Add custom RBAC role definitions (#122)

## Purpose
Add JSON sample files that define custom RBAC roles for Azure IoT
Operations

## Does this introduce a breaking change?
<!-- Mark one with an "x". -->
```
[ ] Yes
[x] No
```

## Pull Request Type
What kind of change does this Pull Request introduce?

<!-- Please check the one that applies to this PR using "x". -->
```
[ ] Bugfix
[ ] Feature
[ ] Code style update (formatting, local variables)
[ ] Refactoring (no functional changes, no api changes)
[x] Documentation content changes
[ ] Other... Please describe:
```

## Other Information
These sample definitions will be referenced from an article on Learn

Author: dominicbetts

samples/custom-rbac/AIO Administrator.json

@@ -0,0 +1,82 @@
+{
+    "properties": { 
+        "roleName": "AIO Administrator", 
+        "description": "View, create, edit and delete AIO resources. Manage all resources, including instance and its downstream resources, asset, discovered assets, asset endpoint profiles.", 
+        "assignableScopes": [ 
+            "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" 
+        ], 
+        "permissions": [ 
+            { 
+                "actions": [ 
+                    "Microsoft.Authorization/roleAssignments/write",
+                    "Microsoft.DeviceRegistry/assetEndpointProfiles/delete",
+                    "Microsoft.DeviceRegistry/assetEndpointProfiles/read",
+                    "Microsoft.DeviceRegistry/assetEndpointProfiles/write",
+                    "Microsoft.DeviceRegistry/assets/delete",
+                    "Microsoft.DeviceRegistry/assets/read",
+                    "Microsoft.DeviceRegistry/assets/write",
+                    "Microsoft.DeviceRegistry/discoveredAssetEndpointProfiles/delete",
+                    "Microsoft.DeviceRegistry/discoveredAssetEndpointProfiles/read",
+                    "Microsoft.DeviceRegistry/discoveredAssetEndpointProfiles/write",
+                    "Microsoft.DeviceRegistry/discoveredAssets/delete",
+                    "Microsoft.DeviceRegistry/discoveredAssets/read",
+                    "Microsoft.DeviceRegistry/discoveredAssets/write",
+                    "Microsoft.DeviceRegistry/register/action",
+                    "Microsoft.DeviceRegistry/schemaRegistries/read",
+                    "Microsoft.DeviceRegistry/schemaRegistries/schemas/read",
+                    "Microsoft.DeviceRegistry/schemaRegistries/schemas/schemaVersions/read",
+                    "Microsoft.DeviceRegistry/schemaRegistries/schemas/schemaVersions/write",
+                    "Microsoft.DeviceRegistry/schemaRegistries/schemas/write",
+                    "Microsoft.DeviceRegistry/schemaRegistries/write",
+                    "Microsoft.Edge/sites/read",
+                    "Microsoft.Edgeorder/addresses/read",
+                    "Microsoft.ExtendedLocation/customLocations/deploy/action",
+                    "Microsoft.ExtendedLocation/customLocations/enabledresourcetypes/read",
+                    "Microsoft.ExtendedLocation/customLocations/read",
+                    "Microsoft.ExtendedLocation/customLocations/write",
+                    "Microsoft.ExtendedLocation/register/action",
+                    "Microsoft.IoTOperations/*",
+                    "Microsoft.KeyVault/vaults/read",
+                    "Microsoft.KeyVault/vaults/write",
+                    "Microsoft.Kubernetes/connectedClusters/listClusterUserCredential/action",
+                    "Microsoft.Kubernetes/connectedclusters/read",
+                    "Microsoft.Kubernetes/register/action",
+                    "Microsoft.KubernetesConfiguration/extensions/operations/read",
+                    "Microsoft.KubernetesConfiguration/extensions/read",
+                    "Microsoft.KubernetesConfiguration/extensions/write",
+                    "Microsoft.KubernetesConfiguration/extensionTypes/read",
+                    "Microsoft.KubernetesConfiguration/register/action",
+                    "Microsoft.ManagedIdentity/userAssignedIdentities/assign/action",
+                    "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/read",
+                    "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/write",
+                    "Microsoft.ManagedIdentity/userAssignedIdentities/read",
+                    "Microsoft.ManagedIdentity/userAssignedIdentities/write",
+                    "Microsoft.Resources/deployments/operationStatuses/read",
+                    "Microsoft.Resources/deployments/read",
+                    "Microsoft.Resources/deployments/validate/action",
+                    "Microsoft.Resources/deployments/whatIf/action",
+                    "Microsoft.Resources/deployments/write",
+                    "Microsoft.Resources/subscriptions/read",
+                    "Microsoft.Resources/subscriptions/resourceGroups/read",
+                    "Microsoft.Resources/subscriptions/resourceGroups/resources/read",
+                    "Microsoft.SecretSyncController/azureKeyVaultSecretProviderClasses/read",
+                    "Microsoft.SecretSyncController/azureKeyVaultSecretProviderClasses/write",
+                    "Microsoft.SecretSyncController/register/action",
+                    "Microsoft.SecretSyncController/secretSyncs/read",
+                    "Microsoft.SecretSyncController/secretSyncs/write",
+                    "Microsoft.Storage/storageAccounts/blobServices/containers/read",
+                    "Microsoft.Storage/storageAccounts/listKeys/action",
+                    "Microsoft.Storage/storageAccounts/read",
+                    "Microsoft.Storage/storageAccounts/write"
+                ], 
+                "notActions": [], 
+                "dataActions": [ 
+                    "Microsoft.KeyVault/vaults/secrets/getSecret/action", 
+                    "Microsoft.KeyVault/vaults/secrets/readMetadata/action", 
+                    "Microsoft.KeyVault/vaults/secrets/setSecret/action" 
+                ], 
+                "notDataActions": [] 
+            }
+        ]
+    }
+}

