Microsoft.Authorization roleDefinitions

11/16/2020
2 minutes to read

Template format

To create a Microsoft.Authorization/roleDefinitions resource, add the following JSON to the resources section of your template.

JSON
Bicep

{
  "name": "string",
  "type": "Microsoft.Authorization/roleDefinitions",
  "apiVersion": "2018-01-01-preview",
  "scope": "string",
  "properties": {
    "roleName": "string",
    "description": "string",
    "type": "string",
    "permissions": [
      {
        "actions": [
          "string"
        ],
        "notActions": [
          "string"
        ],
        "dataActions": [
          "string"
        ],
        "notDataActions": [
          "string"
        ]
      }
    ],
    "assignableScopes": [
      "string"
    ]
  }
}

Bicep is currently in preview. For more information, see Project Bicep.

resource symbolicname 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' = {
  name: 'string'
  scope: 'string'
  properties: {
    roleName: 'string'
    description: 'string'
    type: 'string'
    permissions: [
      {
        actions: [
          'string'
        ]
        notActions: [
          'string'
        ]
        dataActions: [
          'string'
        ]
        notDataActions: [
          'string'
        ]
      }
    ]
    assignableScopes: [
      'string'
    ]
  }
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Authorization/roleDefinitions object

Note

In Bicep, type and apiVersion are specified in the first line of the resource declaration. Use the format <type>@<apiVersion>. Don't set those properties in the resource body.

Name	Type	Required	Value
name	string	Yes	The ID of the role definition.
type	enum	Yes	For JSON - Microsoft.Authorization/roleDefinitions
apiVersion	enum	Yes	For JSON - 2018-01-01-preview
scope	string	No	Use when specifying a scope that is different than the deployment scope. See Setting scope for extension resources in ARM templates.
properties	object	Yes	Role definition properties. - RoleDefinitionProperties object

RoleDefinitionProperties object

Name	Type	Required	Value
roleName	string	No	The role name.
description	string	No	The role definition description.
type	string	No	The role type.
permissions	array	No	Role definition permissions. - Permission object
assignableScopes	array	No	Role definition assignable scopes. - string

Permission object

Name	Type	Required	Value
actions	array	No	Allowed actions. - string
notActions	array	No	Denied actions. - string
dataActions	array	No	Allowed Data actions. - string
notDataActions	array	No	Denied Data actions. - string

Quickstart templates

The following quickstart templates deploy this resource type.

Template	Description
Create a new role def via a subscription level deployment	This template is a subscription level template that will create a role definition at subscription scope. Currently, this template cannot be deployed via the Azure Portal.