Update RBAC samples 2510 (#160)

dominicbetts · web-flow · commit 489b675c543c · 2025-11-24T17:30:31.000Z
## Purpose
Update the RBAC samples to include the new 2510 permissions

## Does this introduce a breaking change?
&lt;!-- Mark one with an "x". --&gt;
```
[ ] Yes
[x] No
```

## Pull Request Type
What kind of change does this Pull Request introduce?

&lt;!-- Please check the one that applies to this PR using "x". --&gt;
```
[ ] Bugfix
[ ] Feature
[ ] Code style update (formatting, local variables)
[ ] Refactoring (no functional changes, no api changes)
[x] Documentation content changes
[ ] Other... Please describe:
```
diff --git a/samples/custom-rbac/Administrator.json b/samples/custom-rbac/Administrator.json
@@ -16,25 +16,13 @@
                     "Microsoft.Dashboard/grafana/read",
                     "Microsoft.Dashboard/grafana/write",
                     "Microsoft.Dashboard/register/action",
-                    "Microsoft.DeviceRegistry/assetEndpointProfiles/delete",
-                    "Microsoft.DeviceRegistry/assetEndpointProfiles/read",
-                    "Microsoft.DeviceRegistry/assetEndpointProfiles/write",
-                    "Microsoft.DeviceRegistry/assets/delete",
-                    "Microsoft.DeviceRegistry/assets/read",
-                    "Microsoft.DeviceRegistry/assets/write",
-                    "Microsoft.DeviceRegistry/discoveredAssetEndpointProfiles/delete",
-                    "Microsoft.DeviceRegistry/discoveredAssetEndpointProfiles/read",
-                    "Microsoft.DeviceRegistry/discoveredAssetEndpointProfiles/write",
-                    "Microsoft.DeviceRegistry/discoveredAssets/delete",
-                    "Microsoft.DeviceRegistry/discoveredAssets/read",
-                    "Microsoft.DeviceRegistry/discoveredAssets/write",
-                    "Microsoft.DeviceRegistry/register/action",
-                    "Microsoft.DeviceRegistry/schemaRegistries/read",
-                    "Microsoft.DeviceRegistry/schemaRegistries/schemas/read",
-                    "Microsoft.DeviceRegistry/schemaRegistries/schemas/schemaVersions/read",
-                    "Microsoft.DeviceRegistry/schemaRegistries/schemas/schemaVersions/write",
-                    "Microsoft.DeviceRegistry/schemaRegistries/schemas/write",
-                    "Microsoft.DeviceRegistry/schemaRegistries/write",
+                    "Microsoft.DeviceRegistry/Assets/*",
+                    "Microsoft.DeviceRegistry/AssetEndpointProfiles/*",
+                    "Microsoft.DeviceRegistry/Namespaces/Assets/*",
+                    "Microsoft.DeviceRegistry/Namespaces/Devices/*",
+                    "Microsoft.DeviceRegistry/Namespaces/DiscoveredAssets/*",
+                    "Microsoft.DeviceRegistry/Namespaces/DiscoveredDevices/*",
+                    "Microsoft.DeviceRegistry/SchemaRegistries/*",
                     "Microsoft.Edge/sites/read",
                     "Microsoft.Edgeorder/addresses/read",
                     "Microsoft.ExtendedLocation/customLocations/deploy/action",
@@ -53,8 +41,8 @@
                     "Microsoft.KeyVault/vaults/read",
                     "Microsoft.KeyVault/vaults/write",
                     "Microsoft.Kubernetes/connectedClusters/listClusterUserCredential/action",
-                    "Microsoft.Kubernetes/connectedclusters/read",
-                    "Microsoft.Kubernetes/connectedclusters/write",
+                    "Microsoft.Kubernetes/connectedClusters/read",
+                    "Microsoft.Kubernetes/connectedClusters/write",
                     "Microsoft.Kubernetes/register/action",
                     "Microsoft.KubernetesConfiguration/extensionTypes/read",
                     "Microsoft.KubernetesConfiguration/extensions/operations/read",