samples/custom-rbac/AIO Asset Administrator.json

@@ -0,0 +1,36 @@
+{ 
+    "properties": { 
+        "roleName": "AIO Asset Administrator", 
+        "description": "View, create, edit and delete AIO Assets", 
+        "assignableScopes": [ 
+            "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" 
+        ], 
+        "permissions": [ 
+            { 
+                "actions": [ 
+                    "Microsoft.DeviceRegistry/assetEndpointProfiles/read",
+                    "Microsoft.DeviceRegistry/assets/delete",
+                    "Microsoft.DeviceRegistry/assets/read",
+                    "Microsoft.DeviceRegistry/assets/write",
+                    "Microsoft.DeviceRegistry/discoveredAssetEndpointProfiles/read",
+                    "Microsoft.DeviceRegistry/discoveredAssets/delete",
+                    "Microsoft.DeviceRegistry/discoveredAssets/read",
+                    "Microsoft.DeviceRegistry/discoveredAssets/write",
+                    "Microsoft.Edge/sites/read",
+                    "Microsoft.Edgeorder/addresses/read",
+                    "Microsoft.ExtendedLocation/customLocations/deploy/action",
+                    "Microsoft.ExtendedLocation/customLocations/enabledresourcetypes/read",
+                    "Microsoft.ExtendedLocation/customLocations/read",
+                    "Microsoft.Iotoperations/instances/read",
+                    "Microsoft.Kubernetes/connectedclusters/read",
+                    "Microsoft.KubernetesConfiguration/extensions/read",
+                    "Microsoft.Resources/subscriptions/read",
+                    "Microsoft.Resources/subscriptions/resourcegroups/resources/read"
+                ], 
+                "notActions": [], 
+                "dataActions": [], 
+                "notDataActions": [] 
+            } 
+        ] 
+    }
+}

