| title | Azure built-in roles for DevOps - Azure RBAC |
|---|---|
| description | This article lists the Azure built-in roles for Azure role-based access control (Azure RBAC) in the DevOps category. It lists Actions, NotActions, DataActions, and NotDataActions. |
| ms.service | role-based-access-control |
| ms.topic | generated-reference |
| ms.workload | identity |
| author | rolyon |
| manager | pmwongera |
| ms.author | rolyon |
| ms.date | 02/23/2026 |
| ms.custom | generated |
This article lists the Azure built-in roles in the DevOps category.
Can create, run, and see details for experiments, onboard targets, and manage capabilities.
[!div class="mx-tableFixed"]
Actions Description Microsoft.Chaos/* Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Insights/alertRules/* Create and manage a classic metric alert Microsoft.Resources/deployments/* Create and manage a deployment Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. NotActions none DataActions none NotDataActions none
{
"assignableScopes": [
"/"
],
"description": "Can create, run, and see details for experiments, onboard targets, and manage capabilities.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7c2e40b7-25eb-482a-82cb-78ba06cb46d5",
"name": "7c2e40b7-25eb-482a-82cb-78ba06cb46d5",
"permissions": [
{
"actions": [
"Microsoft.Chaos/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Chaos Studio Experiment Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}Can run and see details for experiments but cannot create experiments or manage targets and capabilities.
[!div class="mx-tableFixed"]
Actions Description Microsoft.Chaos/*/read Microsoft.Chaos/experiments/start/action Starts a Chaos Experiment to inject faults. Microsoft.Chaos/experiments/cancel/action Cancels a running Chaos Experiment to stop the fault injection. Microsoft.Chaos/experiments/executions/getExecutionDetails/action Gets details of a chaos experiment execution for a given chaos experiment. Microsoft.Chaos/locations/operationResults/read Gets an Operation Result. Microsoft.Chaos/locations/operationStatuses/read Gets an Operation Status. Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Insights/alertRules/* Create and manage a classic metric alert Microsoft.Resources/deployments/* Create and manage a deployment Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. NotActions none DataActions none NotDataActions none
{
"assignableScopes": [
"/"
],
"description": "Can run and see details for experiments but cannot create experiments or manage targets and capabilities.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1a40e87e-6645-48e0-b27a-0b115d849a20",
"name": "1a40e87e-6645-48e0-b27a-0b115d849a20",
"permissions": [
{
"actions": [
"Microsoft.Chaos/*/read",
"Microsoft.Chaos/experiments/start/action",
"Microsoft.Chaos/experiments/cancel/action",
"Microsoft.Chaos/experiments/executions/getExecutionDetails/action",
"Microsoft.Chaos/locations/operationResults/read",
"Microsoft.Chaos/locations/operationStatuses/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Chaos Studio Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}Can view targets, capabilities, experiments, and experiment details.
[!div class="mx-tableFixed"]
Actions Description Microsoft.Chaos/*/read Microsoft.Chaos/experiments/executions/getExecutionDetails/action Gets details of a chaos experiment execution for a given chaos experiment. Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Insights/alertRules/* Create and manage a classic metric alert Microsoft.Resources/deployments/* Create and manage a deployment Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. NotActions none DataActions none NotDataActions none
{
"assignableScopes": [
"/"
],
"description": "Can view targets, capabilities, experiments, and experiment details.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/29e2da8a-229c-4157-8ae8-cc72fc506b74",
"name": "29e2da8a-229c-4157-8ae8-cc72fc506b74",
"permissions": [
{
"actions": [
"Microsoft.Chaos/*/read",
"Microsoft.Chaos/experiments/executions/getExecutionDetails/action",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Chaos Studio Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}Can onboard targets and manage capabilities but cannot create, run, or see details for experiments
[!div class="mx-tableFixed"]
Actions Description Microsoft.Chaos/targets/write Creates or update a Target resource that extends a tracked resource. Microsoft.Chaos/targets/delete Deletes a Target resource that extends a tracked resource. Microsoft.Chaos/targets/read Gets all Targets that extend a tracked resource. Microsoft.Chaos/targets/capabilities/write Creates or update a Capability resource that extends a Target resource. Microsoft.Chaos/targets/capabilities/delete Deletes a Capability resource that extends a Target resource. Microsoft.Chaos/targets/capabilities/read Gets all Capabilities that extend a Target resource. Microsoft.Chaos/locations/targetTypes/read Gets all TargetTypes. Microsoft.Chaos/locations/targetTypes/capabilityTypes/read Gets all CapabilityType. Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Insights/alertRules/* Create and manage a classic metric alert Microsoft.Resources/deployments/* Create and manage a deployment Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. NotActions none DataActions none NotDataActions none
{
"assignableScopes": [
"/"
],
"description": "Can onboard targets and manage capabilities but cannot create, run, or see details for experiments",
"id": "/providers/Microsoft.Authorization/roleDefinitions/59a618e3-3c9a-406e-9f03-1a20dd1c55f1",
"name": "59a618e3-3c9a-406e-9f03-1a20dd1c55f1",
"permissions": [
{
"actions": [
"Microsoft.Chaos/targets/write",
"Microsoft.Chaos/targets/delete",
"Microsoft.Chaos/targets/read",
"Microsoft.Chaos/targets/capabilities/write",
"Microsoft.Chaos/targets/capabilities/delete",
"Microsoft.Chaos/targets/capabilities/read",
"Microsoft.Chaos/locations/targetTypes/read",
"Microsoft.Chaos/locations/targetTypes/capabilityTypes/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Chaos Studio Target Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}Provides read access to environment resources.
