Azure permissions for General
This article lists the permissions for the Azure resource providers in the General category. You can use these permissions in your own Azure custom roles to provide granular access control to resources in Azure. Permission strings have the following format: {Company}.{ProviderName}/{resourceType}/{action}
Microsoft.Addons
Azure service: core
Action | Description |
---|---|
Microsoft.Addons/register/action | Register the specified subscription with Microsoft.Addons |
Microsoft.Addons/operations/read | Gets supported RP operations. |
Microsoft.Addons/supportProviders/listsupportplaninfo/action | Lists current support plan information for the specified subscription. |
Microsoft.Addons/supportProviders/supportPlanTypes/read | Get the specified Canonical support plan state. |
Microsoft.Addons/supportProviders/supportPlanTypes/write | Adds the Canonical support plan type specified. |
Microsoft.Addons/supportProviders/supportPlanTypes/delete | Removes the specified Canonical support plan |
Microsoft.Capacity
Azure service: core
Action | Description |
---|---|
Microsoft.Capacity/calculateprice/action | Calculate any Reservation Price |
Microsoft.Capacity/checkoffers/action | Check any Subscription Offers |
Microsoft.Capacity/checkscopes/action | Check any Subscription |
Microsoft.Capacity/validatereservationorder/action | Validate any Reservation |
Microsoft.Capacity/reservationorders/action | Update any Reservation |
Microsoft.Capacity/register/action | Registers the Capacity resource provider and enables the creation of Capacity resources. |
Microsoft.Capacity/unregister/action | Unregister any Tenant |
Microsoft.Capacity/calculateexchange/action | Computes the exchange amount and price of new purchase and returns policy Errors. |
Microsoft.Capacity/exchange/action | Exchange any Reservation |
Microsoft.Capacity/listSkus/action | Lists SKUs with filters and without any restrictions |
Microsoft.Capacity/appliedreservations/read | Read All Reservations |
Microsoft.Capacity/catalogs/read | Read catalog of Reservation |
Microsoft.Capacity/commercialreservationorders/read | Get Reservation Orders created in any Tenant |
Microsoft.Capacity/operations/read | Read any Operation |
Microsoft.Capacity/reservationorders/changedirectory/action | Change directory of any reservation |
Microsoft.Capacity/reservationorders/availablescopes/action | Find any Available Scope |
Microsoft.Capacity/reservationorders/read | Read All Reservations |
Microsoft.Capacity/reservationorders/write | Create any Reservation |
Microsoft.Capacity/reservationorders/delete | Delete any Reservation |
Microsoft.Capacity/reservationorders/reservations/action | Update any Reservation |
Microsoft.Capacity/reservationorders/return/action | Return any Reservation |
Microsoft.Capacity/reservationorders/swap/action | Swap any Reservation |
Microsoft.Capacity/reservationorders/split/action | Split any Reservation |
Microsoft.Capacity/reservationorders/changeBilling/action | Reservation billing change |
Microsoft.Capacity/reservationorders/merge/action | Merge any Reservation |
Microsoft.Capacity/reservationorders/calculaterefund/action | Computes the refund amount and price of new purchase and returns policy Errors. |
Microsoft.Capacity/reservationorders/changebillingoperationresults/read | Poll any Reservation billing change operation |
Microsoft.Capacity/reservationorders/mergeoperationresults/read | Poll any merge operation |
Microsoft.Capacity/reservationorders/reservations/availablescopes/action | Find any Available Scope |
Microsoft.Capacity/reservationorders/reservations/read | Read All Reservations |
Microsoft.Capacity/reservationorders/reservations/write | Create any Reservation |
Microsoft.Capacity/reservationorders/reservations/delete | Delete any Reservation |
Microsoft.Capacity/reservationorders/reservations/archive/action | Archive a reservation which is in a terminal state like Expired, Split etc. |
Microsoft.Capacity/reservationorders/reservations/unarchive/action | Unarchive a Reservation which was previously archived |
Microsoft.Capacity/reservationorders/reservations/revisions/read | Read All Reservations |
Microsoft.Capacity/reservationorders/splitoperationresults/read | Poll any split operation |
Microsoft.Capacity/resourceProviders/locations/serviceLimits/read | Get the current service limit or quota of the specified resource and location |
Microsoft.Capacity/resourceProviders/locations/serviceLimits/write | Create service limit or quota for the specified resource and location |
Microsoft.Capacity/resourceProviders/locations/serviceLimitsRequests/read | Get any service limit request for the specified resource and location |
Microsoft.Capacity/tenants/register/action | Register any Tenant |
Microsoft.Commerce
Azure service: core
Action | Description |
---|---|