samples/custom-rbac/AIO Asset Endpoint Administrator.json

@@ -0,0 +1,42 @@
+{
+    "properties": { 
+        "roleName": "AIO Asset Endpoint Administrator", 
+        "description": "View, create, edit and delete AIO Asset Endpoints", 
+        "assignableScopes": [ 
+            "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" 
+        ], 
+        "permissions": [ 
+            { 
+                "actions": [ 
+                    "Microsoft.DeviceRegistry/assetEndpointProfiles/delete",
+                    "Microsoft.DeviceRegistry/assetEndpointProfiles/read",
+                    "Microsoft.DeviceRegistry/assetEndpointProfiles/write",
+                    "Microsoft.DeviceRegistry/discoveredAssetEndpointProfiles/delete",
+                    "Microsoft.DeviceRegistry/discoveredAssetEndpointProfiles/read",
+                    "Microsoft.DeviceRegistry/discoveredAssetEndpointProfiles/write",
+                    "Microsoft.Edge/sites/read",
+                    "Microsoft.Edgeorder/addresses/read",
+                    "Microsoft.ExtendedLocation/customLocations/deploy/action",
+                    "Microsoft.ExtendedLocation/customLocations/enabledresourcetypes/read",
+                    "Microsoft.ExtendedLocation/customLocations/read",
+                    "Microsoft.Iotoperations/instances/read",
+                    "Microsoft.Kubernetes/connectedclusters/read",
+                    "Microsoft.KubernetesConfiguration/extensions/read",
+                    "Microsoft.Resources/subscriptions/read",
+                    "Microsoft.Resources/subscriptions/resourcegroups/resources/read",
+                    "Microsoft.SecretSyncController/azureKeyVaultSecretProviderClasses/read",
+                    "Microsoft.SecretSyncController/azureKeyVaultSecretProviderClasses/write",
+                    "Microsoft.SecretSyncController/secretSyncs/read",
+                    "Microsoft.SecretSyncController/secretSyncs/write"
+                ], 
+                "notActions": [], 
+                "dataActions": [ 
+                    "Microsoft.KeyVault/vaults/secrets/getSecret/action", 
+                    "Microsoft.KeyVault/vaults/secrets/readMetadata/action", 
+                    "Microsoft.KeyVault/vaults/secrets/setSecret/action" 
+                ], 
+                "notDataActions": [] 
+            } 
+        ] 
+    }
+}

samples/custom-rbac/AIO Asset Endpoint Viewer.json

@@ -0,0 +1,29 @@
+{ 
+    "properties": { 
+        "roleName": "AIO Asset Endpoint Viewer", 
+        "description": "View AIO Asset Endpoint list and details", 
+        "assignableScopes": [ 
+            "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" 
+        ], 
+        "permissions": [ 
+            { 
+                "actions": [         
+                    "Microsoft.DeviceRegistry/assetEndpointProfiles/read",
+                    "Microsoft.DeviceRegistry/discoveredAssetEndpointProfiles/read",
+                    "Microsoft.Edge/sites/read",
+                    "Microsoft.Edgeorder/addresses/read",
+                    "Microsoft.ExtendedLocation/customLocations/enabledresourcetypes/read",
+                    "Microsoft.ExtendedLocation/customLocations/read",
+                    "Microsoft.Iotoperations/instances/read",
+                    "Microsoft.Kubernetes/connectedclusters/read",
+                    "Microsoft.KubernetesConfiguration/extensions/read",
+                    "Microsoft.Resources/subscriptions/read",
+                    "Microsoft.Resources/subscriptions/resourcegroups/resources/read"			 
+                ], 
+                "notActions": [], 
+                "dataActions": [], 
+                "notDataActions": [] 
+            }
+        ]
+    }
+}

