| Operation |
Description |
| Microsoft.Authorization/*/read | wildcarded / no description |
| Microsoft.Compute/diskEncryptionSets/* | wildcarded / no description |
| Microsoft.Compute/diskEncryptionSets/delete | Delete a disk encryption set |
| Microsoft.Compute/diskEncryptionSets/read | Get the properties of a disk encryption set |
| Microsoft.Compute/diskEncryptionSets/write | Create a new disk encryption set or update an existing one |
| Microsoft.Compute/disks/beginGetAccess/action | Get the SAS URI of the Disk for blob access |
| Microsoft.Compute/disks/delete | Deletes the Disk |
| Microsoft.Compute/disks/endGetAccess/action | Revoke the SAS URI of the Disk |
| Microsoft.Compute/disks/read | Get the properties of a Disk |
| Microsoft.Compute/disks/write | Creates a new Disk or updates an existing one |
| Microsoft.Compute/galleries/images/versions/read | Gets the properties of Gallery Image Version |
| Microsoft.Compute/locations/DiskOperations/read | Gets the status of an asynchronous Disk operation |
| Microsoft.Compute/locations/operations/read | Gets the status of an asynchronous operation |
| Microsoft.Compute/locations/usages/read | Gets service limits and current usage quantities for the subscription's compute resources in a location |
| Microsoft.Compute/skus/read | Gets the list of Microsoft.Compute SKUs available for your Subscription |
| Microsoft.Compute/snapshots/beginGetAccess/action | Get the SAS URI of the Snapshot for blob access |
| Microsoft.Compute/snapshots/delete | Delete a Snapshot |
| Microsoft.Compute/snapshots/endGetAccess/action | Revoke the SAS URI of the Snapshot |
| Microsoft.Compute/snapshots/read | Get the properties of a Snapshot |
| Microsoft.Compute/snapshots/write | Create a new Snapshot or update an existing one |
| Microsoft.Compute/virtualMachines/deallocate/action | Powers off the virtual machine and releases the compute resources |
| Microsoft.Compute/virtualMachines/delete | Deletes the virtual machine |
| Microsoft.Compute/virtualMachines/extensions/delete | Deletes the virtual machine extension |
| Microsoft.Compute/virtualMachines/extensions/read | Get the properties of a virtual machine extension |
| Microsoft.Compute/virtualMachines/extensions/write | Creates a new virtual machine extension or updates an existing one |
| Microsoft.Compute/virtualMachines/powerOff/action | Powers off the virtual machine. Note that the virtual machine will continue to be billed. |
| Microsoft.Compute/virtualMachines/read | Get the properties of a virtual machine |
| Microsoft.Compute/virtualMachines/restart/action | Restarts the virtual machine |
| Microsoft.Compute/virtualMachines/runCommand/action | Executes a predefined script on the virtual machine |
| Microsoft.Compute/virtualMachines/start/action | Starts the virtual machine |
| Microsoft.Compute/virtualMachines/write | Creates a new virtual machine or updates an existing virtual machine |
| Microsoft.DocumentDB/databaseAccounts/read | Reads a database account. |
| Microsoft.Insights/alertRules/* | wildcarded / no description |
| Microsoft.Insights/diagnosticSettings/read | Read a resource diagnostic setting |
| microsoft.insights/diagnosticSettings/write | Create or update a resource diagnostic setting |
| microsoft.insights/metrics/read | Read metrics |
| Microsoft.KeyVault/vaults/delete | Deletes a key vault |
| Microsoft.KeyVault/vaults/deploy/action | Enables access to secrets in a key vault when deploying Azure resources |
| Microsoft.KeyVault/vaults/read | View the properties of a key vault |
| Microsoft.KeyVault/vaults/write | Creates a new key vault or updates the properties of an existing key vault. Certain properties may require more permissions. |
| Microsoft.ManagedIdentity/userAssignedIdentities/assign/action | RBAC action for assigning an existing user assigned identity to a resource |
| Microsoft.ManagedIdentity/userAssignedIdentities/delete | Deletes an existing user assigned identity |
| Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/read | Get or list Federated Identity Credentials |
| Microsoft.ManagedIdentity/userAssignedIdentities/read | Gets an existing user assigned identity |
| Microsoft.ManagedIdentity/userAssignedIdentities/write | Creates a new user assigned identity or updates the tags associated with an existing user assigned identity |
| Microsoft.Network/loadBalancers/backendAddressPools/backendPoolAddresses/read | Lists the backend addresses of the Load Balancer backend address pool |
