Azure-docs: Provide default Role GUID's on this page
Built in roles have a default GUID that is used across all tenants
This should be added on this page to allow people writing and using these roles quick simple use of them in templates without needing to resort to CLI/PowerShell to extract these GUID's from the roles
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 99581afb-7950-6daa-7227-055d04446b7e
- Version Independent ID: f1a5bf89-9e54-aede-3a9a-70788a95927b
- Content: Built-in roles for Azure resources
- Content Source: articles/role-based-access-control/built-in-roles.md
- Service: role-based-access-control
- GitHub Login: @rolyon
- Microsoft Alias: rolyon
kilasuit
All 7 comments
@kilasuit Thanks for your feedback! We will investigate and update as appropriate.
FrankHu-MSFT
on 15 Nov 2019
Hey @kilasuit I see for reference below are all the GUIDs for all the RBAC roles.
I'm going to engage @rolyon to determine best ways to add these GUIDs into the docs, or whether or not we should do this.
Id : 8311e382-0749-4cb8-b61a-304f252e45ec
Name : AcrPush
Id : 312a565d-c81f-4fd8-895a-4e21e48d571c
Name : API Management Service Contributor
Id : 7f951dda-4ed3-4680-a7ca-43fe172d538d
Name : AcrPull
Id : 6cef56e8-d556-48e5-a04f-b8e64114680f
Name : AcrImageSigner
Id : c2f4ef07-c644-48eb-af81-4b1b4947fb11
Name : AcrDelete
Id : cdda3590-29a3-44f6-95f2-9f980659eb04
Name : AcrQuarantineReader
Id : c8d4ff99-41c3-41a8-9f60-21dfdad59608
Name : AcrQuarantineWriter
Id : e022efe7-f5ba-4159-bbe4-b44f577e9b61
Name : API Management Service Operator Role
Id : 71522526-b88f-4d52-b57f-d31fc3546d0d
Name : API Management Service Reader Role
Id : ae349356-3a1b-4a5e-921d-050484c6347e
Name : Application Insights Component Contributor
Id : 08954f03-6346-4c2e-81c0-ec3a5cfae23b
Name : Application Insights Snapshot Debugger
Id : 4fe576fe-1146-4730-92eb-48519fa6bf9f
Name : Automation Job Operator
Id : 5fb5aef8-1081-4b8e-bb16-9d5d0385bab5
Name : Automation Runbook Operator
Id : d3881f73-407a-4167-8283-e981cbba0404
Name : Automation Operator
Id : 4f8fab4f-1852-4a58-a46a-8eaf358af14a
Name : Avere Contributor
Id : c025889f-8102-4ebf-b32c-fc0c6f0c6bd9
Name : Avere Operator
Id : 0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8
Name : Azure Kubernetes Service Cluster Admin Role
Id : 4abbcc35-e782-43d8-92c5-2d3f1bd2253f
Name : Azure Kubernetes Service Cluster User Role
Id : 423170ca-a8f6-4b0f-8487-9e4eb8f49bfa
Name : Azure Maps Data Reader (Preview)
Id : 6f12a6df-dd06-4f3e-bcb1-ce8be600526a
Name : Azure Stack Registration Owner
Id : 5e467623-bb1f-42f4-a55d-6e525e11384b
Name : Backup Contributor
Id : fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64
Name : Billing Reader
Id : 00c29273-979b-4161-815c-10b084fb9324
Name : Backup Operator
Id : a795c7a0-d4a2-40c1-ae25-d81f01202912
Name : Backup Reader
Id : 31a002a1-acaf-453e-8a5b-297c9ca1ea24
Name : Blockchain Member Node Access (Preview)
Id : 5e3c6656-6cfa-4708-81fe-0de47ac73342
Name : BizTalk Contributor
Id : 426e0c7f-0c7e-4658-b36f-ff54d6c29b45
Name : CDN Endpoint Contributor
Id : 871e35f6-b5c1-49cc-a043-bde969a0f2cd
Name : CDN Endpoint Reader
Id : ec156ff8-a8d1-4d15-830c-5b80698ca432
Name : CDN Profile Contributor
Id : 8f96442b-4075-438f-813d-ad51ab4019af
Name : CDN Profile Reader
Id : b34d265f-36f7-4a0d-a4d4-e158ca92e90f
Name : Classic Network Contributor
Id : 86e8f5dc-a6e9-4c67-9d15-de283e8eac25
Name : Classic Storage Account Contributor
Id : 985d6b00-f706-48f5-a6fe-d0ca12fb668d
Name : Classic Storage Account Key Operator Service Role
Id : d73bb868-a0df-4d4d-bd69-98a00b01fccb
Name : Classic Virtual Machine Contributor
Id : a97b65f3-24c7-4388-baec-2e87135dc908
Name : Cognitive Services User
Id : b59867f0-fa02-499b-be73-45a86b5b3e1c
Name : Cognitive Services Data Reader (Preview)
Id : 25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68
Name : Cognitive Services Contributor
