You can specify the following actions in the Actions element of an Azure role definition.
| Method | Short Description | Used By | Access Level | Description | Origins |
|---|
You can use the following methods in the Azure CLI, SDKs or API.
| Operation ID | Description | IAM Actions | REST URI | Versions |
|---|
Consume the above permissions with your own tooling.
Number of known actions within the Azure RBAC service.
Number of known API methods within all of Azure.
Number of built-in roles provided by Azure.
The azure.permissions.cloud website uses a variety of information gathered within the IAM Dataset and exposes that information in a clean, easy-to-read format.
azure.permissions.cloud was built in order to provide an alternate, community-driven source of truth for Azure identity. If you would like to contribute to or suggest a feature for this website, please raise it in the azure.permissions.cloud repo. If you have found a data issue with the IAM permissions or API methods, please raise it in the IAM Dataset repo.
The website can be navigated using the left sidebar or by quickly looking up a specific managed policy, permission or API method in the top search bar.
The dashboard has a small selection of statistics about the global state of permissions and API methods.
The built-in roles section lists all known Azure built-in roles with the ability to view individual roles in-depth. Additional analysis is presented about the effective permissions the policy provides.
The following table represents the attributes available on either a built-in role or an effective permissions within it:
| Tag | Description |
|---|---|
| external actions | A built-in role tag indicating that the built-in role contains actions that are external to the code Azure ecosystem, typically for third parties. |
| unknown actions | A built-in role tag indicating that the built-in role contains an action that is not documented in the official provider operations reference. |
| undocumented actions | A built-in role tag that indicates the presence of undocumented actions within the policy. |
| malformed | A built-in role tag that indicates the presence of a malformed statement within the policy. |
| deprecated | A built-in role tag that indicates the policy is deprecated. |
IAM Permissions are available on all service pages. Each IAM permission details its own identifier, short and long descriptions, access level, as well as permitted origins where available.
API Methods are available on all service pages. Each API Method details its own identifier, short and long descriptions, as well as permitted origins where available.
Enter your custom role JSON in the box below.
Below is a breakdown of the effective actions for the policy.
| Action | Based On | Origins |
|---|