internal/misc/Ppac.Rbac.Roles.json
|
[
{ "roleDefinitionId": "95e94555-018c-447b-8691-bdac8e12211e", "roleDefinitionName": "Power Platform Role Based Access Control Administrator", "description": "Grants read access to all resources and the ability to manage role assignments for Power Platform resources.", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [], "permissions": [ "*.Read", "Authorization.RoleAssignments.Write", "Authorization.RoleAssignments.Delete" ], "permissionsExceptions": [] }, { "roleDefinitionId": "c886ad2e-27f7-4874-8381-5849b8d8a090", "roleDefinitionName": "Power Platform Reader", "description": "Grants read-only access to view all Power Platform resources including role definitions and role assignments.", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [], "permissions": [ "*.Read" ], "permissionsExceptions": [] }, { "roleDefinitionId": "ff954d61-a89a-4fbe-ace9-01c367b89f87", "roleDefinitionName": "Power Platform Contributor", "description": "Grants full access to manage all Power Platform resources, but does not allow you to assign or remove role assignments.", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [], "permissions": [ "*" ], "permissionsExceptions": [ "Authorization.RoleAssignments.Write", "Authorization.RoleAssignments.Delete" ] }, { "roleDefinitionId": "0cb07c69-1631-4725-ab35-e59e001c51ea", "roleDefinitionName": "Power Platform Owner", "description": "Grants full access to manage all Power Platform resources, including the ability to assign and manage role assignments.", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [], "permissions": [ "*" ], "permissionsExceptions": [] }, { "roleDefinitionId": "5835ab2b-77cf-48c6-9a37-4de77b1354ee", "roleDefinitionName": "Copilot Studio Authors", "description": "Grants access to view, create, and modify copilots in Copilot Studio.", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [], "permissions": [ "CopilotStudio.Copilots.Read", "CopilotStudio.Copilots.Write" ], "permissionsExceptions": [] }, { "roleDefinitionId": "6ec9a887-3309-4d9c-bec1-c24e37ae617e", "roleDefinitionName": "Vibe Project Owner", "description": "Grants full access to manage the Vibe project including viewing, editing, and deleting.", "assignableScopes": [ "/tenants/{0}/environments/{1}/projects/{2}" ], "restrictedScopes": [], "permissions": [ "Vibe.Projects.*" ], "permissionsExceptions": [] }, { "roleDefinitionId": "2d6b7db4-6751-456c-baa9-e708d8862c44", "roleDefinitionName": "Vibe Project Contributor", "description": "Grants access to view and edit the Vibe project, but does not allow deleting it.", "assignableScopes": [ "/tenants/{0}/environments/{1}/projects/{2}" ], "restrictedScopes": [], "permissions": [ "Vibe.Projects.Read", "Vibe.Projects.Write" ], "permissionsExceptions": [] }, { "roleDefinitionId": "73117049-034a-421d-ac67-df2314308369", "roleDefinitionName": "Vibe Project Viewer", "description": "Grants read-only access to view the Vibe project.", "assignableScopes": [ "/tenants/{0}/environments/{1}/projects/{2}" ], "restrictedScopes": [], "permissions": [ "Vibe.Projects.Read" ], "permissionsExceptions": [] }, { "roleDefinitionId": "b4e9c1a2-6d3f-4a8b-9e7c-5f2d1b8a3c6e", "roleDefinitionName": "Subnet Diagnostics Operator", "description": "Grants access to view diagnostics information and execute diagnostic actions on subnet injection infrastructure.", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [], "permissions": [ "EnvironmentManagement.SubnetDiagnostics.Action", "EnvironmentManagement.SubnetDiagnostics.Read" ], "permissionsExceptions": [] }, { "roleDefinitionId": "c5f0d2b3-8e4a-4c7d-a1b9-6e3f2d8c5a4b", "roleDefinitionName": "Subnet Diagnostics Reader", "description": "Grants read-only access to view subnet injection diagnostics information.", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [], "permissions": [ "EnvironmentManagement.SubnetDiagnostics.Read" ], "permissionsExceptions": [] }, { "roleDefinitionId": "d6a1e3c4-9f5b-4d8e-b2c7-7a4e3f1d9b8c", "roleDefinitionName": "Subnet Diagnostics Administrator", "description": "Grants full access to manage all subnet injection diagnostics including viewing, executing diagnostics, and performing remediation operations.", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [], "permissions": [ "EnvironmentManagement.SubnetDiagnostics.