[!div class="mx-tableFixed"]
Actions Description Microsoft.DevCenter/projects/read Gets a specific project. Microsoft.DevCenter/projects/*/read Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. NotActions Microsoft.DevCenter/projects/pools/read Gets a machine pool Microsoft.DevCenter/projects/pools/schedules/read Gets a schedule resource. DataActions Microsoft.DevCenter/projects/users/environments/adminRead/action Allows a project administrator to read all of the environments in a project. Microsoft.DevCenter/projects/users/environments/adminActionRead/action Allows an admin to read environment actions. Microsoft.DevCenter/projects/users/environments/adminOutputsRead/action Allows an admin to read Output values from environment deployment. NotDataActions none
{
"assignableScopes": [
"/"
],
"description": "Provides read access to environment resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/eb960402-bf75-4cc3-8d68-35b34f960f72",
"name": "eb960402-bf75-4cc3-8d68-35b34f960f72",
"permissions": [
{
"actions": [
"Microsoft.DevCenter/projects/read",
"Microsoft.DevCenter/projects/*/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [
"Microsoft.DevCenter/projects/pools/read",
"Microsoft.DevCenter/projects/pools/schedules/read"
],
"dataActions": [
"Microsoft.DevCenter/projects/users/environments/adminRead/action",
"Microsoft.DevCenter/projects/users/environments/adminActionRead/action",
"Microsoft.DevCenter/projects/users/environments/adminOutputsRead/action"
],
"notDataActions": []
}
],
"roleName": "Deployment Environments Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}Provides access to manage environment resources.
[!div class="mx-tableFixed"]
Actions Description Microsoft.DevCenter/projects/read Gets a specific project. Microsoft.DevCenter/projects/*/read Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. Microsoft.Authorization/*/read Read roles and role assignments NotActions Microsoft.DevCenter/projects/pools/read Gets a machine pool Microsoft.DevCenter/projects/pools/schedules/read Gets a schedule resource. DataActions Microsoft.DevCenter/projects/users/environments/userRead/action Allows a user to read the environments they have access to in a project. Microsoft.DevCenter/projects/users/environments/userWrite/action Allows a user to write the environments they have access to in a project. Microsoft.DevCenter/projects/users/environments/userDelete/action Allows a user to delete the environments they have access to in a project. Microsoft.DevCenter/projects/users/environments/userActionManage/action Allows a user to skip, delay etc. environment actions. Microsoft.DevCenter/projects/users/environments/userOutputsRead/action Allows a user to read Output values from environment deployment. NotDataActions none
{
"assignableScopes": [
"/"
],
"description": "Provides access to manage environment resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/18e40d4e-8d2e-438d-97e1-9528336e149c",
"name": "18e40d4e-8d2e-438d-97e1-9528336e149c",
"permissions": [
{
"actions": [
"Microsoft.DevCenter/projects/read",
"Microsoft.DevCenter/projects/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Authorization/*/read"
],
"notActions": [
"Microsoft.DevCenter/projects/pools/read",
"Microsoft.DevCenter/projects/pools/schedules/read"
],
"dataActions": [
"Microsoft.DevCenter/projects/users/environments/userRead/action",
"Microsoft.DevCenter/projects/users/environments/userWrite/action",
"Microsoft.DevCenter/projects/users/environments/userDelete/action",
"Microsoft.DevCenter/projects/users/environments/userActionManage/action",
"Microsoft.DevCenter/projects/users/environments/userOutputsRead/action"
],
"notDataActions": []
}
],
"roleName": "Deployment Environments User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}Provides access to create and manage dev boxes.
[!div class="mx-tableFixed"]
Actions Description Microsoft.DevCenter/projects/read Gets a specific project. Microsoft.DevCenter/projects/*/read Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. NotActions none DataActions Microsoft.DevCenter/projects/users/devboxes/userStop/action Allows a user to stop their own Dev Box resources. Microsoft.DevCenter/projects/users/devboxes/userStart/action Allows a user to start their own Dev Box resources. Microsoft.DevCenter/projects/users/devboxes/userGetRemoteConnection/action Allows a user to get the RDP connection information for their own Dev Box resources. Microsoft.DevCenter/projects/users/devboxes/userRead/action Allows a user to read their own Dev Box resources. Microsoft.DevCenter/projects/users/devboxes/userWrite/action Allows a user to create and update their own Dev Box resources. Microsoft.DevCenter/projects/users/devboxes/userDelete/action Allows a user to delete their own Dev Box resources. Microsoft.DevCenter/projects/users/devboxes/userUpcomingActionRead/action Allows a user to read upcoming actions. Microsoft.DevCenter/projects/users/devboxes/userUpcomingActionManage/action Allows a user to skip or delay upcoming actions. Microsoft.DevCenter/projects/users/devboxes/userActionRead/action Allows a user to read dev box actions. Microsoft.DevCenter/projects/users/devboxes/userActionManage/action Allows a user to skip or delay dev box actions. Microsoft.DevCenter/projects/users/devboxes/userCustomize/action Allows a user to customize their own Dev Box resources. NotDataActions none
{
"assignableScopes": [
"/"
],
"description": "Provides access to create and manage dev boxes.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/45d50f46-0b78-4001-a660-4198cbe8cd05",
"name": "45d50f46-0b78-4001-a660-4198cbe8cd05",
"permissions": [
{
"actions": [
"Microsoft.DevCenter/projects/read",
"Microsoft.DevCenter/projects/*/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.DevCenter/projects/users/devboxes/userStop/action",
"Microsoft.DevCenter/projects/users/devboxes/userStart/action",
"Microsoft.DevCenter/projects/users/devboxes/userGetRemoteConnection/action",
"Microsoft.DevCenter/projects/users/devboxes/userRead/action",
"Microsoft.DevCenter/projects/users/devboxes/userWrite/action",
"Microsoft.DevCenter/projects/users/devboxes/userDelete/action",
"Microsoft.DevCenter/projects/users/devboxes/userUpcomingActionRead/action",
"Microsoft.DevCenter/projects/users/devboxes/userUpcomingActionManage/action",
"Microsoft.DevCenter/projects/users/devboxes/userActionRead/action",
"Microsoft.DevCenter/projects/users/devboxes/userActionManage/action",
"Microsoft.DevCenter/projects/users/devboxes/userCustomize/action"
],
"notDataActions": []
}
],
"roleName": "DevCenter Dev Box User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}Provides access to manage all Microsoft.DevCenter resources, and to manage access to Microsoft.DevCenter resources by adding or removing role assignments for the DevCenter Project Admin and DevCenter Dev Box roles.
