Microsoft.Authorization roleDefinitions

Template format

To create a Microsoft.Authorization/roleDefinitions resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.Authorization/roleDefinitions",
  "apiVersion": "2018-01-01-preview",
  "scope": "string",
  "properties": {
    "roleName": "string",
    "description": "string",
    "type": "string",
    "permissions": [
      {
        "actions": [
          "string"
        ],
        "notActions": [
          "string"
        ],
        "dataActions": [
          "string"
        ],
        "notDataActions": [
          "string"
        ]
      }
    ],
    "assignableScopes": [
      "string"
    ]
  }
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Authorization/roleDefinitions object

Note

In Bicep, type and apiVersion are specified in the first line of the resource declaration. Use the format <type>@<apiVersion>. Don't set those properties in the resource body.

Name Type Required Value
name string Yes The ID of the role definition.
type enum Yes For JSON - Microsoft.Authorization/roleDefinitions
apiVersion enum Yes For JSON - 2018-01-01-preview
scope string No Use when specifying a scope that is different than the deployment scope. See Setting scope for extension resources in ARM templates.
properties object Yes Role definition properties. - RoleDefinitionProperties object

RoleDefinitionProperties object

Name Type Required Value
roleName string No The role name.
description string No The role definition description.
type string No The role type.
permissions array No Role definition permissions. - Permission object
assignableScopes array No Role definition assignable scopes. - string

Permission object

Name Type Required Value
actions array No Allowed actions. - string
notActions array No Denied actions. - string
dataActions array No Allowed Data actions. - string
notDataActions array No Denied Data actions. - string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create a new role def via a subscription level deployment

Deploy to Azure
This template is a subscription level template that will create a role definition at subscription scope. Currently, this template cannot be deployed via the Azure Portal.