AzRoleAdvertizer

last sync: 2025-Jun-27 17:23:14 UTC

Deployment Environments User

Azure BuiltIn RBAC Role definition

NameDeployment Environments User
Microsoft Learn
Id18e40d4e-8d2e-438d-97e1-9528336e149c
DescriptionProvides access to manage environment resources.
CategoryDevOps
Microsoft Learn
CreatedOn2022-09-21 23:02:10 UTC
UpdatedOn2023-11-11 02:44:04 UTC
Permissions summary Effective control plane and data plane operations: 47 (unique operations)
•action: 5
•read: 42

Actions: 4
Resolved control plane operations from Actions: 44
Effective control plane operations: 42
•read: 42

NotActions: 2
Resolved control plane operations from NotActions: 2
Effective denied control plane operations: 16710

DataActions: 5
Resolved data plane operations: 5
Effective data plane operations: 5
•action: 5

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3565
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.DevCenter/projects/*/readwildcarded / no description
Microsoft.DevCenter/projects/readGets a specific project.
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
NotActions
Operation Description
Microsoft.DevCenter/projects/pools/readGets a machine pool
Microsoft.DevCenter/projects/pools/schedules/readGets a schedule resource.
DataActions
Operation Description
Microsoft.DevCenter/projects/users/environments/userActionManage/actionAllows a user to skip, delay etc. environment actions.
Microsoft.DevCenter/projects/users/environments/userDelete/actionAllows a user to delete the environments they have access to in a project.
Microsoft.DevCenter/projects/users/environments/userOutputsRead/actionAllows a user to read Output values from environment deployment.
Microsoft.DevCenter/projects/users/environments/userRead/actionAllows a user to read the environments they have access to in a project.
Microsoft.DevCenter/projects/users/environments/userWrite/actionAllows a user to write the environments they have access to in a project.
NotDataActions n/a
Used in
BuiltIn Policy		 none
History
Date/Time (UTC ymd) (i) Change Change detail
2023-11-13 16:45:45 change: Actions, NotActions, DataActions Actions: 'remove Microsoft.Fidalgo/projects/read; remove Microsoft.Fidalgo/projects/*/read',
NotActions: 'remove Microsoft.Fidalgo/projects/pools/read',
DataActions: 'remove Microsoft.DevCenter/projects/users/environments/adminRead/action; remove Microsoft.DevCenter/projects/users/environments/adminAction/action; remove Microsoft.DevCenter/projects/users/environments/adminActionRead/action; add Microsoft.DevCenter/projects/users/environments/userRead/action'
2023-10-17 16:35:42 change: DataActions DataActions: 'add Microsoft.DevCenter/projects/users/environments/adminActionRead/action; add Microsoft.DevCenter/projects/users/environments/userActionManage/action; add Microsoft.DevCenter/projects/users/environments/userOutputsRead/action'
2022-10-12 16:34:55 change: DisplayName, Description, Actions New DisplayName: 'Deployment Environments User'
Old DisplayName: 'Microsoft.DevCenter Deployment Environments User',
New Description: 'Provides access to manage environment resources.'
Old Description: 'Microsoft.DevCenter Deployment Environments User.',
Actions: 'add Microsoft.Authorization/*/read'
2022-09-26 16:35:37 add: Role 18e40d4e-8d2e-438d-97e1-9528336e149c
JSON
api-version=2023-07-01-preview
 
{9 items
  • roleName: "Deployment Environments User",
  • type: "BuiltInRole",
  • description: "Provides access to manage environment resources.",
  • assignableScopes: [1 item
    • "/"
    ],
  • permissions: [1 item
    • {4 items
      • actions: [4 items
        • "Microsoft.DevCenter/projects/read",
        • "Microsoft.DevCenter/projects/*/read",
        • "Microsoft.Resources/subscriptions/resourceGroups/read",
        • "Microsoft.Authorization/*/read"
        ],
      • notActions: [2 items
        • "Microsoft.DevCenter/projects/pools/read",
        • "Microsoft.DevCenter/projects/pools/schedules/read"
        ],
      • dataActions: [5 items
        • "Microsoft.DevCenter/projects/users/environments/userRead/action",
        • "Microsoft.DevCenter/projects/users/environments/userWrite/action",
        • "Microsoft.DevCenter/projects/users/environments/userDelete/action",
        • "Microsoft.DevCenter/projects/users/environments/userActionManage/action",
        • "Microsoft.DevCenter/projects/users/environments/userOutputsRead/action"
        ],
      • notDataActions: []
      }
    ],
  • createdOn: "2022-09-21T23:02:10.9267534Z",
  • updatedOn: "2023-11-11T02:44:04.8360299Z",
  • createdBy: null,
  • updatedBy: null
}
Condition none