AzRoleAdvertizer

last sync: 2024-Nov-25 18:54:42 UTC

AVS Orchestrator Role

Azure BuiltIn RBAC Role definition

Name

AVS Orchestrator Role

d715fb95-a0f0-4f1c-8be6-5ad2d2767f67

Description

Custom role for AVS to manage customer resources used for AVS scenarios.

CreatedOn

2024-08-27 15:13:33 UTC

UpdatedOn

2024-08-27 15:13:33 UTC

History

Date/Time (UTC ymd) (i)	Change	Change detail
2024-10-04 17:51:49	add: Role	d715fb95-a0f0-4f1c-8be6-5ad2d2767f67

Permissions summary

Effective control plane and data plane operations: 55 (unique operations)
•action: 7
•delete: 13
•read: 20
•write: 15

Actions: 57
Resolved control plane operations from Actions: 55
Effective control plane operations: 55
•action: 7
•delete: 13
•read: 20
•write: 15

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16117

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3303

Actions

Operation	Description
Microsoft.Authorization/roleAssignments/delete conditioned	Delete a role assignment at the specified scope.
Microsoft.Authorization/roleAssignments/read	Get information about a role assignment.
Microsoft.Network/locations/operationResults/read	Gets operation result of an async POST or DELETE operation
Microsoft.Network/locations/operations/read	Gets operation resource that represents status of an asynchronous operation
Microsoft.Network/networkIntentPolicies/delete	Deletes an Network Intent Policy
Microsoft.Network/networkIntentPolicies/read	Gets an Network Intent Policy Description
Microsoft.Network/networkIntentPolicies/write	Creates an Network Intent Policy or updates an existing Network Intent Policy
Microsoft.Network/networkInterfaces/delete	Deletes a network interface
Microsoft.Network/networkInterfaces/join/action	Joins a Virtual Machine to a network interface. Not Alertable.
Microsoft.Network/networkInterfaces/read	Gets a network interface definition.
Microsoft.Network/networkInterfaces/write	Creates a network interface or updates an existing network interface.
Microsoft.Network/networkSecurityGroups/delete	Deletes a network security group
Microsoft.Network/networkSecurityGroups/join/action	Joins a network security group. Not Alertable.
Microsoft.Network/networkSecurityGroups/read	Gets a network security group definition
Microsoft.Network/networkSecurityGroups/securityRules/delete	Deletes a security rule
Microsoft.Network/networkSecurityGroups/securityRules/read	Gets a security rule definition
Microsoft.Network/networkSecurityGroups/securityRules/read	Gets a security rule definition
Microsoft.Network/networkSecurityGroups/securityRules/write	Creates a security rule or updates an existing security rule
Microsoft.Network/networkSecurityGroups/write	Creates a network security group or updates an existing network security group
Microsoft.Network/publicIPAddresses/delete	Deletes a public Ip address.
Microsoft.Network/publicIPAddresses/read	Gets a public ip address definition.
Microsoft.Network/publicIPAddresses/write	Creates a public Ip address or updates an existing public Ip address.
Microsoft.Network/routeTables/delete	Deletes a route table definition
Microsoft.Network/routeTables/join/action	Joins a route table. Not Alertable.
Microsoft.Network/routeTables/read	Gets a route table definition
Microsoft.Network/routeTables/routes/delete	Deletes a route definition
Microsoft.Network/routeTables/routes/read	Gets a route definition
Microsoft.Network/routeTables/routes/write	Creates a route or Updates an existing route
Microsoft.Network/routeTables/write	Creates a route table or Updates an existing rotue table
Microsoft.Network/virtualHubs/bgpConnections/read	Gets a Hub Bgp Connection child resource of Virtual Hub
Microsoft.Network/virtualHubs/bgpConnections/write	Creates or Updates a Hub Bgp Connection child resource of Virtual Hub
Microsoft.Network/virtualHubs/delete	Deletes a Virtual Hub
Microsoft.Network/virtualHubs/ipConfigurations/read	Gets a Hub IpConfiguration child resource of Virtual Hub
Microsoft.Network/virtualHubs/ipConfigurations/write	Creates or Updates a Hub IpConfiguration child resource of Virtual Hub
Microsoft.Network/virtualHubs/write	Create or update a Virtual Hub
Microsoft.Network/virtualNetworks/peer/action	Peers a virtual network with another virtual network
Microsoft.Network/virtualNetworks/read	Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/delete	Deletes a virtual network subnet
Microsoft.Network/virtualNetworks/subnets/join/action	Joins a virtual network. Not Alertable.
Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action	Prepares a subnet by applying necessary Network Policies
Microsoft.Network/virtualNetworks/subnets/read	Gets a virtual network subnet definition
Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/delete	no description given
Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/delete	no description given
Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/read	no description given
Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/write	no description given
Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action	Unprepare a subnet by removing the applied Network Policies
Microsoft.Network/virtualNetworks/subnets/write	Creates a virtual network subnet or updates an existing virtual network subnet
Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete	Deletes a virtual network peering
Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read	Gets a virtual network peering definition
Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write	Creates a virtual network peering or updates an existing virtual network peering
Microsoft.Network/virtualNetworks/write	Creates a virtual network or updates an existing virtual network
Microsoft.Resources/deployments/delete	Loscht eine Bereitstellung.
Microsoft.Resources/deployments/operations/read	Ruft Bereitstellungsvorgange ab oder listet diese auf.
Microsoft.Resources/deployments/operationStatuses/read	Ruft den Status des Bereitstellungsvorgangs ab oder zeigt ihn an.
Microsoft.Resources/deployments/read	Ruft Bereitstellungen ab oder listet diese auf.
Microsoft.Resources/deployments/write	Erstellt oder aktualisiert eine Bereitstellung.
Microsoft.Resources/subscriptions/resourcegroups/read	Ruft Ressourcengruppen ab oder listet diese auf.

NotActions

n/a

DataActions

n/a

NotDataActions

n/a

Used in
BuiltIn Policy

none

JSON

api-version=2023-07-01-preview

Condition

    (
        !
        (
            ActionMatches {
            'Microsoft.Authorization/roleAssignments/delete'
            }
        )
    )
    OR@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
    d715fb95-a0f0-4f1c-8be6-5ad2d2767f67 (AVS Orchestrator Role),
    4d97b98b-1d4f-4787-a291-c67834d212e7 (Network Contributor)
    }