Microsoft.Commerce/register/action | Register Subscription for Microsoft Commerce UsageAggregate |
Microsoft.Commerce/unregister/action | Unregister Subscription for Microsoft Commerce UsageAggregate |
Microsoft.Commerce/RateCard/read | Returns offer data, resource/meter metadata and rates for the given subscription. |
Microsoft.Commerce/UsageAggregates/read | Retrieves Microsoft Azure's consumption by a subscription. The result contains aggregates usage data, subscription and resource related information, on a particular time range. |
Microsoft.Marketplace
Azure service: core
Action | Description |
---|---|
Microsoft.Marketplace/register/action | Registers Microsoft.Marketplace resource provider in the subscription. |
Microsoft.Marketplace/privateStores/action | Updates PrivateStore. |
Microsoft.Marketplace/search/action | Returns a list of azure private store marketplace catalog offers and total count and facets |
Microsoft.Marketplace/mysolutions/read | Get user solutions |
Microsoft.Marketplace/mysolutions/write | Create or update user solutions |
Microsoft.Marketplace/mysolutions/delete | Remove user solutions |
Microsoft.Marketplace/offerTypes/publishers/offers/plans/agreements/read | Returns an Agreement. |
Microsoft.Marketplace/offerTypes/publishers/offers/plans/agreements/write | Accepts a signed agreement. |
Microsoft.Marketplace/offerTypes/publishers/offers/plans/configs/read | Returns a config. |
Microsoft.Marketplace/offerTypes/publishers/offers/plans/configs/write | Saves a config. |
Microsoft.Marketplace/offerTypes/publishers/offers/plans/configs/importImage/action | Imports an image to the end user's ACR. |
Microsoft.Marketplace/privateStores/write | Creates PrivateStore. |
Microsoft.Marketplace/privateStores/delete | Deletes PrivateStore. |
Microsoft.Marketplace/privateStores/offers/action | Updates offer in PrivateStore. |
Microsoft.Marketplace/privateStores/read | Reads PrivateStores. |
Microsoft.Marketplace/privateStores/requestApprovals/action | Update request approvals |
Microsoft.Marketplace/privateStores/fetchAllSubscriptionsInTenant/action | Admin fetches all subscriptions in tenant |
Microsoft.Marketplace/privateStores/listStopSellOffersPlansNotifications/action | List stop sell offers plans notifications |
Microsoft.Marketplace/privateStores/listSubscriptionsContext/action | List the subscription in private store context |
Microsoft.Marketplace/privateStores/listNewPlansNotifications/action | List new plans notifications |
Microsoft.Marketplace/privateStores/queryUserOffers/action | Fetch the approved offers from the offers ids and the user subscriptions in the payload |
Microsoft.Marketplace/privateStores/queryUserRules/action | Fetch the approved rules for the user under the user subscriptions |
Microsoft.Marketplace/privateStores/anyExistingOffersInTheStore/action | Return true if there is an existing offer for at least one enabled collection |
Microsoft.Marketplace/privateStores/queryInternalOfferIds/action | List of all internal offers under given azure application and plans |
Microsoft.Marketplace/privateStores/adminRequestApprovals/read | Read all request approvals details, only admins |
Microsoft.Marketplace/privateStores/adminRequestApprovals/write | Admin update the request with decision on the request |
Microsoft.Marketplace/privateStores/collections/approveAllItems/action | Delete all specific approved items and set collection to allItemsApproved |
Microsoft.Marketplace/privateStores/collections/disableApproveAllItems/action | Set approve all items property to false for the collection |
Microsoft.Marketplace/privateStores/collections/setRules/action | Set Rules on a given collection |
Microsoft.Marketplace/privateStores/collections/queryRules/action | Get Rules on a given collection |
Microsoft.Marketplace/privateStores/collections/upsertOfferWithMultiContext/action | Upsert an offer with different contexts |
Microsoft.Marketplace/privateStores/collections/offers/action | Get Collection Offers By Public and Subscriptions Context |
Microsoft.Marketplace/privateStores/offers/write | Creates offer in PrivateStore. |
Microsoft.Marketplace/privateStores/offers/delete | Deletes offer from PrivateStore. |
Microsoft.Marketplace/privateStores/offers/read | Reads PrivateStore offers. |
Microsoft.Marketplace/privateStores/queryNotificationsState/read | Read notifications state details, only admins |
Microsoft.Marketplace/privateStores/requestApprovals/read | Read request approvals |
Microsoft.Marketplace/privateStores/requestApprovals/write | Create request approval |
Microsoft.Marketplace/privateStores/RequestApprovals/offer/acknowledgeNotification/write | Acknowledge a notification, Admins only |
Microsoft.Marketplace/privateStores/RequestApprovals/withdrawPlan/write | Withdraw a plan from offer's notifications |
Microsoft.MarketplaceOrdering
Azure service: core
