Microsoft.Authorization roleDefinitions
Template format
To create a Microsoft.Authorization/roleDefinitions resource, add the following JSON to the resources section of your template.
{
"name": "string",
"type": "Microsoft.Authorization/roleDefinitions",
"apiVersion": "2018-01-01-preview",
"scope": "string",
"properties": {
"roleName": "string",
"description": "string",
"type": "string",
"permissions": [
{
"actions": [
"string"
],
"notActions": [
"string"
],
"dataActions": [
"string"
],
"notDataActions": [
"string"
]
}
],
"assignableScopes": [
"string"
]
}
}
Property values
The following tables describe the values you need to set in the schema.
Microsoft.Authorization/roleDefinitions object
Note
In Bicep, type
and apiVersion
are specified in the first line of the resource declaration. Use the format <type>@<apiVersion>
. Don't set those properties in the resource body.
Name | Type | Required | Value |
---|---|---|---|
name | string | Yes | The ID of the role definition. |
type | enum | Yes | For JSON - Microsoft.Authorization/roleDefinitions |
apiVersion | enum | Yes | For JSON - 2018-01-01-preview |
scope | string | No | Use when specifying a scope that is different than the deployment scope. See Setting scope for extension resources in ARM templates. |
properties | object | Yes | Role definition properties. - RoleDefinitionProperties object |
RoleDefinitionProperties object
Name | Type | Required | Value |
---|---|---|---|
roleName | string | No | The role name. |
description | string | No | The role definition description. |
type | string | No | The role type. |
permissions | array | No | Role definition permissions. - Permission object |
assignableScopes | array | No | Role definition assignable scopes. - string |
Permission object
Name | Type | Required | Value |
---|---|---|---|
actions | array | No | Allowed actions. - string |
notActions | array | No | Denied actions. - string |
dataActions | array | No | Allowed Data actions. - string |
notDataActions | array | No | Denied Data actions. - string |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Create a new role def via a subscription level deployment |
This template is a subscription level template that will create a role definition at subscription scope. Currently, this template cannot be deployed via the Azure Portal. |