Merge pull request #297770 from rolyon/rolyon-rbac-roles-compute-fleet-contributor

[Azure RBAC] Compute Fleet Contributor role

Author: prmerger-automator[bot]

articles/role-based-access-control/built-in-roles.md

@@ -45,6 +45,7 @@ The following table provides a brief description of each built-in role. Click th
 > | --- | --- | --- |
 > | <a name='azure-arc-vmware-vm-contributor'></a>[Azure Arc VMware VM Contributor](./built-in-roles/compute.md#azure-arc-vmware-vm-contributor) | Arc VMware VM Contributor has permissions to perform all VM actions. | b748a06d-6150-4f8a-aaa9-ce3940cd96cb |
 > | <a name='classic-virtual-machine-contributor'></a>[Classic Virtual Machine Contributor](./built-in-roles/compute.md#classic-virtual-machine-contributor) | Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to. | d73bb868-a0df-4d4d-bd69-98a00b01fccb |
+> | <a name='compute-fleet-contributor'></a>[Compute Fleet Contributor](./built-in-roles/compute.md#compute-fleet-contributor) | Allows users to manage Compute Fleet resources. | 2bed379c-9fba-455b-99e4-6b911073bcf2 |
 > | <a name='compute-gallery-artifacts-publisher'></a>[Compute Gallery Artifacts Publisher](./built-in-roles/compute.md#compute-gallery-artifacts-publisher) | This is the role for publishing gallery artifacts. | 85a2d0d9-2eba-4c9c-b355-11c2cc0788ab |
 > | <a name='compute-gallery-image-reader'></a>[Compute Gallery Image Reader](./built-in-roles/compute.md#compute-gallery-image-reader) | This is the role for reading gallery images. | cf7c76d2-98a3-4358-a134-615aa78bf44d |
 > | <a name='compute-gallery-sharing-admin'></a>[Compute Gallery Sharing Admin](./built-in-roles/compute.md#compute-gallery-sharing-admin) | This role allows user to share gallery to another subscription/tenant or share it to the public. | 1ef6a3be-d0ac-425d-8c01-acb62866290b |

