Microsoft.Authorization roleDefinitions template reference

Template format

To create a Microsoft.Authorization/roleDefinitions resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.Authorization/roleDefinitions",
  "apiVersion": "2015-07-01",
  "properties": {
    "roleName": "string",
    "description": "string",
    "type": "string",
    "permissions": [
      {
        "actions": [
          "string"
        ],
        "notActions": [
          "string"
        ]
      }
    ],
    "assignableScopes": [
      "string"
    ]
  }
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Authorization/roleDefinitions object

Name Type Required Value
name string Yes The ID of the role definition.
type enum Yes Microsoft.Authorization/roleDefinitions
apiVersion enum Yes 2015-07-01
properties object Yes Role definition properties. - RoleDefinitionProperties object

RoleDefinitionProperties object

Name Type Required Value
roleName string No The role name.
description string No The role definition description.
type string No The role type.
permissions array No Role definition permissions. - Permission object
assignableScopes array No Role definition assignable scopes. - string

Permission object

Name Type Required Value
actions array No Allowed actions. - string
notActions array No Denied actions. - string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Deploy
Create a new role def via a subscription level deployment Currently, the portal does not support subscription-level deployments. Use PowerShell (New-AzDeployment), Azure CLI (az deployment create), or REST API (Deployments - Create At Subscription Scope).