Action | Description |
---|---|
Microsoft.MarketplaceOrdering/agreements/read | Return all agreements under given subscription |
Microsoft.MarketplaceOrdering/agreements/offers/plans/read | Return an agreement for a given marketplace item |
Microsoft.MarketplaceOrdering/agreements/offers/plans/sign/action | Sign an agreement for a given marketplace item |
Microsoft.MarketplaceOrdering/agreements/offers/plans/cancel/action | Cancel an agreement for a given marketplace item |
Microsoft.MarketplaceOrdering/offertypes/publishers/offers/plans/agreements/read | Get an agreement for a given marketplace virtual machine item |
Microsoft.MarketplaceOrdering/offertypes/publishers/offers/plans/agreements/write | Sign or Cancel an agreement for a given marketplace virtual machine item |
Microsoft.MarketplaceOrdering/operations/read | List all possible operations in the API |
Microsoft.Quota
Azure service: Azure Quotas
Action | Description |
---|---|
Microsoft.Quota/register/action | Register the subscription with Microsoft.Quota Resource Provider |
Microsoft.Quota/groupQuotas/read | Get the GroupQuota |
Microsoft.Quota/groupQuotas/write | Creates the GroupQuota resource |
Microsoft.Quota/groupQuotas/delete | Deletes the GroupQuota resource |
Microsoft.Quota/groupQuotas/groupQuotaLimits/read | Get the current GroupQuota of the specified resource |
Microsoft.Quota/groupQuotas/groupQuotaLimits/write | Creates the GroupQuota request for the specified resource |
Microsoft.Quota/groupQuotas/groupQuotaRequests/read | Get the GroupQuota request status for the specific request |
Microsoft.Quota/groupQuotas/quotaAllocationRequests/read | Get the GroupQuota to Subscription Quota allocation request status for the specific request |
Microsoft.Quota/groupQuotas/quotaAllocations/read | Get the current GroupQuota to Subscription Quota allocation |
Microsoft.Quota/groupQuotas/quotaAllocations/write | Creates the GroupQuota to subscription Quota limit request for the specified resource |
Microsoft.Quota/groupQuotas/subscriptions/read | Get the GroupQuota subscriptions |
Microsoft.Quota/groupQuotas/subscriptions/write | Add Subscriptions to GroupQuota resource |
Microsoft.Quota/groupQuotas/subscriptions/delete | Deletes Subscriptions from GroupQuota resource |
Microsoft.Quota/operations/read | Get the Operations supported by Microsoft.Quota |
Microsoft.Quota/quotaRequests/read | Get any service limit request for the specified resource |
Microsoft.Quota/quotas/read | Get the current Service limit or quota of the specified resource |
Microsoft.Quota/quotas/write | Creates the service limit or quota request for the specified resource |
Microsoft.Quota/usages/read | Get the usages for resource providers |
Microsoft.Subscription
Azure service: core
Action | Description |
---|---|
Microsoft.Subscription/cancel/action | Cancels the Subscription |
Microsoft.Subscription/rename/action | Renames the Subscription |
Microsoft.Subscription/enable/action | Reactivates the Subscription |
Microsoft.Subscription/aliases/write | Create subscription alias |
Microsoft.Subscription/aliases/read | Get subscription alias |
Microsoft.Subscription/aliases/delete | Delete subscription alias |
Microsoft.Subscription/changeTenantRequest/write | Change tenant request of the Subscription |
Microsoft.Subscription/Policies/write | Create tenant policy |
Microsoft.Subscription/Policies/default/read | Get tenant policy |
Microsoft.Subscription/subscriptions/acceptOwnership/action | Accept ownership of Subscription |
Microsoft.Subscription/subscriptions/acceptChangeTenant/action | Accept Change tenant request of the Subscription |
Microsoft.Subscription/subscriptions/acceptOwnershipStatus/read | Get the status of accepting ownership of Subscription |
Microsoft.Subscription/subscriptions/changeTenantStatus/read | Change tenant status of the Subscription |
Microsoft.Support
Azure service: core
Action | Description |
---|---|
Microsoft.Support/register/action | Registers Support Resource Provider |
Microsoft.Support/lookUpResourceId/action | Looks up resource Id for resource type |
Microsoft.Support/checkNameAvailability/action | Checks that name is valid and not in use for resource type |
Microsoft.Support/operationresults/read | Gets the result of the asynchronous operation |
Microsoft.Support/operations/read | Lists all operations available on Microsoft.Support resource provider |
Microsoft.Support/operationsstatus/read | Gets the status of the asynchronous operation |
Microsoft.Support/services/read | Lists one or all Azure services available for support |
Microsoft.Support/services/problemClassifications/read | Lists one or all problem classifications for an Azure service |
Microsoft.Support/supportTickets/read | Lists one or all support tickets |
Microsoft.Support/supportTickets/write | Allows creating and updating a support ticket |