| Microsoft.Network/loadBalancers/backendAddressPools/delete | Deletes a load balancer backend address pool |
| Microsoft.Network/loadBalancers/backendAddressPools/health/action | Get Health Details of Backend Instance |
| Microsoft.Network/loadBalancers/backendAddressPools/join/action | Joins a load balancer backend address pool. Not Alertable. |
| Microsoft.Network/loadBalancers/backendAddressPools/read | Gets a load balancer backend address pool definition |
| Microsoft.Network/loadBalancers/backendAddressPools/write | Creates a load balancer backend address pool or updates an existing load balancer backend address pool |
| Microsoft.Network/loadBalancers/delete | Deletes a load balancer |
| Microsoft.Network/loadBalancers/inboundNatRules/delete | Deletes a load balancer inbound nat rule |
| Microsoft.Network/loadBalancers/inboundNatRules/join/action | Joins a load balancer inbound nat rule. Not Alertable. |
| Microsoft.Network/loadBalancers/inboundNatRules/read | Gets a load balancer inbound nat rule definition |
| Microsoft.Network/loadBalancers/inboundNatRules/write | Creates a load balancer inbound nat rule or updates an existing load balancer inbound nat rule |
| Microsoft.Network/loadBalancers/loadBalancingRules/read | Gets a load balancer load balancing rule definition |
| Microsoft.Network/loadBalancers/outboundRules/read | Gets a load balancer outbound rule definition |
| Microsoft.Network/loadBalancers/probes/read | Gets a load balancer probe |
| Microsoft.Network/loadBalancers/read | Gets a load balancer definition |
| Microsoft.Network/loadBalancers/write | Creates a load balancer or updates an existing load balancer |
| Microsoft.Network/locations/operationResults/read | Gets operation result of an async POST or DELETE operation |
| Microsoft.Network/locations/operations/read | Gets operation resource that represents status of an asynchronous operation |
| Microsoft.Network/locations/serviceTags/read | Get Service Tags |
| Microsoft.Network/locations/supportedVirtualMachineSizes/read | Gets supported virtual machines sizes |
| Microsoft.Network/locations/usages/read | Gets the resources usage metrics |
| Microsoft.Network/networkInterfaces/delete | Deletes a network interface |
| Microsoft.Network/networkInterfaces/join/action | Joins a Virtual Machine to a network interface. Not Alertable. |
| Microsoft.Network/networkInterfaces/read | Gets a network interface definition. |
| Microsoft.Network/networkInterfaces/write | Creates a network interface or updates an existing network interface. |
| Microsoft.Network/networkSecurityGroups/delete | Deletes a network security group |
| Microsoft.Network/networkSecurityGroups/join/action | Joins a network security group. Not Alertable. |
| Microsoft.Network/networkSecurityGroups/read | Gets a network security group definition |
| Microsoft.Network/networkSecurityGroups/securityRules/read | Gets a security rule definition |
| Microsoft.Network/networkSecurityGroups/write | Creates a network security group or updates an existing network security group |
| Microsoft.Network/networkWatchers/read | Get the network watcher definition |
| Microsoft.Network/privateDnsOperationStatuses/read | Gets status of a Private DNS operation |
| Microsoft.Network/privateDnsZones/delete | Delete a Private DNS zone. |
| Microsoft.Network/privateDnsZones/read | Get the Private DNS zone properties, in JSON format. Note that this command does not retrieve the virtual networks to which the Private DNS zone is linked or the record sets contained within the zone. |
| Microsoft.Network/privateDnsZones/write | Create or update a Private DNS zone within a resource group. Note that this command cannot be used to create or update virtual network links or record sets within the zone. |
| Microsoft.Network/publicIPAddresses/delete | Deletes a public Ip address. |
| Microsoft.Network/publicIPAddresses/join/action | Joins a public ip address. Not Alertable. |
| Microsoft.Network/publicIPAddresses/read | Gets a public ip address definition. |
| Microsoft.Network/publicIPAddresses/write | Creates a public Ip address or updates an existing public Ip address. |
| Microsoft.Network/virtualNetworks/delete | Deletes a virtual network |
| Microsoft.Network/virtualNetworks/read | Get the virtual network definition |
| Microsoft.Network/virtualNetworks/remoteVirtualNetworkPeeringProxies/delete | no description given |