*" ], "permissionsExceptions": [] }, { "roleDefinitionId": "e2f08f33-d8d1-4a25-9471-c6559e14f693", "roleDefinitionName": "PowerApp Owner", "description": "Grants full access to manage the Power App including viewing, editing, deleting, and managing role assignments.", "assignableScopes": [ "/tenants/{0}/environments/{1}/powerapps/{2}" ], "restrictedScopes": [], "permissions": [ "PowerApps.*" ], "permissionsExceptions": [] }, { "roleDefinitionId": "53879a32-5380-45b3-982f-bad3be5bffa7", "roleDefinitionName": "PowerApp Editor", "description": "Grants access to view, edit, and share the Power App, but does not allow deleting it.", "assignableScopes": [ "/tenants/{0}/environments/{1}/powerapps/{2}" ], "restrictedScopes": [], "permissions": [ "PowerApps.ViewApp.Read", "PowerApps.EditApp.Write", "PowerApps.Share.*" ], "permissionsExceptions": [] }, { "roleDefinitionId": "b9229f00-a4d2-4fdd-a9a1-f40e07c0bb03", "roleDefinitionName": "PowerApp Viewer", "description": "Grants read-only access to view the Power App and its role assignments.", "assignableScopes": [ "/tenants/{0}/environments/{1}/powerapps/{2}" ], "restrictedScopes": [], "permissions": [ "PowerApps.ViewApp.Read", "PowerApps.ShareApp.Read" ], "permissionsExceptions": [] }, { "roleDefinitionId": "38c9f647-07da-4e42-bfd7-4be26ee3110a", "roleDefinitionName": "Environment Management Administrator", "description": "Grants full access to manage all environment operations including provisioning, backup, restore, copy, and lifecycle management.", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [], "permissions": [ "EnvironmentManagement.*" ], "permissionsExceptions": [] }, { "roleDefinitionId": "d5b95a60-a291-4792-96d0-7b2fd086e7ad", "roleDefinitionName": "Environment Management Reader", "description": "Grants read-only access to view all environment management resources including environments, backups, and lifecycle operations.", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [], "permissions": [ "EnvironmentManagement.*.Read" ], "permissionsExceptions": [] }, { "roleDefinitionId": "eda8bba2-3171-4ba0-9d62-bf4411cebd52", "roleDefinitionName": "Environment Backup Operator", "description": "Grants access to view, create, and delete environment backups.", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [], "permissions": [ "EnvironmentManagement.Backup.Read", "EnvironmentManagement.Backup.Write", "EnvironmentManagement.Backup.Delete" ], "permissionsExceptions": [] }, { "roleDefinitionId": "51a62123-6a4d-4565-8b5f-cd60172f3d62", "roleDefinitionName": "Environment Backup Reader", "description": "Grants read-only access to view environment backups.", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [], "permissions": [ "EnvironmentManagement.Backup.Read" ], "permissionsExceptions": [] }, { "roleDefinitionId": "1284d1a1-2b8f-4b3d-a326-ad1068d1517c", "roleDefinitionName": "Environment Lifecycle Operations Reader", "description": "Grants read-only access to view details of environment lifecycle operations.", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [], "permissions": [ "EnvironmentManagement.Operation.Read" ], "permissionsExceptions": [] }, { "roleDefinitionId": "7c1ad5c2-e100-4676-8e6a-60f2940dc3f2", "roleDefinitionName": "Environment Provisioning Operator", "description": "Grants access to provision new environments.", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [], "permissions": [ "EnvironmentManagement.Provisioning.Write" ], "permissionsExceptions": [] }, { "roleDefinitionId": "f0f6e417-300b-4c0e-ba36-7ce83dafc4e2", "roleDefinitionName": "Environment State Operator", "description": "Grants access to enable or disable environments.", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [], "permissions": [ "EnvironmentManagement.State.Write" ], "permissionsExceptions": [] }, { "roleDefinitionId": "89c3557d-bdbd-4914-adc5-2a4ec80f0812", "roleDefinitionName": "Environment Sku Operator", "description": "Grants access to change environment SKU types (e.g. Sandbox, Production, etc.).", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [], "permissions": [ "EnvironmentManagement.Sku.Write" ], "permissionsExceptions": [] }, { "roleDefinitionId": "232d0657-f718-44d6-9b57-4943df814703", "roleDefinitionName": "Environment Encryption Operator", "description": "Grants access to manage environment encryption, including applying customer-managed keys (CMK) or reverting to Microsoft-managed keys (MMK).", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [], "permissions": [ "EnvironmentManagement.Encrypt.Write" ], "permissionsExceptions": [] }, { "roleDefinitionId": "3413a04c-ae68-46fb-af1b-d6601d00ca28", "roleDefinitionName": "Environment Copy Operator", "description": "Grants access to view candidate environments and perform copy operations from one environment to another.", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [], "permissions": [ "EnvironmentManagement.Copy.Read", "EnvironmentManagement.Copy.Write" ], "permissionsExceptions": [] }, { "roleDefinitionId": "f9d7e723-713f-4c83-9a3c-7e9abb3ccbcf", "roleDefinitionName": "Environment Recover Operator", "description": "Grants access to recover deleted environments.", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [], "permissions": [ "EnvironmentManagement.Recover.Write" ], "permissionsExceptions": [] }, { "roleDefinitionId": "0aa09a73-3a2d-4079-93a4-2de5ec7f8912", "roleDefinitionName": "Environment Reset Operator", "description": "Grants access to reset environments.", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [], "permissions": [ "EnvironmentManagement.Reset.Write" ], "permissionsExceptions": [] }, { "roleDefinitionId": "736b231a-28ad-4d15-955a-4c46299fdc40", "roleDefinitionName": "Environment Restore Operator", "description": "Grants access to view available backups and perform restore operations to environments.", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [], "permissions": [ "EnvironmentManagement.Restore.Read", "EnvironmentManagement.Restore.Write" ], "permissionsExceptions": [] }, { "roleDefinitionId": "a67c6895-3e35-4a9c-9560-ed485dce9929", "roleDefinitionName": "Environment Failover Operator", "description": "Grants access to view disaster recovery properties and perform disaster recovery drills and failover operations on environments.", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [], "permissions": [ "EnvironmentManagement.Failover.Write", "EnvironmentManagement.Failover.Read" ], "permissionsExceptions": [] }, { "roleDefinitionId": "8419cc69-3a16-442a-a707-1506d08fdfbd", "roleDefinitionName": "Environment ManageGovernance Operator", "description": "Grants access to enable or disable managed governance on environments.", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [], "permissions": [ "EnvironmentManagement.ManageGovernance.Write" ], "permissionsExceptions": [] }, { "roleDefinitionId": "8de5dda7-87b4-4103-ac71-26898486d024", "roleDefinitionName": "Environment Group Admin", "description": "Grants full access to manage environment groups and rule-based governance policies.", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [ "/tenants/{0}/environments/{1}" ], "permissions": [ "EnvironmentManagement.Groups.Read", "EnvironmentManagement.Groups.Write", "EnvironmentManagement.Groups.Delete", "Governance.RuleBasedPolicies.Read", "Governance.RuleBasedPolicies.Write", "Governance.RuleBasedPolicies.Delete" ], "permissionsExceptions": [] }, { "roleDefinitionId": "363ee124-fdb2-406f-9272-ebf239730ed2", "roleDefinitionName": "Workflows Agent Data Subject Rights Admininstrator", "description": "Grants full access to perform read and delete operations for Data Subject Rights requests on Workflows Agent Flows", "assignableScopes": [ "/tenants/{0}" ], "restrictedScopes": [ "/tenants/{0}/environments/{1}", "/tenants/{0}/environmentGroups/{1}" ], "permissions": [ "WorkflowsAgent.TenantFlows.Delete", "WorkflowsAgent.TenantFlows.Read" ], "permissionsExceptions": [] }, { "roleDefinitionId": "38a014c1-0485-4e5e-b784-782ea373b34b", "roleDefinitionName": "Workflows Agent Data Subject Rights Environment Reader", "description": "Grants full access to perform read operations for Data Subject Rights requests for Workflows Agent Flows for a given environment.", "assignableScopes": [ "/tenants/{0}/environments/{1}" ], "restrictedScopes": [], "permissions": [ "WorkflowsAgent.EnvironmentFlows.Read" ], "permissionsExceptions": [] } ] |