionId: "c031e6a8-4391-4de0-8d69-4706a7ed3729", roleName: "API Management Developer Portal Content Editor", roleType: "BuiltInRole", }, { description: "Role that provides access to disk snapshot for security analysis.", roleDefinitionId: "d24ecba3-c1f4-40fa-a7bb-4588a071e8fd", roleName: "VM Scanner Operator", roleType: "BuiltInRole", }, { description: "Allows for full access to all resources under Azure Elastic SAN including changing network security policies to unblock data path access", roleDefinitionId: "80dcbedb-47ef-405d-95bd-188a1b4ac406", roleName: "Elastic SAN Owner", roleType: "BuiltInRole", }, { description: "Allows for control path read access to Azure Elastic SAN", roleDefinitionId: "af6a70f8-3c9f-4105-acf1-d719e9fca4ca", roleName: "Elastic SAN Reader", roleType: "BuiltInRole", }, { description: "This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to start virtual machines.", roleDefinitionId: "489581de-a3bd-480d-9518-53dea7416b33", roleName: "Desktop Virtualization Power On Contributor", roleType: "BuiltInRole", }, { description: "This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to create, delete, update, start, and stop virtual machines.", roleDefinitionId: "a959dbd1-f747-45e3-8ba6-dd80f235f97c", roleName: "Desktop Virtualization Virtual Machine Contributor", roleType: "BuiltInRole", }, { description: "This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to start and stop virtual machines.", roleDefinitionId: "40c5ff49-9181-41f8-ae61-143b0e78555e", roleName: "Desktop Virtualization Power On Off Contributor", roleType: "BuiltInRole", }, { description: "Allows for full access to a volume group in Azure Elastic SAN including changing network security policies to unblock data path access", roleDefinitionId: "a8281131-f312-4f34-8d98-ae12be9f0d23", roleName: "Elastic SAN Volume Group Owner", roleType: "BuiltInRole", }, { description: "Lets you grant Access Review System app permissions to discover and revoke access as needed by the access review process.", roleDefinitionId: "76cc9ee4-d5d3-4a45-a930-26add3d73475", roleName: "Access Review Operator Service Role", roleType: "BuiltInRole", }, { description: "Manage identity or business verification requests. This role is in preview and subject to change.", roleDefinitionId: "4339b7cf-9826-4e41-b4ed-c7f4505dac08", roleName: "Code Signing Identity Verifier", roleType: "BuiltInRole", }, { description: "Has access to view and search through all video's insights and transcription in the Video Indexer portal. No access to model customization, embedding of widget, downloading videos, or sharing the account.", roleDefinitionId: "a2c4a527-7dc0-4ee3-897b-403ade70fafb", roleName: "Video Indexer Restricted Viewer", roleType: "BuiltInRole", }, { description: "Can read all monitoring data.", roleDefinitionId: "b0d8363b-8ddd-447d-831f-62ca05bff136", roleName: "Monitoring Data Reader", roleType: "BuiltInRole", }, { description: "Grants access to read and write Azure Kubernetes Fleet Manager clusters", roleDefinitionId: "63bb64ad-9799-4770-b5c3-24ed299a07bf", roleName: "Azure Kubernetes Fleet Manager Contributor Role", roleType: "BuiltInRole", }, { description: "Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces.", roleDefinitionId: "5af6afb3-c06c-4fa4-8848-71a8aee05683", roleName: "Azure Kubernetes Fleet Manager RBAC Writer", roleType: "BuiltInRole", }, { description: "This role grants admin access - provides write permissions on most objects within a a namespace, with the exception of ResourceQuota object and the namespace object itself. Applying this role at cluster scope will give access across all namespaces.", roleDefinitionId: "434fb43a-c01c-447e-9f67-c3ad923cfaba", roleName: "Azure Kubernetes Fleet Manager RBAC Admin", roleType: "BuiltInRole", }, { description: "Lets you manage all resources in the fleet manager cluster.", roleDefinitionId: "18ab4d3d-a1bf-4477-8ad9-8359bc988f69", roleName: "Azure Kubernetes Fleet Manager RBAC Cluster Admin", roleType: "BuiltInRole", }, { description: "Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces.", roleDefinitionId: "30b27cfc-9c84-438e-b0ce-70e35255df80", roleName: "Azure Kubernetes Fleet Manager RBAC Reader", roleType: "BuiltInRole", }, { description: "Allows a user to read namespace resources and retrieve kubeconfig for the cluster", roleDefinitionId: "ba79058c-0414-4a34-9e42-c3399d80cd5a", roleName: "Kubernetes Namespace User", roleType: "BuiltInRole", }, { description: "Can label data in Labeling.", roleDefinitionId: "c6decf44-fd0a-444c-a844-d653c394e7ab", roleName: "Data Labeling - Labeler", roleType: "BuiltInRole", }, { description: "Manage access to Azure resources by assigning roles using Azure RBAC. This role does not allow you to manage access using other ways, such as Azure Policy.", roleDefinitionId: "f58310d9-a9f6-439a-9e8d-f62e7b41a168", roleName: "Role Based Access Control Administrator (Preview)", roleType: "BuiltInRole", }, { description: "Allows read access to Template Specs at the assigned scope.", roleDefinitionId: "392ae280-861d-42bd-9ea5-08ee6d83b80e", roleName: "Template Spec Reader", roleType: "BuiltInRole", }, { description: "Allows full access to Template Spec operations at the assigned scope.", roleDefinitionId: "1c9b6475-caf0-4164-b5a1-2142a7116f4b", roleName: "Template Spec Contributor", roleType: "BuiltInRole", }, ];