AzRoleAdvertizer

last sync: 2025-Sep-16 17:22:53 UTC

Azure AI Project Manager

Azure BuiltIn RBAC Role definition

Name

Azure AI Project Manager

eadc314b-1a2d-4efa-be10-5d325db5065e

Description

Lets you perform developer actions and management actions on Azure AI Foundry Projects. Allows for making role assignments, but limited to Cognitive Service User role.

Category

None

CreatedOn

2025-04-22 15:07:10 UTC

UpdatedOn

2025-05-01 00:11:10 UTC

Permissions summary

Effective control plane and data plane operations: 1649 (unique operations)
•: 1
•action: 466
•delete: 229
•read: 690
•write: 263

Actions: 9
Resolved control plane operations from Actions: 93
Effective control plane operations: 93
•: 1
•action: 8
•delete: 6
•read: 72
•write: 6

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 17060

DataActions: 1
Resolved data plane operations: 1556
Effective data plane operations: 1556
•action: 458
•delete: 223
•read: 618
•write: 257

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 2192

Actions

Operation	Description
Microsoft.Authorization/*/read	wildcarded / no description
Microsoft.Authorization/roleAssignments/delete conditioned	Delete a role assignment at the specified scope.
Microsoft.Authorization/roleAssignments/write conditioned	Create a role assignment at the specified scope.
Microsoft.CognitiveServices/accounts/*/read	wildcarded / no description
Microsoft.CognitiveServices/accounts/projects/*	wildcarded / no description
Microsoft.CognitiveServices/locations/*/read	wildcarded / no description
Microsoft.Insights/alertRules/*	wildcarded / no description
Microsoft.Resources/deployments/*	wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/read	Gets or lists resource groups.

NotActions

n/a

DataActions

Operation	Description
Microsoft.CognitiveServices/*	wildcarded / no description

NotDataActions

n/a

Used in
BuiltIn Policy

none

History

Date/Time (UTC ymd) (i)	Change	Change detail
2025-04-23 18:17:42	add: Role	eadc314b-1a2d-4efa-be10-5d325db5065e

JSON

api-version=2023-07-01-preview

Condition

    (
        (
            !
            (
                ActionMatches {
                'Microsoft.Authorization/roleAssignments/write'
                }
            )
        )
        OR
        (
            @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
            53ca6127-db72-4b80-b1b0-d745d6d5456d (Azure AI User)
            }
        )
    )
    AND
    (
        (
            !
            (
                ActionMatches {
                'Microsoft.Authorization/roleAssignments/delete'
                }
            )
        )
        OR
        (
            @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
            53ca6127-db72-4b80-b1b0-d745d6d5456d (Azure AI User)
            }
        )
    )