Id : db7b14f2-5adf-42da-9f96-f2ee17bab5cb
Name : CosmosBackupOperator
Id : b24988ac-6180-42a0-ab88-20f7382dd24c
Name : Contributor
Id : fbdf93bf-df7d-467e-a4d2-9458aa1360c8
Name : Cosmos DB Account Reader Role
Id : 434105ed-43f6-45c7-a02f-909b2ba83430
Name : Cost Management Contributor
Id : 72fafb9e-0641-4937-9268-a91bfd8191a3
Name : Cost Management Reader
Id : add466c9-e687-43fc-8d98-dfcf8d720be5
Name : Data Box Contributor
Id : 028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027
Name : Data Box Reader
Id : 673868aa-7521-48a0-acc6-0f60742d39f5
Name : Data Factory Contributor
Id : 150f5e0c-0603-4f03-8c7f-cf70034c4e90
Name : Data Purger
Id : 47b7735b-770e-4598-a7da-8b91488b4c88
Name : Data Lake Analytics Developer
Id : 76283e04-6283-4c54-8f91-bcf1374a3c64
Name : DevTest Labs User
Id : 5bd9cd88-fe45-4216-938b-f97437e15450
Name : DocumentDB Account Contributor
Id : befefa01-2a29-4197-83a8-272ff33ce314
Name : DNS Zone Contributor
Id : 428e0ff0-5e57-4d9c-a221-2c70d0e0a443
Name : EventGrid EventSubscription Contributor
Id : 2414bbcf-6497-4faf-8c65-045460748405
Name : EventGrid EventSubscription Reader
Id : 8d8d5a11-05d3-4bda-a417-a08778121c7c
Name : HDInsight Domain Services Contributor
Id : 03a6d094-3444-4b3d-88af-7477090a9e5e
Name : Intelligent Systems Account Contributor
Id : f25e0fa2-a7c8-4377-a976-54943a77a395
Name : Key Vault Contributor
Id : b97fb8bc-a8b2-4522-a38b-dd33c7e65ead
Name : Lab Creator
Id : 73c42c96-874c-492b-b04d-ab87d138a893
Name : Log Analytics Reader
Id : 92aaf0da-9dab-42b6-94a3-d43ce8d16293
Name : Log Analytics Contributor
Id : 515c2055-d9d4-4321-b1b9-bd0c9a0f79fe
Name : Logic App Operator
Id : 87a39d53-fc1b-424a-814c-f7e04687dc9e
Name : Logic App Contributor
Id : c7393b34-138c-406f-901b-d8cf2b17e6ae
Name : Managed Application Operator Role
Id : b9331d33-8a36-4f8c-b097-4f54124fdb44
Name : Managed Applications Reader
Id : f1a07417-d97a-45cb-824c-7a7467783830
Name : Managed Identity Operator
Id : e40ec5ca-96e0-45a2-b4ff-59039f2c2b59
Name : Managed Identity Contributor
Id : 5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c
Name : Management Group Contributor
Id : ac63b705-f282-497d-ac71-919bf39d939d
Name : Management Group Reader
Id : 3913510d-42f4-4e42-8a64-420c390055eb
Name : Monitoring Metrics Publisher
Id : 43d0d8ad-25c7-4714-9337-8ba259a9fe05
Name : Monitoring Reader
Id : 4d97b98b-1d4f-4787-a291-c67834d212e7
Name : Network Contributor
Id : 749f88d5-cbae-40b8-bcfc-e573ddc772fa
Name : Monitoring Contributor
Id : 5d28c62d-5b37-4476-8438-e587778df237
Name : New Relic APM Account Contributor
Id : 8e3af657-a8ff-443c-a75c-2fe8c4bcb635
Name : Owner
Id : acdd72a7-3385-48ef-bd42-f606fba81ae7
Name : Reader
Id : e0f68234-74aa-48ed-b826-c38b57376e17
Name : Redis Cache Contributor
Id : c12c1c16-33a1-487b-954d-41c89c60f349
Name : Reader and Data Access
Id : 36243c78-bf99-498c-9df9-86d9f8d28608
Name : Resource Policy Contributor (Preview)
Id : 188a0f2f-5c9e-469b-ae67-2aa5ce574b94
Name : Scheduler Job Collections Contributor
Id : 7ca78c08-252a-4471-8644-bb5ff32d4ba0
Name : Search Service Contributor
Id : fb1c8493-542b-48eb-b624-b4c8fea62acd
Name : Security Admin
Id : e3d13bf0-dd5a-482e-ba6b-9b8433878d10
Name : Security Manager (Legacy)
Id : 39bc4728-0917-49c7-9d2c-d95423bc2eb4
Name : Security Reader
Id : 8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827
Name : Spatial Anchors Account Contributor
Id : 6670b86e-a3f7-4917-ac9b-5d6ab1be4567
Name : Site Recovery Contributor
Id : 494ae006-db33-4328-bf46-533a6560a3ca
Name : Site Recovery Operator
Id : 5d51204f-eb77-4b1c-b86a-2ec626c49413
Name : Spatial Anchors Account Reader
Id : dbaa88c4-0c30-4179-9fb3-46319faa6149
Name : Site Recovery Reader
Id : 70bbe301-9835-447d-afdd-19eb3167307c
Name : Spatial Anchors Account Owner
Id : 4939a1f6-9ae0-4e48-a1e0-f2cbe897382d
Name : SQL Managed Instance Contributor
Id : 9b7fa17d-e63e-47b0-bb0a-15c516ac86ec
Name : SQL DB Contributor