Includes an ABAC condition to constrain role assignments.
[!div class="mx-tableFixed"]
Actions Description Microsoft.DevCenter/* Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Authorization/roleAssignments/write Create a role assignment at the specified scope. Microsoft.Authorization/roleAssignments/delete Delete a role assignment at the specified scope. Microsoft.Resources/deployments/* Create and manage a deployment Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. NotActions none DataActions none NotDataActions none Condition ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{331c37c6-af14-46d9-b9f4-e1909e1b95a0, 45d50f46-0b78-4001-a660-4198cbe8cd05})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{331c37c6-af14-46d9-b9f4-e1909e1b95a0, 45d50f46-0b78-4001-a660-4198cbe8cd05})) Add or remove role assignments for the following roles:
DevCenter Project Admin
DevCenter Dev Box User
{
"assignableScopes": [
"/"
],
"description": "Provides access to manage all Microsoft.DevCenter resources, and to manage access to Microsoft.DevCenter resources by adding or removing role assignments for the DevCenter Project Admin and DevCenter Dev Box roles.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4c6569b6-f23e-4295-9b90-bd4cc4ff3292",
"name": "4c6569b6-f23e-4295-9b90-bd4cc4ff3292",
"permissions": [
{
"actions": [
"Microsoft.DevCenter/*",
"Microsoft.Authorization/*/read",
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Authorization/roleAssignments/delete",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"conditionVersion": "2.0",
"condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{331c37c6-af14-46d9-b9f4-e1909e1b95a0, 45d50f46-0b78-4001-a660-4198cbe8cd05})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{331c37c6-af14-46d9-b9f4-e1909e1b95a0, 45d50f46-0b78-4001-a660-4198cbe8cd05}))"
}
],
"roleName": "DevCenter Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}Provides access to manage project resources.
[!div class="mx-tableFixed"]
Actions Description Microsoft.DevCenter/projects/* Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Resources/deployments/* Create and manage a deployment Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. NotActions Microsoft.DevCenter/projects/write Partially updates a project. Microsoft.DevCenter/projects/delete Deletes a project resource. DataActions Microsoft.DevCenter/projects/users/devboxes/adminStart/action Allows a user to start any Dev Box resource. Microsoft.DevCenter/projects/users/devboxes/adminStop/action Allows a user to stop any Dev Box resource. Microsoft.DevCenter/projects/users/devboxes/adminRead/action Allows a user read access to any Dev Box resource. Microsoft.DevCenter/projects/users/devboxes/adminWrite/action Allows a user write access to any Dev Box resource. Microsoft.DevCenter/projects/users/devboxes/adminDelete/action Allows a user to delete any Dev Box resource. Microsoft.DevCenter/projects/users/devboxes/adminAlign/action Allows an admin to align a Dev Box with the pool configuration. Microsoft.DevCenter/projects/users/devboxes/adminActionRead/action Allows an admin to read dev box actions. Microsoft.DevCenter/projects/users/devboxes/adminActionManage/action Allows an admin to skip or delay dev box actions. Microsoft.DevCenter/projects/users/devboxes/userStop/action Allows a user to stop their own Dev Box resources. Microsoft.DevCenter/projects/users/devboxes/userStart/action Allows a user to start their own Dev Box resources. Microsoft.DevCenter/projects/users/devboxes/userGetRemoteConnection/action Allows a user to get the RDP connection information for their own Dev Box resources. Microsoft.DevCenter/projects/users/devboxes/userRead/action Allows a user to read their own Dev Box resources. Microsoft.DevCenter/projects/users/devboxes/userWrite/action Allows a user to create and update their own Dev Box resources. Microsoft.DevCenter/projects/users/devboxes/userDelete/action Allows a user to delete their own Dev Box resources. Microsoft.DevCenter/projects/users/devboxes/userActionRead/action Allows a user to read dev box actions. Microsoft.DevCenter/projects/users/devboxes/userActionManage/action Allows a user to skip or delay dev box actions. Microsoft.DevCenter/projects/users/devboxes/userCustomize/action Allows a user to customize their own Dev Box resources. Microsoft.DevCenter/projects/users/environments/adminRead/action Allows a project administrator to read all of the environments in a project. Microsoft.DevCenter/projects/users/environments/userWrite/action Allows a user to write the environments they have access to in a project. Microsoft.DevCenter/projects/users/environments/adminWrite/action Allows a project administrator to write all of the environments in a project. Microsoft.DevCenter/projects/users/environments/userDelete/action Allows a user to delete the environments they have access to in a project. Microsoft.DevCenter/projects/users/environments/adminDelete/action Allows a project administrator to delete all of the environments in a project. Microsoft.DevCenter/projects/users/environments/adminAction/action Allows a project administrator to perform an action on all of the environments in a project. Microsoft.DevCenter/projects/users/environments/adminActionRead/action Allows an admin to read environment actions. Microsoft.DevCenter/projects/users/environments/adminActionManage/action Allows an admin to skip, delay etc. environment actions. Microsoft.DevCenter/projects/users/environments/adminOutputsRead/action Allows an admin to read Output values from environment deployment. Microsoft.DevCenter/projects/pools/align/action Allows a user to align all virtual machines in the pool. NotDataActions none