articles/role-based-access-control/built-in-roles/compute.md

@@ -238,6 +238,55 @@ Lets you manage classic virtual machines, but not access to them, and not the vi
 }
 ```
 
+## Compute Fleet Contributor
+
+Allows users to manage Compute Fleet resources.
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | --- | --- |
+> | [Microsoft.AzureFleet](../permissions/compute.md#microsoftazurefleet)/fleets/* |  |
+> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments |
+> | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment |
+> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. |
+> | **NotActions** |  |
+> | *none* |  |
+> | **DataActions** |  |
+> | *none* |  |
+> | **NotDataActions** |  |
+> | *none* |  |
+
+```json
+{
+  "assignableScopes": [
+    "/"
+  ],
+  "description": "Allows users to manage Compute Fleet resources.",
+  "id": "/providers/Microsoft.Authorization/roleDefinitions/2bed379c-9fba-455b-99e4-6b911073bcf2",
+  "name": "2bed379c-9fba-455b-99e4-6b911073bcf2",
+  "permissions": [
+    {
+      "actions": [
+        "Microsoft.AzureFleet/fleets/*",
+        "Microsoft.Authorization/*/read",
+        "Microsoft.Insights/alertRules/*",
+        "Microsoft.ResourceHealth/availabilityStatuses/read",
+        "Microsoft.Resources/deployments/*",
+        "Microsoft.Resources/subscriptions/resourceGroups/read"
+      ],
+      "notActions": [],
+      "dataActions": [],
+      "notDataActions": []
+    }
+  ],
+  "roleName": "Compute Fleet Contributor",
+  "roleType": "BuiltInRole",
+  "type": "Microsoft.Authorization/roleDefinitions"
+}
+```
+
 ## Compute Gallery Artifacts Publisher
 
 This is the role for publishing gallery artifacts.

articles/role-based-access-control/permissions/compute.md

@@ -460,6 +460,19 @@ Azure service: [Azure VMware Solution](/azure/azure-vmware/introduction)
 > | Microsoft.AVS/privateClouds/rotateNsxtPassword/action | Rotate Nsxt CloudAdmin password for the PrivateCloud. |
 > | Microsoft.AVS/privateClouds/rotateNsxtCloudAdminPassword/action | Rotate Nsxt CloudAdmin password for the PrivateCloud. |
 
+## Microsoft.AzureFleet
+
+Azure service: [Azure Compute Fleet](/azure/azure-compute-fleet/overview)
+
+> [!div class="mx-tableFixed"]
+> | Action | Description |
+> | --- | --- |
+> | Microsoft.AzureFleet/register/action | Registers Subscription with Microsoft.AzureFleet resource provider |
+> | Microsoft.AzureFleet/unregister/action | Unregisters Subscription with Microsoft.AzureFleet resource provider |
+> | Microsoft.AzureFleet/fleets/read | Get properties of Azure Fleet resource |
+> | Microsoft.AzureFleet/fleets/write | Creates a new Azure Fleet resource or updates an existing one |
+> | Microsoft.AzureFleet/fleets/delete | Deletes all compute resources of Azure Fleet resource |
+
 ## Microsoft.Batch
 
 Cloud-scale job scheduling and compute management.

articles/role-based-access-control/resource-provider-operations.md

@@ -41,6 +41,7 @@ Click the resource provider name in the following list to see the list of permis
 > | [microsoft.app](./permissions/compute.md#microsoftapp) |  | [Azure Container Apps](/azure/container-apps/) |
 > | [Microsoft.AppPlatform](./permissions/compute.md#microsoftappplatform) | A fully managed Spring Cloud service, built and operated with Pivotal. | [Azure Spring Apps](/azure/spring-apps/) |
 > | [Microsoft.AVS](./permissions/compute.md#microsoftavs) |  | [Azure VMware Solution](/azure/azure-vmware/introduction) |
+> | [Microsoft.AzureFleet](./permissions/compute.md#microsoftazurefleet) |  | [Azure Compute Fleet](/azure/azure-compute-fleet/overview) |
 > | [Microsoft.Batch](./permissions/compute.md#microsoftbatch) | Cloud-scale job scheduling and compute management. | [Batch](/azure/batch/) |
 > | [Microsoft.ClassicCompute](./permissions/compute.md#microsoftclassiccompute) |  | Classic deployment model virtual machine |
 > | [Microsoft.Compute](./permissions/compute.md#microsoftcompute) | Access cloud compute capacity and scale on demand (such as virtual machines) and only pay for the resources you use. | [Virtual Machines](/azure/virtual-machines/)<br/>[Virtual Machine Scale Sets](/azure/virtual-machine-scale-sets/) |

articles/role-based-access-control/whats-new.md

@@ -5,7 +5,7 @@ author: rolyon
 manager: femila
 ms.service: role-based-access-control
 ms.topic: whats-new
-ms.date: 04/01/2025
+ms.date: 04/07/2025
 ms.author: rolyon
 
 ---
@@ -18,6 +18,7 @@ This article provides information about new features and documentation improveme
 
 | Date | Area | Description |
 | --- | --- | --- |
+| April 2025 | Roles | Added [Compute Fleet Contributor](built-in-roles/compute.md#compute-fleet-contributor) role. |
 | April 2025 | Roles | Added [Azure Red Hat OpenShift](built-in-roles/containers.md#azure-red-hat-openshift-cloud-controller-manager) roles. |
 | March 2025 | Roles | Added Durable Task roles. See [Durable Task Data Contributor](built-in-roles/integration.md#durable-task-data-contributor), [Durable Task Data Reader](built-in-roles/integration.md#durable-task-data-reader), and [Durable Task Worker](built-in-roles/integration.md#durable-task-worker). |
 | March 2025 | Security | Updates about classic administrators access. See [Azure classic subscription administrators](classic-administrators.md). |