Microsoft.Authorization roleDefinitions

Bicep resource definition

The roleDefinitions resource type is an extension resource, which means you can apply it to another resource.

Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in Bicep.

Valid deployment scopes for the roleDefinitions resource are:

  • Management Group
  • Subscription
  • Resource Group

For a list of changed properties in each API version, see change log.

Remarks

For guidance on creating role assignments and definitions, see Create Azure RBAC resources by using Bicep.

Resource format

To create a Microsoft.Authorization/roleDefinitions resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Authorization/roleDefinitions@2022-04-01' = {
  name: 'string'
  scope: resourceSymbolicName
  properties: {
    assignableScopes: [
      'string'
    ]
    description: 'string'
    permissions: [
      {
        actions: [
          'string'
        ]
        dataActions: [
          'string'
        ]
        notActions: [
          'string'
        ]
        notDataActions: [
          'string'
        ]
      }
    ]
    roleName: 'string'
    type: 'string'
  }
}

Property values

roleDefinitions

Name Description Value
name The resource name string (required)

Character limit: 36

Valid characters:
Must be a globally unique identifier (GUID).

Resource name must be unique across tenant.
scope Use when creating an extension resource at a scope that is different than the deployment scope. Target resource

For Bicep, set this property to the symbolic name of the resource to apply the extension resource.
properties Role definition properties. RoleDefinitionProperties

RoleDefinitionProperties

Name Description Value
assignableScopes Role definition assignable scopes. string[]
description The role definition description. string
permissions Role definition permissions. Permission[]
roleName The role name. string
type The role type. string

Permission

Name Description Value
actions Allowed actions. string[]
dataActions Allowed Data actions. string[]
notActions Denied actions. string[]
notDataActions Denied Data actions. string[]

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
IBM Cloud Pak for Data on Azure

Deploy to Azure
This template deploys an Openshift cluster on Azure with all the required resources, infrastructure and then deploys IBM Cloud Pak for Data along with the add-ons that user chooses.
Deploy a Storage Account for SAP ILM Store

Deploy to Azure
The Microsoft Azure Storage Account can now be used as a ILM Store to persist the Archive files and attachments from an SAP ILM system. An ILM Store is a component which fulfills the requirements of SAP ILM compliant storage systems. One can store archive files in a storage media using WebDAV interface standards while making use of SAP ILM Retention Management rules. For more information about SAP ILM Store, refer to the SAP Help Portal .
Azure Image Builder with Azure Windows Baseline.

Deploy to Azure
Creates an Azure Image Builder environment and builds a Windows Server image with the latest Windows Updates and Azure Windows Baseline applied.
Create a new role def via a subscription level deployment

Deploy to Azure
This template is a subscription level template that will create a role definition at subscription scope.

ARM template resource definition

The roleDefinitions resource type is an extension resource, which means you can apply it to another resource.

Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in ARM templates.

Valid deployment scopes for the roleDefinitions resource are:

  • Management Group
  • Subscription
  • Resource Group

For a list of changed properties in each API version, see change log.

Remarks

For guidance on creating role assignments and definitions, see Create Azure RBAC resources by using Bicep.

Resource format

To create a Microsoft.Authorization/roleDefinitions resource, add the following JSON to your template.

{
  "type": "Microsoft.Authorization/roleDefinitions",
  "apiVersion": "2022-04-01",
  "name": "string",
  "scope": "string",
  "properties": {
    "assignableScopes": [ "string" ],
    "description": "string",
    "permissions": [
      {
        "actions": [ "string" ],
        "dataActions": [ "string" ],
        "notActions": [ "string" ],
        "notDataActions": [ "string" ]
      }
    ],
    "roleName": "string",
    "type": "string"
  }
}

Property values

roleDefinitions

Name Description Value
type The resource type 'Microsoft.Authorization/roleDefinitions'
apiVersion The resource api version '2022-04-01'
name The resource name string (required)

Character limit: 36

Valid characters:
Must be a globally unique identifier (GUID).

Resource name must be unique across tenant.
scope Use when creating an extension resource at a scope that is different than the deployment scope. Target resource

For JSON, set the value to the full name of the resource to apply the extension resource to.
properties Role definition properties. RoleDefinitionProperties

RoleDefinitionProperties

Name Description Value
assignableScopes Role definition assignable scopes. string[]
description The role definition description. string
permissions Role definition permissions. Permission[]
roleName The role name. string
type The role type. string

Permission

Name Description Value
actions Allowed actions. string[]
dataActions Allowed Data actions. string[]
notActions Denied actions. string[]
notDataActions Denied Data actions. string[]

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
IBM Cloud Pak for Data on Azure

Deploy to Azure
This template deploys an Openshift cluster on Azure with all the required resources, infrastructure and then deploys IBM Cloud Pak for Data along with the add-ons that user chooses.
Deploy a Storage Account for SAP ILM Store

Deploy to Azure
The Microsoft Azure Storage Account can now be used as a ILM Store to persist the Archive files and attachments from an SAP ILM system. An ILM Store is a component which fulfills the requirements of SAP ILM compliant storage systems. One can store archive files in a storage media using WebDAV interface standards while making use of SAP ILM Retention Management rules. For more information about SAP ILM Store, refer to the SAP Help Portal .
Azure Image Builder with Azure Windows Baseline.

Deploy to Azure
Creates an Azure Image Builder environment and builds a Windows Server image with the latest Windows Updates and Azure Windows Baseline applied.
Create a new role def via a subscription level deployment

Deploy to Azure
This template is a subscription level template that will create a role definition at subscription scope.

Terraform (AzAPI provider) resource definition

The roleDefinitions resource type is an extension resource, which means you can apply it to another resource.

Use the parent_id property on this resource to set the scope for this resource.

Valid deployment scopes for the roleDefinitions resource are:

  • Management Group
  • Subscription
  • Resource Group

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Authorization/roleDefinitions resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Authorization/roleDefinitions@2022-04-01"
  name = "string"
  parent_id = "string"
  body = jsonencode({
    properties = {
      assignableScopes = [
        "string"
      ]
      description = "string"
      permissions = [
        {
          actions = [
            "string"
          ]
          dataActions = [
            "string"
          ]
          notActions = [
            "string"
          ]
          notDataActions = [
            "string"
          ]
        }
      ]
      roleName = "string"
      type = "string"
    }
  })
}

Property values

roleDefinitions

Name Description Value
type The resource type "Microsoft.Authorization/roleDefinitions@2022-04-01"
name The resource name string (required)

Character limit: 36

Valid characters:
Must be a globally unique identifier (GUID).

Resource name must be unique across tenant.
parent_id The ID of the resource to apply this extension resource to. string (required)
properties Role definition properties. RoleDefinitionProperties

RoleDefinitionProperties

Name Description Value
assignableScopes Role definition assignable scopes. string[]
description The role definition description. string
permissions Role definition permissions. Permission[]
roleName The role name. string
type The role type. string

Permission

Name Description Value
actions Allowed actions. string[]
dataActions Allowed Data actions. string[]
notActions Denied actions. string[]
notDataActions Denied Data actions. string[]