diff --git a/samples/custom-rbac/Asset Administrator.json b/samples/custom-rbac/Asset Administrator.json
@@ -8,14 +8,12 @@
         "permissions": [ 
             { 
                 "actions": [ 
-                    "Microsoft.DeviceRegistry/assetEndpointProfiles/read",
-                    "Microsoft.DeviceRegistry/assets/delete",
-                    "Microsoft.DeviceRegistry/assets/read",
-                    "Microsoft.DeviceRegistry/assets/write",
-                    "Microsoft.DeviceRegistry/discoveredAssetEndpointProfiles/read",
-                    "Microsoft.DeviceRegistry/discoveredAssets/delete",
-                    "Microsoft.DeviceRegistry/discoveredAssets/read",
-                    "Microsoft.DeviceRegistry/discoveredAssets/write",
+                    "Microsoft.DeviceRegistry/Assets/*",
+                    "Microsoft.DeviceRegistry/AssetEndpointProfiles/read",
+                    "Microsoft.DeviceRegistry/Namespaces/Assets/*",
+                    "Microsoft.DeviceRegistry/Namespaces/Devices/read",
+                    "Microsoft.DeviceRegistry/Namespaces/DiscoveredAssets/*",
+                    "Microsoft.DeviceRegistry/Namespaces/DiscoveredDevices/read",
                     "Microsoft.Edge/sites/read",
                     "Microsoft.Edgeorder/addresses/read",
                     "Microsoft.ExtendedLocation/customLocations/deploy/action",
diff --git a/samples/custom-rbac/Asset Viewer.json b/samples/custom-rbac/Asset Viewer.json
@@ -8,8 +8,9 @@
         "permissions": [ 
             { 
                 "actions": [ 
-                    "Microsoft.DeviceRegistry/assets/read",
-                    "Microsoft.DeviceRegistry/discoveredAssets/read",
+                    "Microsoft.DeviceRegistry/Assets/read",
+                    "Microsoft.DeviceRegistry/Namespaces/Assets/read",
+                    "Microsoft.DeviceRegistry/Namespaces/DiscoveredAssets/read",
                     "Microsoft.Edge/sites/read",
                     "Microsoft.Edgeorder/addresses/read",
                     "Microsoft.ExtendedLocation/customLocations/enabledresourcetypes/read",
diff --git a/samples/custom-rbac/Data Flow Administrator.json b/samples/custom-rbac/Data Flow Administrator.json
@@ -8,8 +8,9 @@
         "permissions": [ 
             { 
                 "actions": [ 
-                    "Microsoft.DeviceRegistry/assets/read",
-                    "Microsoft.DeviceRegistry/discoveredAssets/read",
+                    "Microsoft.DeviceRegistry/Assets/read",
+                    "Microsoft.DeviceRegistry/Namespaces/Assets/read",
+                    "Microsoft.DeviceRegistry/Namespaces/DiscoveredAssets/read",
                     "Microsoft.DeviceRegistry/schemaRegistries/read",
                     "Microsoft.DeviceRegistry/schemaRegistries/schemas/read",
                     "Microsoft.DeviceRegistry/schemaRegistries/schemas/schemaVersions/read",
diff --git a/samples/custom-rbac/Device Administrator.json b/samples/custom-rbac/Device Administrator.json
@@ -1,19 +1,15 @@
 {
     "properties": { 
-        "roleName": "Azure IoT Operations Asset Endpoint Administrator", 
-        "description": "View, create, edit and delete Azure IoT Operations Asset Endpoints", 
+        "roleName": "Azure IoT Operations Device Administrator", 
+        "description": "View, create, edit and delete Azure IoT Operations Devices", 
         "assignableScopes": [ 
             "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" 
         ], 
         "permissions": [ 
             { 
                 "actions": [ 
-                    "Microsoft.DeviceRegistry/assetEndpointProfiles/delete",
-                    "Microsoft.DeviceRegistry/assetEndpointProfiles/read",