Id : 056cd41c-7e88-42e1-933e-88ba6a50c9c3
Name : SQL Security Manager
Id : 17d1049b-9a84-46fb-8f53-869881c3d3ab
Name : Storage Account Contributor
Id : 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437
Name : SQL Server Contributor
Id : 81a9662b-bebf-436f-a333-f67b29880f12
Name : Storage Account Key Operator Service Role
Id : ba92f5b4-2d11-453d-a403-e96b0029c9fe
Name : Storage Blob Data Contributor
Id : b7e6dc6d-f1e8-4753-8033-0f276bb0955b
Name : Storage Blob Data Owner
Id : 2a2b9908-6ea1-4ae2-8e65-a410df84e7d1
Name : Storage Blob Data Reader
Id : 974c5e8b-45b9-4653-ba55-5f855dd0fb88
Name : Storage Queue Data Contributor
Id : 8a0f0c08-91a1-4084-bc3d-661d67233fed
Name : Storage Queue Data Message Processor
Id : c6a89b2d-59bc-44d0-9896-0f6e12d7b80a
Name : Storage Queue Data Message Sender
Id : 19e7f393-937e-4f77-808e-94535e297925
Name : Storage Queue Data Reader
Id : cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e
Name : Support Request Contributor
Id : a4b10055-b0c7-44c2-b00f-c7b5b3550cf7
Name : Traffic Manager Contributor
Id : 1c0163c0-47e6-4577-8991-ea5c82e286e4
Name : Virtual Machine Administrator Login
Id : 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9
Name : User Access Administrator
Id : fb879df8-f326-4884-b1cf-06f3ad86be52
Name : Virtual Machine User Login
Id : 9980e02c-c2be-4d73-94e8-173b1dc7cf3c
Name : Virtual Machine Contributor
Id : 2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b
Name : Web Plan Contributor
Id : de139f84-1756-47ae-9be6-808fbbe84772
Name : Website Contributor
Id : 090c5cfd-751d-490a-894a-3ce6f1109419
Name : Azure Service Bus Data Owner
Id : f526a384-b230-433a-b45c-95f59c4a2dec
Name : Azure Event Hubs Data Owner
Id : 61ed4efc-fab3-44fd-b111-e24485cc132a
Name : HDInsight Cluster Operator
Id : 230815da-be43-4aae-9cb4-875f7bd000aa
Name : Cosmos DB Operator
Id : a638d3c7-ab3a-418d-83e6-5f17a39d4fde
Name : Azure Event Hubs Data Receiver
Id : 2b629674-e913-4c01-ae53-ef4638d8f975
Name : Azure Event Hubs Data Sender
Id : 4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0
Name : Azure Service Bus Data Receiver
Id : 69a216fc-b8fb-44d8-bc22-1f3c2cd27a39
Name : Azure Service Bus Data Sender
Id : aba4ae5f-2193-4029-9191-0cb91df5e314
Name : Storage File Data SMB Share Reader
Id : 0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb
Name : Storage File Data SMB Share Contributor
Id : db58b8e5-c6ad-4a2a-8342-4190687cbf4a
Name : Storage Blob Delegator
Id : a7264617-510b-434b-a828-9731dc254ea7
Name : Storage File Data SMB Share Elevated Contributor
Id : 41077137-e803-4205-871c-5a86e6a753b4
Name : Blueprint Contributor
Id : 437d2ced-4a38-4302-8479-ed2bcb43d090
Name : Blueprint Operator
Id : ab8e14d6-4a74-4a29-9ba8-549422addade
Name : Azure Sentinel Contributor
Id : 3e150937-b8fe-4cfb-8069-0eaf05ecd056
Name : Azure Sentinel Responder
Id : 8d289c81-5878-46d4-8554-54e1e3d8b5cb
Name : Azure Sentinel Reader
Id : 91c1777a-f3dc-4fae-b103-61d183457e46
Name : Managed Services Registration assignment Delete Role
FrankHu-MSFT
on 16 Nov 2019
In addition to the above, you can utilize the powershell cmdlet defined here to get your respective GUIDs : https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-powershell
FrankHu-MSFT
on 16 Nov 2019
Hi @kilasuit
Thanks for the feedback. All of these unique IDs are listed on the following page:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Can you clarify what you are requesting?
thanks
rolyon
on 16 Nov 2019
Hi @kilasuit
I also included IDs in the top table:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
thanks
rolyon
on 19 Nov 2019
please-close
rolyon
on 19 Nov 2019
Hi @rolyon
that was exactly what I was meaning with this issue & to add them into the top table
Many Thanks for doing that :-)
kilasuit
on 20 Nov 2019
Related issues
bityob
·
3Comments
spottedmahn
·
3Comments
AronT-TLV
·
3Comments
jharbieh
·
3Comments
spottedmahn
·
3Comments