You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/role-based-access-control/conditions-faq.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ manager: amycolannino
6
6
ms.service: role-based-access-control
7
7
ms.subservice: conditions
8
8
ms.topic: conceptual
9
-
ms.date: 05/09/2023
9
+
ms.date: 02/26/2025
10
10
ms.author: rolyon
11
11
---
12
12
@@ -63,7 +63,7 @@ A condition can be up to 8 KB long.
63
63
64
64
**What are the limits for a description?**
65
65
66
-
A description can be up to 2 KB long.
66
+
A description has a recommended maximum of 512 characters.
67
67
68
68
**Is it possible to create a role assignment with and without a condition, but using the same tuple of security principal, role definition, and scope?**
Copy file name to clipboardExpand all lines: articles/role-based-access-control/custom-roles.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ author: rolyon
5
5
manager: amycolannino
6
6
ms.service: role-based-access-control
7
7
ms.topic: conceptual
8
-
ms.date: 02/22/2024
8
+
ms.date: 02/26/2025
9
9
ms.author: rolyon
10
10
---
11
11
@@ -141,10 +141,10 @@ The following table describes what the custom role properties mean.
141
141
142
142
| Property | Required | Type | Description |
143
143
| --- | --- | --- | --- |
144
-
|`Name`</br>`roleName`| Yes | String | The display name of the custom role. While a role definition is a management group or subscription-level resource, a role definition can be used in multiple subscriptions that share the same Microsoft Entra tenant. This display name must be unique at the scope of the Microsoft Entra tenant. Can include letters, numbers, spaces, and special characters. Maximum number of characters is 512. |
144
+
|`Name`</br>`roleName`| Yes | String | The display name of the custom role. While a role definition is a management group or subscription-level resource, a role definition can be used in multiple subscriptions that share the same Microsoft Entra tenant. This display name must be unique at the scope of the Microsoft Entra tenant. Can include letters, numbers, spaces, and special characters. Recommended maximum: 256 characters. |
145
145
|`Id`</br>`name`| Yes | String | The unique ID of the custom role. For Azure PowerShell and Azure CLI, this ID is automatically generated when you create a new role. |
146
146
|`IsCustom`</br>`roleType`| Yes | String | Indicates whether this is a custom role. Set to `true` or `CustomRole` for custom roles. Set to `false` or `BuiltInRole` for built-in roles. |
147
-
|`Description`</br>`description`| Yes | String | The description of the custom role. Can include letters, numbers, spaces, and special characters. Maximum number of characters is 2048. |
147
+
|`Description`</br>`description`| Yes | String | The description of the custom role. Can include letters, numbers, spaces, and special characters. Recommended maximum: 512 characters. |
148
148
|`Actions`</br>`actions`| Yes | String[]| An array of strings that specifies the control plane actions that the role allows to be performed. For more information, see [Actions](role-definitions.md#actions). |
149
149
|`NotActions`</br>`notActions`| No | String[]| An array of strings that specifies the control plane actions that are excluded from the allowed `Actions`. For more information, see [NotActions](role-definitions.md#notactions). |
150
150
|`DataActions`</br>`dataActions`| No | String[]| An array of strings that specifies the data plane actions that the role allows to be performed to your data within that object. If you create a custom role with `DataActions`, that role can't be assigned at management group scope. For more information, see [DataActions](role-definitions.md#dataactions). |
Copy file name to clipboardExpand all lines: articles/role-based-access-control/whats-new.md
+1Lines changed: 1 addition & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,6 +18,7 @@ This article provides information about new features and documentation improveme
18
18
19
19
| Date | Area | Description |
20
20
| --- | --- | --- |
21
+
| February 2025 | Limits | Updates to [Azure RBAC limits](../azure-resource-manager/management/azure-subscription-service-limits.md#azure-rbac-limits). |
21
22
| February 2025 | Roles | Added [Chaos Studio Target Contributor](built-in-roles/devops.md#chaos-studio-target-contributor) role. |
22
23
| February 2025 | Security | Added instructions for how to detect elevate access events using Microsoft Sentinel. See [Detect elevate access events using Microsoft Sentinel](elevate-access-global-admin.md#detect-elevate-access-events-using-microsoft-sentinel). |
23
24
| February 2025 | Permissions | Updated list of permissions for the Azure Container Registry. See [Microsoft.ContainerRegistry](permissions/containers.md#microsoftcontainerregistry). |
0 commit comments