You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/role-based-access-control/role-definitions.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -34,7 +34,7 @@ Condition
34
34
ConditionVersion
35
35
```
36
36
37
-
The following shows an example of the properties in a role definition when displayed using the [Azure portal](role-definitions-list.md#azure-portal), [Azure CLI](role-definitions-list.md#azure-cli), or the[REST API](role-definitions-list.md#rest-api):
37
+
The following shows an example of the properties in a role definition when displayed using the [Azure CLI](role-definitions-list.md#azure-cli) or [REST API](role-definitions-list.md#rest-api):
38
38
39
39
```
40
40
roleName
@@ -43,11 +43,11 @@ id
43
43
roleType
44
44
type
45
45
description
46
-
assignableScopes []
47
46
actions []
48
47
notActions []
49
48
dataActions []
50
49
notDataActions []
50
+
assignableScopes []
51
51
condition
52
52
conditionVersion
53
53
createdOn
@@ -62,8 +62,8 @@ The following table describes what the role properties mean.
62
62
| --- | --- |
63
63
|`Name`</br>`roleName`| Display name of the role. |
64
64
|`Id`</br>`name`| Unique ID of the role. Built-in roles have the same role ID across clouds. |
65
-
|`id`| Fully-qualified unique ID of the role. |
66
-
|`IsCustom`</br>`roleType`| Indicates whether this is a custom role. Set to `true` or `CustomRole` for custom roles. Set to `false` or `BuiltInRole` for built-in roles. |
65
+
|`id`| Fullyqualified unique ID of the role. |
66
+
|`IsCustom`</br>`roleType`| Indicates whether this role is a custom role. Set to `true` or `CustomRole` for custom roles. Set to `false` or `BuiltInRole` for built-in roles. |
67
67
|`type`| Type of object. Set to `Microsoft.Authorization/roleDefinitions`. |
68
68
|`Description`</br>`description`| Description of the role. |
69
69
|`Actions`</br>`actions`| Array of strings that specifies the control plane actions that the role allows to be performed. |
@@ -398,7 +398,7 @@ Examples of valid assignable scopes include:
398
398
399
399
You can define only one management group in `AssignableScopes` of a custom role.
400
400
401
-
Although it's possible to create a custom role with a resource instance in `AssignableScopes` using the command line, it's not recommended. Each tenant supports a maximum of 5000 custom roles. Using this strategy could potentially exhaust your available custom roles. Ultimately, the level of access is determined by the custom role assignment (scope + role permissions + security principal) and not the `AssignableScopes` listed in the custom role. So, create your custom roles with `AssignableScopes` of management group, subscription, or resource group, but assign the custom roles with narrow scope, such as resource or resource group.
401
+
Although it's possible to create a custom role with a resource instance in `AssignableScopes` using the command line, it's not recommended. Each tenant supports a maximum of 5,000 custom roles. Using this strategy could potentially exhaust your available custom roles. Ultimately, the level of access is determined by the custom role assignment (scope + role permissions + security principal) and not the `AssignableScopes` listed in the custom role. So, create your custom roles with `AssignableScopes` of management group, subscription, or resource group, but assign the custom roles with narrow scope, such as resource or resource group.
402
402
403
403
For more information about `AssignableScopes` for custom roles, see [Azure custom roles](custom-roles.md).
0 commit comments