samples/custom-rbac/AIO Asset Viewer.json

@@ -0,0 +1,29 @@
+{
+    "properties": { 
+        "roleName": "AIO Asset Viewer", 
+        "description": "View assets list and details", 
+        "assignableScopes": [ 
+            "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" 
+        ], 
+        "permissions": [ 
+            { 
+                "actions": [ 
+                    "Microsoft.DeviceRegistry/assets/read",
+                    "Microsoft.DeviceRegistry/discoveredAssets/read",
+                    "Microsoft.Edge/sites/read",
+                    "Microsoft.Edgeorder/addresses/read",
+                    "Microsoft.ExtendedLocation/customLocations/enabledresourcetypes/read",
+                    "Microsoft.ExtendedLocation/customLocations/read",
+                    "Microsoft.Iotoperations/instances/read",
+                    "Microsoft.Kubernetes/connectedclusters/read",
+                    "Microsoft.KubernetesConfiguration/extensions/read",
+                    "Microsoft.Resources/subscriptions/read",
+                    "Microsoft.Resources/subscriptions/resourcegroups/resources/read"
+                ], 
+                "notActions": [], 
+                "dataActions": [], 
+                "notDataActions": [] 
+            } 
+        ]
+    }
+}

samples/custom-rbac/AIO Data Flow Administrator.json

@@ -0,0 +1,41 @@
+{
+    "properties": { 
+        "roleName": "AIO Data Flow Administrator", 
+        "description": "View, create, edit and delete AIO Dataflows", 
+        "assignableScopes": [ 
+            "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" 
+        ], 
+        "permissions": [ 
+            { 
+                "actions": [ 
+                    "Microsoft.DeviceRegistry/assets/read",
+                    "Microsoft.DeviceRegistry/discoveredAssets/read",
+                    "Microsoft.DeviceRegistry/schemaRegistries/read",
+                    "Microsoft.DeviceRegistry/schemaRegistries/schemas/read",
+                    "Microsoft.DeviceRegistry/schemaRegistries/schemas/schemaVersions/read",
+                    "Microsoft.DeviceRegistry/schemaRegistries/schemas/schemaVersions/write",
+                    "Microsoft.DeviceRegistry/schemaRegistries/schemas/write",
+                    "Microsoft.DeviceRegistry/schemaRegistries/write",
+                    "Microsoft.Edge/sites/read",
+                    "Microsoft.Edgeorder/addresses/read",
+                    "Microsoft.ExtendedLocation/customLocations/deploy/action",
+                    "Microsoft.ExtendedLocation/customLocations/enabledresourcetypes/read",
+                    "Microsoft.ExtendedLocation/customLocations/read",
+                    "Microsoft.IoTOperations/instances/dataflowEndpoints/read",
+                    "Microsoft.IoTOperations/instances/dataflowProfiles/dataflows/delete",
+                    "Microsoft.IoTOperations/instances/dataflowProfiles/dataflows/read",
+                    "Microsoft.IoTOperations/instances/dataflowProfiles/dataflows/write",
+                    "Microsoft.IoTOperations/instances/dataflowProfiles/read",
+                    "Microsoft.Iotoperations/instances/read",
+                    "Microsoft.Kubernetes/connectedclusters/read",
+                    "Microsoft.KubernetesConfiguration/extensions/read",
+                    "Microsoft.Resources/subscriptions/read",
+                    "Microsoft.Resources/subscriptions/resourcegroups/resources/read"
+                ],
+                "notActions": [], 
+                "dataActions": [], 
+                "notDataActions": [] 
+            } 
+        ] 
+    }
+}

