ARM Roles

The ARM Roles page provides a list of enumerated ARM roles in entire Azure. The list contains the Object ID, Description, Type, Privileged, Tier 0 and Built In.

ARM Roles Details

Details page contains the Risk Score of the role, Exposure Point and Information panes.

Info You can analyze objects in the Graph module by clicking the Visualize button on the upper left side of the Information Pane.

Information

Information Pane can contain different badges to highlight important attributes.

Badge
Description

Built-In

Indicates the role is a built-in Azure ARM role

Tier 0

Indicates the role is classified as Tier 0

Tier 2

Indicates the role is classified as Tier 2

Privileged

Indicates the role has privileged permissions

Information Pane contains Details, Actions, Not Actions, Data Actions, Not Data Actions, Groups, Service Principals, Users.

Details

Details tab contains attributes below about the AZ ARM role.

Attribute
Description

Name

The display name of the role with tenant suffix

Type

The type of the role (e.g., BuiltInRole)

Role Name

The original name of the role without tenant suffix

Is Built In

Indicates whether the role is a built-in Azure role

Description

A brief description of the role and its permissions

Tenant

The tenant the role belongs to

Assignable Scopes

The scopes at which the role can be assigned

Object ID

The unique identifier (GUID) of the role

Member Count

The number of members assigned to this role

Created On

The date and time when the role was created

Updated On

The date and time when the role was last updated

Actions

Actions tab contains a list of management actions that the role allows. This list identifies the operations that can be performed on Azure resources when the role is assigned.

Not Actions

Not Actions tab contains a list of management actions that are excluded from the role. These are operations that are explicitly denied even if allowed by Actions.

Data Actions

Data Actions tab contains a list of data operations that the role allows. These are operations performed on data within Azure resources (e.g., reading blob data).

Not Data Actions

Not Data Actions tab contains a list of data operations that are excluded from the role. These are data operations that are explicitly denied even if allowed by Data Actions.

Groups

Groups tab contains a list of groups that have been assigned this role. This list also contains Enabled and On Prem Sync Enabled columns to identify the status of these groups.

Service Principals

Service Principals tab contains a list of service principals that have been assigned this role. This list also contains Enabled, App Display Name, Service Principal Type columns to identify the status of these service principals.

Users

Users tab contains a list of users that have been assigned this role. This list also contains Enabled and On Prem Sync Enabled columns to identify the status of these users.

Last updated

Was this helpful?