{
"assignableScopes": [
"/"
],
"description": "Provides access to manage project resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/331c37c6-af14-46d9-b9f4-e1909e1b95a0",
"name": "331c37c6-af14-46d9-b9f4-e1909e1b95a0",
"permissions": [
{
"actions": [
"Microsoft.DevCenter/projects/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [
"Microsoft.DevCenter/projects/write",
"Microsoft.DevCenter/projects/delete"
],
"dataActions": [
"Microsoft.DevCenter/projects/users/devboxes/adminStart/action",
"Microsoft.DevCenter/projects/users/devboxes/adminStop/action",
"Microsoft.DevCenter/projects/users/devboxes/adminRead/action",
"Microsoft.DevCenter/projects/users/devboxes/adminWrite/action",
"Microsoft.DevCenter/projects/users/devboxes/adminDelete/action",
"Microsoft.DevCenter/projects/users/devboxes/adminAlign/action",
"Microsoft.DevCenter/projects/users/devboxes/adminActionRead/action",
"Microsoft.DevCenter/projects/users/devboxes/adminActionManage/action",
"Microsoft.DevCenter/projects/users/devboxes/userStop/action",
"Microsoft.DevCenter/projects/users/devboxes/userStart/action",
"Microsoft.DevCenter/projects/users/devboxes/userGetRemoteConnection/action",
"Microsoft.DevCenter/projects/users/devboxes/userRead/action",
"Microsoft.DevCenter/projects/users/devboxes/userWrite/action",
"Microsoft.DevCenter/projects/users/devboxes/userDelete/action",
"Microsoft.DevCenter/projects/users/devboxes/userActionRead/action",
"Microsoft.DevCenter/projects/users/devboxes/userActionManage/action",
"Microsoft.DevCenter/projects/users/devboxes/userCustomize/action",
"Microsoft.DevCenter/projects/users/environments/adminRead/action",
"Microsoft.DevCenter/projects/users/environments/userWrite/action",
"Microsoft.DevCenter/projects/users/environments/adminWrite/action",
"Microsoft.DevCenter/projects/users/environments/userDelete/action",
"Microsoft.DevCenter/projects/users/environments/adminDelete/action",
"Microsoft.DevCenter/projects/users/environments/adminAction/action",
"Microsoft.DevCenter/projects/users/environments/adminActionRead/action",
"Microsoft.DevCenter/projects/users/environments/adminActionManage/action",
"Microsoft.DevCenter/projects/users/environments/adminOutputsRead/action",
"Microsoft.DevCenter/projects/pools/align/action"
],
"notDataActions": []
}
],
"roleName": "DevCenter Project Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}Read, write, delete and perform actions on Managed DevOps Pools
[!div class="mx-tableFixed"]
Actions Description Microsoft.DevOpsInfrastructure/register/action Register the subscription for Microsoft.DevOpsInfrastructure Microsoft.DevOpsInfrastructure/unregister/action Unregister the subscription for Microsoft.DevOpsInfrastructure Microsoft.DevOpsInfrastructure/*/read Microsoft.DevOpsInfrastructure/Locations/OperationStatuses/write Write OperationStatuses Microsoft.DevOpsInfrastructure/pools/write Update a Pool Microsoft.DevOpsInfrastructure/pools/delete Delete a Pool Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Insights/alertRules/* Create and manage a classic metric alert Microsoft.Resources/deployments/* Create and manage a deployment Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. NotActions none DataActions none NotDataActions none
{
"assignableScopes": [
"/"
],
"description": "Read, write, delete and perform actions on Managed DevOps Pools",
"id": "/providers/Microsoft.Authorization/roleDefinitions/76153a9e-0edb-49bc-8e01-93c47e6b5180",
"name": "76153a9e-0edb-49bc-8e01-93c47e6b5180",
"permissions": [
{
"actions": [
"Microsoft.DevOpsInfrastructure/register/action",
"Microsoft.DevOpsInfrastructure/unregister/action",
"Microsoft.DevOpsInfrastructure/*/read",
"Microsoft.DevOpsInfrastructure/Locations/OperationStatuses/write",
"Microsoft.DevOpsInfrastructure/pools/write",
"Microsoft.DevOpsInfrastructure/pools/delete",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "DevOps Infrastructure Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs.
[!div class="mx-tableFixed"]
Actions Description Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Compute/availabilitySets/read Get the properties of an availability set Microsoft.Compute/virtualMachines/*/read Read the properties of a virtual machine (VM sizes, runtime status, VM extensions, etc.) Microsoft.Compute/virtualMachines/deallocate/action Powers off the virtual machine and releases the compute resources Microsoft.Compute/virtualMachines/read Get the properties of a virtual machine Microsoft.Compute/virtualMachines/restart/action Restarts the virtual machine Microsoft.Compute/virtualMachines/start/action Starts the virtual machine Microsoft.DevTestLab/*/read Read the properties of a lab Microsoft.DevTestLab/labs/claimAnyVm/action Claim a random claimable virtual machine in the lab. Microsoft.DevTestLab/labs/createEnvironment/action Create virtual machines in a lab. Microsoft.DevTestLab/labs/ensureCurrentUserProfile/action Ensure the current user has a valid profile in the lab. Microsoft.DevTestLab/labs/formulas/delete Delete formulas. Microsoft.DevTestLab/labs/formulas/read Read formulas. Microsoft.DevTestLab/labs/formulas/write Add or modify formulas. Microsoft.DevTestLab/labs/policySets/evaluatePolicies/action Evaluates lab policy. Microsoft.DevTestLab/labs/virtualMachines/claim/action Take ownership of an existing virtual machine Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/action Lists the applicable start/stop schedules, if any. Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/action Gets a string that represents the contents of the RDP file for the virtual machine Microsoft.Network/loadBalancers/backendAddressPools/join/action Joins a load balancer backend address pool. Not Alertable. Microsoft.Network/loadBalancers/inboundNatRules/join/action Joins a load balancer inbound nat rule. Not Alertable. Microsoft.Network/networkInterfaces/*/read Read the properties of a network interface (for example, all the load balancers that the network interface is a part of) Microsoft.Network/networkInterfaces/join/action Joins a Virtual Machine to a network interface. Not Alertable. Microsoft.Network/networkInterfaces/read Gets a network interface definition. Microsoft.Network/networkInterfaces/write Creates a network interface or updates an existing network interface. Microsoft.Network/publicIPAddresses/*/read Read the properties of a public IP address Microsoft.Network/publicIPAddresses/join/action Joins a public IP address. Not Alertable. Microsoft.Network/publicIPAddresses/read Gets a public IP address definition. Microsoft.Network/virtualNetworks/subnets/join/action Joins a virtual network. Not Alertable. Microsoft.Resources/deployments/operations/read Gets or lists deployment operations. Microsoft.Resources/deployments/read Gets or lists deployments. Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. Microsoft.Storage/storageAccounts/listKeys/action Returns the access keys for the specified storage account. NotActions Microsoft.Compute/virtualMachines/vmSizes/read Lists available sizes the virtual machine can be updated to DataActions none NotDataActions none
{
"assignableScopes": [
"/"
],
"description": "Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/76283e04-6283-4c54-8f91-bcf1374a3c64",
"name": "76283e04-6283-4c54-8f91-bcf1374a3c64",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/availabilitySets/read",
"Microsoft.Compute/virtualMachines/*/read",
"Microsoft.Compute/virtualMachines/deallocate/action",
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/virtualMachines/restart/action",
"Microsoft.Compute/virtualMachines/start/action",
"Microsoft.DevTestLab/*/read",
"Microsoft.DevTestLab/labs/claimAnyVm/action",
"Microsoft.DevTestLab/labs/createEnvironment/action",
"Microsoft.DevTestLab/labs/ensureCurrentUserProfile/action",
"Microsoft.DevTestLab/labs/formulas/delete",
"Microsoft.DevTestLab/labs/formulas/read",
"Microsoft.DevTestLab/labs/formulas/write",
"Microsoft.DevTestLab/labs/policySets/evaluatePolicies/action",
"Microsoft.DevTestLab/labs/virtualMachines/claim/action",
"Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/action",
"Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/action",
"Microsoft.Network/loadBalancers/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatRules/join/action",
"Microsoft.Network/networkInterfaces/*/read",
"Microsoft.Network/networkInterfaces/join/action",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/publicIPAddresses/*/read",
"Microsoft.Network/publicIPAddresses/join/action",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/listKeys/action"
],
"notActions": [
"Microsoft.Compute/virtualMachines/vmSizes/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "DevTest Labs User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}Enables you to view an existing lab, perform actions on the lab VMs and send invitations to the lab.
[!div class="mx-tableFixed"]
Actions Description Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Insights/alertRules/* Create and manage a classic metric alert Microsoft.LabServices/labPlans/images/read Get the properties of an image. Microsoft.LabServices/labPlans/read Get the properties of a lab plan. Microsoft.LabServices/labs/read Get the properties of a lab. Microsoft.LabServices/labs/schedules/read Get the properties of a schedule. Microsoft.LabServices/labs/users/read Get the properties of a user. Microsoft.LabServices/labs/users/invite/action Send email invitation to a user to join the lab. Microsoft.LabServices/labs/virtualMachines/read Get the properties of a virtual machine. Microsoft.LabServices/labs/virtualMachines/start/action Start a virtual machine. Microsoft.LabServices/labs/virtualMachines/stop/action Stop and deallocate a virtual machine. Microsoft.LabServices/labs/virtualMachines/reimage/action Reimage a virtual machine to the last published image. Microsoft.LabServices/labs/virtualMachines/redeploy/action Redeploy a virtual machine to a different compute node. Microsoft.LabServices/locations/usages/read Get Usage in a location Microsoft.LabServices/skus/read Get the properties of a Lab Services SKU. Microsoft.Resources/deployments/* Create and manage a deployment Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. NotActions none DataActions none NotDataActions none
{
"assignableScopes": [
"/"
],
"description": "The lab assistant role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ce40b423-cede-4313-a93f-9b28290b72e1",
"name": "ce40b423-cede-4313-a93f-9b28290b72e1",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.LabServices/labPlans/images/read",
"Microsoft.LabServices/labPlans/read",
"Microsoft.LabServices/labs/read",
"Microsoft.LabServices/labs/schedules/read",
"Microsoft.LabServices/labs/users/read",
"Microsoft.LabServices/labs/users/invite/action",
"Microsoft.LabServices/labs/virtualMachines/read",
"Microsoft.LabServices/labs/virtualMachines/start/action",
"Microsoft.LabServices/labs/virtualMachines/stop/action",
"Microsoft.LabServices/labs/virtualMachines/reimage/action",
"Microsoft.LabServices/labs/virtualMachines/redeploy/action",
"Microsoft.LabServices/locations/usages/read",
"Microsoft.LabServices/skus/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Lab Assistant",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}Applied at lab level, enables you to manage the lab. Applied at a resource group, enables you to create and manage labs.