| Microsoft.Network/virtualNetworks/remoteVirtualNetworkPeeringProxies/write | no description given |
| Microsoft.Network/virtualNetworks/subnets/delete | Deletes a virtual network subnet |
| Microsoft.Network/virtualNetworks/subnets/join/action | Joins a virtual network. Not Alertable. |
| Microsoft.Network/virtualNetworks/subnets/read | Gets a virtual network subnet definition |
| Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/delete | no description given |
| Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/Details/read | no description given |
| Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/read | no description given |
| Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/validate/action | no description given |
| Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/write | no description given |
| Microsoft.Network/virtualNetworks/subnets/write | Creates a virtual network subnet or updates an existing virtual network subnet |
| Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete | Deletes a virtual network peering |
| Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read | Gets a virtual network peering definition |
| Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write | Creates a virtual network peering or updates an existing virtual network peering |
| Microsoft.Network/virtualNetworks/write | Creates a virtual network or updates an existing virtual network |
| Microsoft.Resources/deployments/* | wildcarded / no description |
| Microsoft.Resources/deployments/operations/read | Gets or lists deployment operations. |
| Microsoft.Resources/deployments/read | Gets or lists deployments. |
| Microsoft.Resources/subscriptions/providers/read | Gets or lists resource providers. |
| Microsoft.Resources/subscriptions/resourcegroups/read | Gets or lists resource groups. |
| Microsoft.Resources/subscriptions/resourceGroups/read | Gets or lists resource groups. |
| Microsoft.Resources/subscriptions/resourcegroups/write | Creates or updates a resource group. |
| Microsoft.Security/assessments/read | Get security assessments on your subscription |
| Microsoft.Storage/locations/usages/read | Returns the limit and the current usage count for resources in the specified subscription |
| Microsoft.Storage/operations/read | Polls the status of an asynchronous operation. |
| Microsoft.Storage/skus/read | Lists the Skus supported by Microsoft.Storage. |
| Microsoft.Storage/storageAccounts/blobServices/containers/delete | Returns the result of deleting a container |
| Microsoft.Storage/storageAccounts/blobServices/containers/read | Returns list of containers |
| Microsoft.Storage/storageAccounts/blobServices/containers/write | Returns the result of put blob container |
| Microsoft.Storage/storageAccounts/blobServices/read | Returns blob service properties or statistics |
| Microsoft.Storage/storageAccounts/delete | Deletes an existing storage account. |
| Microsoft.Storage/storageAccounts/fileservices/read | Get file service properties |
| Microsoft.Storage/storageAccounts/fileServices/shares/read | List file shares |
| Microsoft.Storage/storageAccounts/listKeys/action | Returns the access keys for the specified storage account. |
| Microsoft.Storage/storageAccounts/managementPolicies/delete | Delete storage account management policies |
| Microsoft.Storage/storageAccounts/managementPolicies/read | Get storage management account policies |
| Microsoft.Storage/storageAccounts/managementPolicies/write | Put storage account management policies |
| Microsoft.Storage/storageAccounts/privateEndpointConnections/read | Get Private Endpoint Connection |
| Microsoft.Storage/storageAccounts/queueServices/queues/read | Returns a queue or a list of queues. |
| Microsoft.Storage/storageAccounts/read | Returns the list of storage accounts or gets the properties for the specified storage account. |
| Microsoft.Storage/storageAccounts/regenerateKey/action | Regenerates the access keys for the specified storage account. |
| Microsoft.Storage/storageAccounts/sharedIdentities/read | no description given |
| Microsoft.Storage/storageAccounts/sharedIdentities/write | no description given |
| Microsoft.Storage/storageAccounts/tableServices/tables/read | Query tables |
| Microsoft.Storage/storageAccounts/write | Creates a storage account with the specified parameters or update the properties or tags or adds custom domain for the specified storage account. |