Microsoft.Authorization roleDefinitions
Remarks
For guidance on creating role assignments and definitions, see Create Azure RBAC resources by using Bicep.
Bicep resource definition
The roleDefinitions resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/roleDefinitions resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Authorization/roleDefinitions@2022-05-01-preview' = {
scope: resourceSymbolicName or scope
name: 'string'
properties: {
assignableScopes: [
'string'
]
description: 'string'
permissions: [
{
actions: [
'string'
]
dataActions: [
'string'
]
notActions: [
'string'
]
notDataActions: [
'string'
]
}
]
roleName: 'string'
type: 'string'
}
}
Property values
Microsoft.Authorization/roleDefinitions
Name | Description | Value |
---|---|---|
name | The resource name | string (required) |
properties | Role definition properties. | RoleDefinitionProperties |
scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the extension resource. |
Permission
Name | Description | Value |
---|---|---|
actions | Allowed actions. | string[] |
dataActions | Allowed Data actions. | string[] |
notActions | Denied actions. | string[] |
notDataActions | Denied Data actions. | string[] |
RoleDefinitionProperties
Name | Description | Value |
---|---|---|
assignableScopes | Role definition assignable scopes. | string[] |
description | The role definition description. | string |
permissions | Role definition permissions. | Permission[] |
roleName | The role name. | string |
type | The role type. | string |
Quickstart samples
The following quickstart samples deploy this resource type.
Bicep File | Description |
---|---|
Azure Image Builder with Azure Windows Baseline | Creates an Azure Image Builder environment and builds a Windows Server image with the latest Windows Updates and Azure Windows Baseline applied. |
Configure Dev Box service | This template would create all Dev Box admin resources as per Dev Box quick start guide (/azure/dev-box/quickstart-create-dev-box). You can view all resources created, or directly go to DevPortal.microsoft.com to create your first Dev Box. |
Create a new role def via a subscription level deployment | This template is a subscription level template that will create a role definition at subscription scope. |
ARM template resource definition
The roleDefinitions resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/roleDefinitions resource, add the following JSON to your template.
{
"type": "Microsoft.Authorization/roleDefinitions",
"apiVersion": "2022-05-01-preview",
"name": "string",
"properties": {
"assignableScopes": [ "string" ],
"description": "string",
"permissions": [
{
"actions": [ "string" ],
"dataActions": [ "string" ],
"notActions": [ "string" ],
"notDataActions": [ "string" ]
}
],
"roleName": "string",
"type": "string"
}
}
Property values
Microsoft.Authorization/roleDefinitions
Name | Description | Value |
---|---|---|
apiVersion | The api version | '2022-05-01-preview' |
name | The resource name | string (required) |
properties | Role definition properties. | RoleDefinitionProperties |
type | The resource type | 'Microsoft.Authorization/roleDefinitions' |
Permission
Name | Description | Value |
---|---|---|
actions | Allowed actions. | string[] |
dataActions | Allowed Data actions. | string[] |
notActions | Denied actions. | string[] |
notDataActions | Denied Data actions. | string[] |
RoleDefinitionProperties
Name | Description | Value |
---|---|---|
assignableScopes | Role definition assignable scopes. | string[] |
description | The role definition description. | string |
permissions | Role definition permissions. | Permission[] |
roleName | The role name. | string |
type | The role type. | string |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Azure Image Builder with Azure Windows Baseline |
Creates an Azure Image Builder environment and builds a Windows Server image with the latest Windows Updates and Azure Windows Baseline applied. |
Configure Dev Box service |
This template would create all Dev Box admin resources as per Dev Box quick start guide (/azure/dev-box/quickstart-create-dev-box). You can view all resources created, or directly go to DevPortal.microsoft.com to create your first Dev Box. |
Create a new role def via a subscription level deployment |
This template is a subscription level template that will create a role definition at subscription scope. |
Deploy a Storage Account for SAP ILM Store |
The Microsoft Azure Storage Account can now be used as a ILM Store to persist the Archive files and attachments from an SAP ILM system. An ILM Store is a component which fulfills the requirements of SAP ILM compliant storage systems. One can store archive files in a storage media using WebDAV interface standards while making use of SAP ILM Retention Management rules. For more information about SAP ILM Store, refer to the <a href='https://www.sap.com'> SAP Help Portal </a>. |
Deploy Darktrace Autoscaling vSensors |
This template allows you to deploy an automatically autoscaling deployment of Darktrace vSensors |
IBM Cloud Pak for Data on Azure |
This template deploys an Openshift cluster on Azure with all the required resources, infrastructure and then deploys IBM Cloud Pak for Data along with the add-ons that user chooses. |
Terraform (AzAPI provider) resource definition
The roleDefinitions resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/roleDefinitions resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Authorization/roleDefinitions@2022-05-01-preview"
name = "string"
parent_id = "string"
body = jsonencode({
properties = {
assignableScopes = [
"string"
]
description = "string"
permissions = [
{
actions = [
"string"
]
dataActions = [
"string"
]
notActions = [
"string"
]
notDataActions = [
"string"
]
}
]
roleName = "string"
type = "string"
}
})
}
Property values
Microsoft.Authorization/roleDefinitions
Name | Description | Value |
---|---|---|
name | The resource name | string (required) |
parent_id | The ID of the resource to apply this extension resource to. | string (required) |
properties | Role definition properties. | RoleDefinitionProperties |
type | The resource type | "Microsoft.Authorization/roleDefinitions@2022-05-01-preview" |
Permission
Name | Description | Value |
---|---|---|
actions | Allowed actions. | string[] |
dataActions | Allowed Data actions. | string[] |
notActions | Denied actions. | string[] |
notDataActions | Denied Data actions. | string[] |
RoleDefinitionProperties
Name | Description | Value |
---|---|---|
assignableScopes | Role definition assignable scopes. | string[] |
description | The role definition description. | string |
permissions | Role definition permissions. | Permission[] |
roleName | The role name. | string |
type | The role type. | string |