-                    "Microsoft.DeviceRegistry/assetEndpointProfiles/write",
-                    "Microsoft.DeviceRegistry/discoveredAssetEndpointProfiles/delete",
-                    "Microsoft.DeviceRegistry/discoveredAssetEndpointProfiles/read",
-                    "Microsoft.DeviceRegistry/discoveredAssetEndpointProfiles/write",
+                    "Microsoft.DeviceRegistry/Namespaces/Devices/*",
+                    "Microsoft.DeviceRegistry/Namespaces/DiscoveredDevices/*",
                     "Microsoft.Edge/sites/read",
                     "Microsoft.Edgeorder/addresses/read",
                     "Microsoft.ExtendedLocation/customLocations/deploy/action",
diff --git a/samples/custom-rbac/Device Viewer.json b/samples/custom-rbac/Device Viewer.json
@@ -1,15 +1,15 @@
 { 
     "properties": { 
-        "roleName": "Azure IoT Operations Asset Endpoint Viewer", 
-        "description": "View Azure IoT Operations Asset Endpoint list and details", 
+        "roleName": "Azure IoT Operations Device Viewer", 
+        "description": "View Azure IoT Operations Device list and details", 
         "assignableScopes": [ 
             "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" 
         ], 
         "permissions": [ 
             { 
                 "actions": [         
-                    "Microsoft.DeviceRegistry/assetEndpointProfiles/read",
-                    "Microsoft.DeviceRegistry/discoveredAssetEndpointProfiles/read",
+                    "Microsoft.DeviceRegistry/Namespaces/Devices/read",
+                    "Microsoft.DeviceRegistry/Namespaces/DiscoveredDevices/read",
                     "Microsoft.Edge/sites/read",
                     "Microsoft.Edgeorder/addresses/read",
                     "Microsoft.ExtendedLocation/customLocations/enabledresourcetypes/read",
diff --git a/samples/custom-rbac/Instance Administrator.json b/samples/custom-rbac/Instance Administrator.json
@@ -9,8 +9,9 @@
             {
                 "actions": [
                     "Microsoft.Authorization/roleAssignments/write",
-                    "Microsoft.DeviceRegistry/assets/read",
-                    "Microsoft.DeviceRegistry/discoveredAssets/read",
+                    "Microsoft.DeviceRegistry/Assets/read",
+                    "Microsoft.DeviceRegistry/Namespaces/Assets/read",
+                    "Microsoft.DeviceRegistry/Namespaces/DiscoveredAssets/read",
                     "Microsoft.DeviceRegistry/register/action",
                     "Microsoft.DeviceRegistry/schemaRegistries/read",
                     "Microsoft.DeviceRegistry/schemaRegistries/schemas/read",
diff --git a/samples/custom-rbac/Viewer.json b/samples/custom-rbac/Viewer.json
@@ -8,10 +8,12 @@
         "permissions": [
             {
                 "actions": [
-                    "Microsoft.DeviceRegistry/assetEndpointProfiles/read",
-                    "Microsoft.DeviceRegistry/assets/read",
-                    "Microsoft.DeviceRegistry/discoveredAssetEndpointProfiles/read",
-                    "Microsoft.DeviceRegistry/discoveredAssets/read",
+                    "Microsoft.DeviceRegistry/Assets/read",
+                    "Microsoft.DeviceRegistry/AssetEndpointProfiles/read",
+                    "Microsoft.DeviceRegistry/Namespaces/Assets/read",
+                    "Microsoft.DeviceRegistry/Namespaces/DiscoveredAssets/read",
+                    "Microsoft.DeviceRegistry/Namespaces/Devices/read",
+                    "Microsoft.DeviceRegistry/Namespaces/DiscoveredDevices/read",
                     "Microsoft.Edge/sites/read",
                     "Microsoft.Edgeorder/addresses/read",
                     "Microsoft.ExtendedLocation/customLocations/enabledresourcetypes/read",