[!div class="mx-tableFixed"]
Actions Description Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Insights/alertRules/* Create and manage a classic metric alert Microsoft.LabServices/labPlans/images/read Get the properties of an image. Microsoft.LabServices/labPlans/read Get the properties of a lab plan. Microsoft.LabServices/labPlans/saveImage/action Create an image from a virtual machine in the gallery attached to the lab plan. Microsoft.LabServices/labs/read Get the properties of a lab. Microsoft.LabServices/labs/write Create new or update an existing lab. Microsoft.LabServices/labs/delete Delete the lab and all its users, schedules and virtual machines. Microsoft.LabServices/labs/publish/action Publish a lab by propagating image of the template virtual machine to all virtual machines in the lab. Microsoft.LabServices/labs/syncGroup/action Updates the list of users from the Active Directory group assigned to the lab. Microsoft.LabServices/labs/schedules/read Get the properties of a schedule. Microsoft.LabServices/labs/schedules/write Create new or update an existing schedule. Microsoft.LabServices/labs/schedules/delete Delete the schedule. Microsoft.LabServices/labs/users/read Get the properties of a user. Microsoft.LabServices/labs/users/write Create new or update an existing user. Microsoft.LabServices/labs/users/delete Delete the user. Microsoft.LabServices/labs/users/invite/action Send email invitation to a user to join the lab. Microsoft.LabServices/labs/virtualMachines/read Get the properties of a virtual machine. Microsoft.LabServices/labs/virtualMachines/start/action Start a virtual machine. Microsoft.LabServices/labs/virtualMachines/stop/action Stop and deallocate a virtual machine. Microsoft.LabServices/labs/virtualMachines/reimage/action Reimage a virtual machine to the last published image. Microsoft.LabServices/labs/virtualMachines/redeploy/action Redeploy a virtual machine to a different compute node. Microsoft.LabServices/labs/virtualMachines/resetPassword/action Reset local user's password on a virtual machine. Microsoft.LabServices/locations/usages/read Get Usage in a location Microsoft.LabServices/skus/read Get the properties of a Lab Services SKU. Microsoft.Resources/deployments/* Create and manage a deployment Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. NotActions none DataActions Microsoft.LabServices/labPlans/createLab/action Create a new lab from a lab plan. NotDataActions none
{
"assignableScopes": [
"/"
],
"description": "The lab contributor role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5daaa2af-1fe8-407c-9122-bba179798270",
"name": "5daaa2af-1fe8-407c-9122-bba179798270",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.LabServices/labPlans/images/read",
"Microsoft.LabServices/labPlans/read",
"Microsoft.LabServices/labPlans/saveImage/action",
"Microsoft.LabServices/labs/read",
"Microsoft.LabServices/labs/write",
"Microsoft.LabServices/labs/delete",
"Microsoft.LabServices/labs/publish/action",
"Microsoft.LabServices/labs/syncGroup/action",
"Microsoft.LabServices/labs/schedules/read",
"Microsoft.LabServices/labs/schedules/write",
"Microsoft.LabServices/labs/schedules/delete",
"Microsoft.LabServices/labs/users/read",
"Microsoft.LabServices/labs/users/write",
"Microsoft.LabServices/labs/users/delete",
"Microsoft.LabServices/labs/users/invite/action",
"Microsoft.LabServices/labs/virtualMachines/read",
"Microsoft.LabServices/labs/virtualMachines/start/action",
"Microsoft.LabServices/labs/virtualMachines/stop/action",
"Microsoft.LabServices/labs/virtualMachines/reimage/action",
"Microsoft.LabServices/labs/virtualMachines/redeploy/action",
"Microsoft.LabServices/labs/virtualMachines/resetPassword/action",
"Microsoft.LabServices/locations/usages/read",
"Microsoft.LabServices/skus/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.LabServices/labPlans/createLab/action"
],
"notDataActions": []
}
],
"roleName": "Lab Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}Lets you create new labs under your Azure Lab Accounts.
[!div class="mx-tableFixed"]
Actions Description Microsoft.Authorization/*/read Read roles and role assignments Microsoft.LabServices/labAccounts/*/read Microsoft.LabServices/labAccounts/createLab/action Create a lab in a lab account. Microsoft.LabServices/labAccounts/getPricingAndAvailability/action Get the pricing and availability of combinations of sizes, geographies, and operating systems for the lab account. Microsoft.LabServices/labAccounts/getRestrictionsAndUsage/action Get core restrictions and usage for this subscription Microsoft.Insights/alertRules/* Create and manage a classic metric alert Microsoft.LabServices/labPlans/images/read Get the properties of an image. Microsoft.LabServices/labPlans/read Get the properties of a lab plan. Microsoft.LabServices/labPlans/saveImage/action Create an image from a virtual machine in the gallery attached to the lab plan. Microsoft.LabServices/labs/read Get the properties of a lab. Microsoft.LabServices/labs/schedules/read Get the properties of a schedule. Microsoft.LabServices/labs/users/read Get the properties of a user. Microsoft.LabServices/labs/virtualMachines/read Get the properties of a virtual machine. Microsoft.LabServices/locations/usages/read Get Usage in a location Microsoft.LabServices/skus/read Get the properties of a Lab Services SKU. Microsoft.Resources/deployments/* Create and manage a deployment Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. Microsoft.Support/* Create and update a support ticket NotActions none DataActions Microsoft.LabServices/labPlans/createLab/action Create a new lab from a lab plan. NotDataActions none
{
"assignableScopes": [
"/"
],
"description": "Lets you create new labs under your Azure Lab Accounts.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b97fb8bc-a8b2-4522-a38b-dd33c7e65ead",
"name": "b97fb8bc-a8b2-4522-a38b-dd33c7e65ead",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.LabServices/labAccounts/*/read",
"Microsoft.LabServices/labAccounts/createLab/action",
"Microsoft.LabServices/labAccounts/getPricingAndAvailability/action",
"Microsoft.LabServices/labAccounts/getRestrictionsAndUsage/action",
"Microsoft.Insights/alertRules/*",
"Microsoft.LabServices/labPlans/images/read",
"Microsoft.LabServices/labPlans/read",
"Microsoft.LabServices/labPlans/saveImage/action",
"Microsoft.LabServices/labs/read",
"Microsoft.LabServices/labs/schedules/read",
"Microsoft.LabServices/labs/users/read",
"Microsoft.LabServices/labs/virtualMachines/read",
"Microsoft.LabServices/locations/usages/read",
"Microsoft.LabServices/skus/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [
"Microsoft.LabServices/labPlans/createLab/action"
],
"notDataActions": []
}
],
"roleName": "Lab Creator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}Gives you limited ability to manage existing labs.
