AzRoleAdvertizer

last sync: 2024-Nov-25 18:54:42 UTC

Service Group Administrator

Azure BuiltIn RBAC Role definition

NameService Group Administrator
Id4e50c84c-c78e-4e37-b47e-e60ffea0a775
DescriptionRole Definition for administrator of a Service Group
CreatedOn2024-10-17 18:32:17 UTC
UpdatedOn2024-10-17 18:32:17 UTC
History
Date/Time (UTC ymd) (i) Change Change detail
2024-10-18 17:51:46 add: Role 4e50c84c-c78e-4e37-b47e-e60ffea0a775
Permissions summary Effective control plane and data plane operations: 16170 (unique operations)
•: 1
•action: 3633
•delete: 2490
•read: 6963
•write: 3083

Actions: 3
Resolved control plane operations from Actions: 16172
Effective control plane operations: 16170
•: 1
•action: 3633
•delete: 2490
•read: 6963
•write: 3083

NotActions: 2
Resolved control plane operations from NotActions: 2
Effective denied control plane operations: 2

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3303
Actions
Operation Description
*wildcarded / no description
Microsoft.Authorization/roleAssignments/delete conditionedDelete a role assignment at the specified scope.
Microsoft.Authorization/roleAssignments/write conditionedCreate a role assignment at the specified scope.
NotActions
Operation Description
Microsoft.Authorization/roleAssignments/deleteDelete a role assignment at the specified scope.
Microsoft.Authorization/roleAssignments/writeCreate a role assignment at the specified scope.
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy		 none
JSON
api-version=2023-07-01-preview
Condition
    
    (
        (
            !
            (
                ActionMatches {
                'Microsoft.Authorization/roleAssignments/write'
                }
            )
        )
        OR
        (
            @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
            4e50c84c-c78e-4e37-b47e-e60ffea0a775 (Service Group Administrator),
            32e6a4ec-6095-4e37-b54b-12aa350ba81f (Service Group Contributor)
            }
        )
    )
    AND
    (
        (
            !
            (
                ActionMatches {
                'Microsoft.Authorization/roleAssignments/delete'
                }
            )
        )
        OR
        (
            @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
            4e50c84c-c78e-4e37-b47e-e60ffea0a775 (Service Group Administrator),
            32e6a4ec-6095-4e37-b54b-12aa350ba81f (Service Group Contributor)
            }
        )
    )