samples/custom-rbac/AIO Data Flow Destination Administrator.json

@@ -0,0 +1,39 @@
+{
+    "properties": { 
+        "roleName": "AIO Data Flow Destination Administrator", 
+        "description": "View, create, edit and delete AIO Dataflow Destinations", 
+        "assignableScopes": [ 
+            "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" 
+        ], 
+        "permissions": [ 
+            { 
+                "actions": [ 
+                    "Microsoft.Edge/sites/read",
+                    "Microsoft.Edgeorder/addresses/read",
+                    "Microsoft.ExtendedLocation/customLocations/deploy/action",
+                    "Microsoft.ExtendedLocation/customLocations/enabledresourcetypes/read",
+                    "Microsoft.ExtendedLocation/customLocations/read",
+                    "Microsoft.IoTOperations/instances/dataflowEndpoints/delete",
+                    "Microsoft.IoTOperations/instances/dataflowEndpoints/read",
+                    "Microsoft.IoTOperations/instances/dataflowEndpoints/write",
+                    "Microsoft.Iotoperations/instances/read",
+                    "Microsoft.Kubernetes/connectedclusters/read",
+                    "Microsoft.KubernetesConfiguration/extensions/read",
+                    "Microsoft.Resources/subscriptions/read",
+                    "Microsoft.Resources/subscriptions/resourcegroups/resources/read",
+                    "Microsoft.SecretSyncController/azureKeyVaultSecretProviderClasses/read",
+                    "Microsoft.SecretSyncController/azureKeyVaultSecretProviderClasses/write",
+                    "Microsoft.SecretSyncController/secretSyncs/read",
+                    "Microsoft.SecretSyncController/secretSyncs/write"
+                ], 
+                "notActions": [], 
+                "dataActions": [ 
+                    "Microsoft.KeyVault/vaults/secrets/getSecret/action", 
+                    "Microsoft.KeyVault/vaults/secrets/readMetadata/action", 
+                    "Microsoft.KeyVault/vaults/secrets/setSecret/action" 
+                ], 
+                "notDataActions": [] 
+            }
+        ]
+    }
+}

samples/custom-rbac/AIO Data Flow Destination Viewer.json

@@ -0,0 +1,28 @@
+{ 
+    "properties": { 
+        "roleName": "AIO Data Flow Destination Viewer ", 
+        "description": "View AIO Data flow Destination list and details", 
+        "assignableScopes": [ 
+            "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" 
+        ], 
+        "permissions": [ 
+            { 
+                "actions": [ 
+                    "Microsoft.Edge/sites/read",
+                    "Microsoft.Edgeorder/addresses/read",
+                    "Microsoft.ExtendedLocation/customLocations/enabledresourcetypes/read",
+                    "Microsoft.ExtendedLocation/customLocations/read",
+                    "Microsoft.IoTOperations/instances/dataflowEndpoints/read",
+                    "Microsoft.Iotoperations/instances/read",
+                    "Microsoft.Kubernetes/connectedclusters/read",
+                    "Microsoft.KubernetesConfiguration/extensions/read",
+                    "Microsoft.Resources/subscriptions/read",
+                    "Microsoft.Resources/subscriptions/resourcegroups/resources/read" 
+                ], 
+                "notActions": [], 
+                "dataActions": [], 
+                "notDataActions": [] 
+            }
+        ]
+    }
+}

samples/custom-rbac/AIO Data Flow Viewer.json

@@ -0,0 +1,29 @@
+{
+    "properties": { 
+        "roleName": "AIO Data Flow Viewer", 
+        "description": "View AIO Data flow list and details", 
+        "assignableScopes": [ 
+            "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" 
+        ], 
+        "permissions": [ 
+            { 
+                "actions": [ 
+                    "Microsoft.Edge/sites/read",
+                    "Microsoft.Edgeorder/addresses/read",
+                    "Microsoft.ExtendedLocation/customLocations/enabledresourcetypes/read",
+                    "Microsoft.ExtendedLocation/customLocations/read",
+                    "Microsoft.IoTOperations/instances/dataflowProfiles/dataflows/read",
+                    "Microsoft.IoTOperations/instances/dataflowProfiles/read",
+                    "Microsoft.Iotoperations/instances/read",
+                    "Microsoft.Kubernetes/connectedclusters/read",
+                    "Microsoft.KubernetesConfiguration/extensions/read",
+                    "Microsoft.Resources/subscriptions/read",
+                    "Microsoft.Resources/subscriptions/resourcegroups/resources/read" 
+                ], 
+                "notActions": [], 
+                "dataActions": [], 
+                "notDataActions": [] 
+            }
+        ]
+    }
+}