[!div class="mx-tableFixed"]
Actions Description Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Insights/alertRules/* Create and manage a classic metric alert Microsoft.LabServices/labPlans/images/read Get the properties of an image. Microsoft.LabServices/labPlans/read Get the properties of a lab plan. Microsoft.LabServices/labPlans/saveImage/action Create an image from a virtual machine in the gallery attached to the lab plan. Microsoft.LabServices/labs/publish/action Publish a lab by propagating image of the template virtual machine to all virtual machines in the lab. Microsoft.LabServices/labs/read Get the properties of a lab. Microsoft.LabServices/labs/schedules/read Get the properties of a schedule. Microsoft.LabServices/labs/schedules/write Create new or update an existing schedule. Microsoft.LabServices/labs/schedules/delete Delete the schedule. Microsoft.LabServices/labs/users/read Get the properties of a user. Microsoft.LabServices/labs/users/write Create new or update an existing user. Microsoft.LabServices/labs/users/delete Delete the user. Microsoft.LabServices/labs/users/invite/action Send email invitation to a user to join the lab. Microsoft.LabServices/labs/virtualMachines/read Get the properties of a virtual machine. Microsoft.LabServices/labs/virtualMachines/start/action Start a virtual machine. Microsoft.LabServices/labs/virtualMachines/stop/action Stop and deallocate a virtual machine. Microsoft.LabServices/labs/virtualMachines/reimage/action Reimage a virtual machine to the last published image. Microsoft.LabServices/labs/virtualMachines/redeploy/action Redeploy a virtual machine to a different compute node. Microsoft.LabServices/labs/virtualMachines/resetPassword/action Reset local user's password on a virtual machine. Microsoft.LabServices/locations/usages/read Get Usage in a location Microsoft.LabServices/skus/read Get the properties of a Lab Services SKU. Microsoft.Resources/deployments/* Create and manage a deployment Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. NotActions none DataActions none NotDataActions none
{
"assignableScopes": [
"/"
],
"description": "The lab operator role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a36e6959-b6be-4b12-8e9f-ef4b474d304d",
"name": "a36e6959-b6be-4b12-8e9f-ef4b474d304d",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.LabServices/labPlans/images/read",
"Microsoft.LabServices/labPlans/read",
"Microsoft.LabServices/labPlans/saveImage/action",
"Microsoft.LabServices/labs/publish/action",
"Microsoft.LabServices/labs/read",
"Microsoft.LabServices/labs/schedules/read",
"Microsoft.LabServices/labs/schedules/write",
"Microsoft.LabServices/labs/schedules/delete",
"Microsoft.LabServices/labs/users/read",
"Microsoft.LabServices/labs/users/write",
"Microsoft.LabServices/labs/users/delete",
"Microsoft.LabServices/labs/users/invite/action",
"Microsoft.LabServices/labs/virtualMachines/read",
"Microsoft.LabServices/labs/virtualMachines/start/action",
"Microsoft.LabServices/labs/virtualMachines/stop/action",
"Microsoft.LabServices/labs/virtualMachines/reimage/action",
"Microsoft.LabServices/labs/virtualMachines/redeploy/action",
"Microsoft.LabServices/labs/virtualMachines/resetPassword/action",
"Microsoft.LabServices/locations/usages/read",
"Microsoft.LabServices/skus/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Lab Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}Enables you to fully control all Lab Services scenarios in the resource group.
[!div class="mx-tableFixed"]
Actions Description Microsoft.LabServices/* Create and manage lab services components Microsoft.Insights/alertRules/* Create and manage a classic metric alert Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Resources/deployments/* Create and manage a deployment Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. NotActions none DataActions Microsoft.LabServices/labPlans/createLab/action Create a new lab from a lab plan. NotDataActions none
{
"assignableScopes": [
"/"
],
"description": "The lab services contributor role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f69b8690-cc87-41d6-b77a-a4bc3c0a966f",
"name": "f69b8690-cc87-41d6-b77a-a4bc3c0a966f",
"permissions": [
{
"actions": [
"Microsoft.LabServices/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.LabServices/labPlans/createLab/action"
],
"notDataActions": []
}
],
"roleName": "Lab Services Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}Enables you to view, but not change, all lab plans and lab resources.
[!div class="mx-tableFixed"]
Actions Description Microsoft.LabServices/*/read Read lab services properties Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Resources/deployments/* Create and manage a deployment Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. NotActions none DataActions none NotDataActions none
{
"assignableScopes": [
"/"
],
"description": "The lab services reader role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2a5c394f-5eb7-4d4f-9c8e-e8eae39faebc",
"name": "2a5c394f-5eb7-4d4f-9c8e-e8eae39faebc",
"permissions": [
{
"actions": [
"Microsoft.LabServices/*/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Lab Services Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}View, create, update, delete and execute load tests. View and list load test resources but can not make any changes.
