AzRoleAdvertizer

last sync: 2024-Sep-19 17:51:49 UTC

Savings plan Administrator

Azure BuiltIn RBAC Role definition

Name

Savings plan Administrator

182a574c-b3c6-4acc-b019-48ae44cd4677

Description

Lets you read, manage savings plans and delegate savings plan-related roles

CreatedOn

2024-03-18 15:10:34 UTC

UpdatedOn

2024-04-23 15:07:34 UTC

History

Date/Time (UTC ymd) (i)	Change	Change detail
2024-04-23 15:07:34	change: Description, Actions	New Description: 'Lets you read, manage savings plans and delegate savings plan-related roles' Old Description: 'Lets one read and manage all the savings plans in a tenant', Actions: 'add Microsoft.Authorization/roleAssignments/write; add Microsoft.Authorization/roleAssignments/delete'
2024-03-18 18:48:33	add: Role	182a574c-b3c6-4acc-b019-48ae44cd4677

Permissions summary

Effective control plane and data plane operations: 9 (unique operations)
•action: 1
•delete: 1
•read: 4
•write: 3

Actions: 10
Resolved control plane operations from Actions: 9
Effective control plane operations: 9
•action: 1
•delete: 1
•read: 4
•write: 3

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 15786

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3259

Actions

Operation	Description
Microsoft.Authorization/roleAssignments/delete conditioned	Delete a role assignment at the specified scope.
Microsoft.Authorization/roleAssignments/read	Get information about a role assignment.
Microsoft.Authorization/roleAssignments/write conditioned	Create a role assignment at the specified scope.
Microsoft.Authorization/roleDefinitions/read	Get information about a role definition.
Microsoft.BillingBenefits/savingsPlanOrders/*/action	wildcarded / no description
Microsoft.BillingBenefits/savingsPlanOrders/action	Update a Savings plan order
Microsoft.BillingBenefits/savingsPlanOrders/read	Read all savings plan orders
Microsoft.BillingBenefits/savingsPlanOrders/savingsPlans/read	Read All SavingsPlans
Microsoft.BillingBenefits/savingsPlanOrders/savingsPlans/write	Patch an existing Savings plan
Microsoft.BillingBenefits/savingsPlanOrders/write	Create a savings plan orders

NotActions

n/a

DataActions

n/a

NotDataActions

n/a

Used in
BuiltIn Policy

none

JSON

api-version=2023-07-01-preview

Condition

    (
        (
            !
            (
                ActionMatches {
                'Microsoft.Authorization/roleAssignments/write'
                }
            )
        )
        OR
        (
            @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
            182a574c-b3c6-4acc-b019-48ae44cd4677 (Savings plan Administrator),
            d534ad90-4ac5-4815-a178-b2e47397baab (Savings plan Reader),
            28c0d4cd-558d-4de9-91a0-faa18e7b3266 (Savings plan Contributor)
            }
        )
    )
    AND
    (
        (
            !
            (
                ActionMatches {
                'Microsoft.Authorization/roleAssignments/delete'
                }
            )
        )
        OR
        (
            @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
            182a574c-b3c6-4acc-b019-48ae44cd4677 (Savings plan Administrator),
            d534ad90-4ac5-4815-a178-b2e47397baab (Savings plan Reader),
            28c0d4cd-558d-4de9-91a0-faa18e7b3266 (Savings plan Contributor)
            }
        )
    )