Microsoft.Authorization roleDefinitions
The roleDefinitions resource type is an extension resource, which means you can apply it to another resource.
Use the scope property on this resource to set the scope for this resource.
- For Bicep, see Set scope on extension resources in Bicep.
- For JSON, see Set scope on extension resources in ARM templates.
Valid deployment scopes for the roleDefinitions resource are:
- Management Group
- Subscription
- Resource Group
Remarks
For guidance on creating role assignments and definitions, see Create Azure RBAC resources by using Bicep.
Template format
To create a Microsoft.Authorization/roleDefinitions resource, add the following Bicep or JSON to your template.
resource symbolicname 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = {
name: 'string'
scope: resourceSymbolicName
properties: {
assignableScopes: [
'string'
]
description: 'string'
permissions: [
{
actions: [
'string'
]
dataActions: [
'string'
]
notActions: [
'string'
]
notDataActions: [
'string'
]
}
]
roleName: 'string'
type: 'string'
}
}
Property values
roleDefinitions
| Name | Description | Value |
|---|---|---|
| type | The resource type For Bicep, set this value in the resource declaration. |
'Microsoft.Authorization/roleDefinitions' |
| apiVersion | The resource api version For Bicep, set this value in the resource declaration. |
'2018-01-01-preview' |
| name | The resource name | string (required) Character limit: 36 Valid characters: Must be a globally unique identifier (GUID). Resource name must be unique across tenant. |
| scope | Use when creating an extension resource at a scope that is different than the deployment scope. | Target resource For Bicep, set this property to the symbolic name of the resource to apply the extension resource. For JSON, set the value to the full name of the resource to apply the extension resource to. |
| properties | Role definition properties. | RoleDefinitionProperties |
RoleDefinitionProperties
| Name | Description | Value |
|---|---|---|
| assignableScopes | Role definition assignable scopes. | string[] |
| description | The role definition description. | string |
| permissions | Role definition permissions. | Permission[] |
| roleName | The role name. | string |
| type | The role type. | string |
Permission
| Name | Description | Value |
|---|---|---|
| actions | Allowed actions. | string[] |
| dataActions | Allowed Data actions. | string[] |
| notActions | Denied actions. | string[] |
| notDataActions | Denied Data actions. | string[] |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
IBM Cloud Pak for Data on Azure |
This template deploys an Openshift cluster on Azure with all the required resources, infrastructure and then deploys IBM Cloud Pak for Data along with the add-ons that user chooses. |
| Deploy a Storage Account for SAP ILM Store |
The Microsoft Azure Storage Account can now be used as a ILM Store to persist the Archive files and attachments from an SAP ILM system. An ILM Store is a component which fulfills the requirements of SAP ILM compliant storage systems. One can store archive files in a storage media using WebDAV interface standards while making use of SAP ILM Retention Management rules. For more information about SAP ILM Store, refer to the SAP Help Portal . |
| Azure Image Builder with Azure Windows Baseline. |
Creates an Azure Image Builder environment and builds a Windows Server image with the latest Windows Updates and Azure Windows Baseline applied. |
| Create a new role def via a subscription level deployment |
This template is a subscription level template that will create a role definition at subscription scope. |