[!div class="mx-tableFixed"]
Actions Description Microsoft.LoadTestService/*/read Read load testing resources Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Resources/deployments/* Create and manage a deployment Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. Microsoft.Insights/alertRules/* Create and manage a classic metric alert NotActions Microsoft.LoadTestService/PlaywrightWorkspaces/* Microsoft.LoadTestService/locations/PlaywrightQuotas/* DataActions Microsoft.LoadTestService/loadtests/* Create and manage load tests Microsoft.LoadTestService/testProfiles/* Microsoft.LoadTestService/testProfileRuns/* NotDataActions none
{
"assignableScopes": [
"/"
],
"description": "View, create, update, delete and execute load tests. View and list load test resources but can not make any changes.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/749a398d-560b-491b-bb21-08924219302e",
"name": "749a398d-560b-491b-bb21-08924219302e",
"permissions": [
{
"actions": [
"Microsoft.LoadTestService/*/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*"
],
"notActions": [
"Microsoft.LoadTestService/PlaywrightWorkspaces/*",
"Microsoft.LoadTestService/locations/PlaywrightQuotas/*"
],
"dataActions": [
"Microsoft.LoadTestService/loadtests/*",
"Microsoft.LoadTestService/testProfiles/*",
"Microsoft.LoadTestService/testProfileRuns/*"
],
"notDataActions": []
}
],
"roleName": "Load Test Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}Execute all operations on load test resources and load tests
[!div class="mx-tableFixed"]
Actions Description Microsoft.LoadTestService/* Create and manage load testing resources Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Resources/deployments/* Create and manage a deployment Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. Microsoft.Insights/alertRules/* Create and manage a classic metric alert NotActions Microsoft.LoadTestService/PlaywrightWorkspaces/* Microsoft.LoadTestService/locations/PlaywrightQuotas/* DataActions Microsoft.LoadTestService/* Create and manage load testing resources NotDataActions none
{
"assignableScopes": [
"/"
],
"description": "Execute all operations on load test resources and load tests",
"id": "/providers/Microsoft.Authorization/roleDefinitions/45bb0b16-2f0c-4e78-afaa-a07599b003f6",
"name": "45bb0b16-2f0c-4e78-afaa-a07599b003f6",
"permissions": [
{
"actions": [
"Microsoft.LoadTestService/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*"
],
"notActions": [
"Microsoft.LoadTestService/PlaywrightWorkspaces/*",
"Microsoft.LoadTestService/locations/PlaywrightQuotas/*"
],
"dataActions": [
"Microsoft.LoadTestService/*"
],
"notDataActions": []
}
],
"roleName": "Load Test Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}View and list all load tests and load test resources but can not make any changes
[!div class="mx-tableFixed"]
Actions Description Microsoft.LoadTestService/*/read Read load testing resources Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Resources/deployments/* Create and manage a deployment Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. Microsoft.Insights/alertRules/* Create and manage a classic metric alert NotActions Microsoft.LoadTestService/PlaywrightWorkspaces/* Microsoft.LoadTestService/locations/PlaywrightQuotas/* DataActions Microsoft.LoadTestService/loadtests/readTest/action Read Load Tests Microsoft.LoadTestService/testProfiles/read Read Test Profiles Microsoft.LoadTestService/testProfileRuns/read Read Test Profile Runs NotDataActions none
{
"assignableScopes": [
"/"
],
"description": "View and list all load tests and load test resources but can not make any changes",
"id": "/providers/Microsoft.Authorization/roleDefinitions/3ae3fb29-0000-4ccd-bf80-542e7b26e081",
"name": "3ae3fb29-0000-4ccd-bf80-542e7b26e081",
"permissions": [
{
"actions": [
"Microsoft.LoadTestService/*/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*"
],
"notActions": [
"Microsoft.LoadTestService/PlaywrightWorkspaces/*",
"Microsoft.LoadTestService/locations/PlaywrightQuotas/*"
],
"dataActions": [
"Microsoft.LoadTestService/loadtests/readTest/action",
"Microsoft.LoadTestService/testProfiles/read",
"Microsoft.LoadTestService/testProfileRuns/read"
],
"notDataActions": []
}
],
"roleName": "Load Test Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}View and list Playwright Workspace resources but can not make any changes. Can manage service access tokens and execute Playwright tests.
[!div class="mx-tableFixed"]
Actions Description Microsoft.Loadtestservice/playwrightworkspaces/*/read Microsoft.Loadtestservice/locations/playwrightquotas/* Microsoft.Loadtestservice/playwrightworkspaces/AccessTokens/* Microsoft.Loadtestservice/playwrightworkspaces/TestRuns/* Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Resources/deployments/* Create and manage a deployment Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. NotActions none DataActions none NotDataActions none
{
"assignableScopes": [
"/"
],
"description": "View and list Playwright Workspace resources but can not make any changes. Can manage service access tokens and execute Playwright tests.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/78cf819f-0969-4ebe-8759-015c6efcd5bf",
"name": "78cf819f-0969-4ebe-8759-015c6efcd5bf",
"permissions": [
{
"actions": [
"Microsoft.Loadtestservice/playwrightworkspaces/*/read",
"Microsoft.Loadtestservice/locations/playwrightquotas/*",
"Microsoft.Loadtestservice/playwrightworkspaces/AccessTokens/*",
"Microsoft.Loadtestservice/playwrightworkspaces/TestRuns/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Playwright Workspace Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}Perform all operations on Playwright Workspace resources. Can manage service access tokens and execute Playwright tests.
[!div class="mx-tableFixed"]
Actions Description Microsoft.Loadtestservice/playwrightworkspaces/* Microsoft.Loadtestservice/locations/playwrightquotas/* Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Resources/deployments/* Create and manage a deployment Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. NotActions none DataActions none NotDataActions none
{
"assignableScopes": [
"/"
],
"description": "Perform all operations on Playwright Workspace resources. Can manage service access tokens and execute Playwright tests.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/45265627-32f7-4da4-9ab0-b1cb0e9ec70b",
"name": "45265627-32f7-4da4-9ab0-b1cb0e9ec70b",
"permissions": [
{
"actions": [
"Microsoft.Loadtestservice/playwrightworkspaces/*",
"Microsoft.Loadtestservice/locations/playwrightquotas/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Playwright Workspace Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}View and list all Playwright Workspace resources and tests but can not make any changes.
[!div class="mx-tableFixed"]
Actions Description Microsoft.Loadtestservice/playwrightworkspaces/*/read Microsoft.Loadtestservice/locations/playwrightquotas/*/read Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Resources/deployments/* Create and manage a deployment Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. NotActions none DataActions none NotDataActions none
{
"assignableScopes": [
"/"
],
"description": "View and list all Playwright Workspace resources and tests but can not make any changes.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/19d36063-d00b-4ea5-a1ac-a7c4926a0b78",
"name": "19d36063-d00b-4ea5-a1ac-a7c4926a0b78",
"permissions": [
{
"actions": [
"Microsoft.Loadtestservice/playwrightworkspaces/*/read",
"Microsoft.Loadtestservice/locations/playwrightquotas/*/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Playwright Workspace Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}