search

Azure / azure-powershell

Microsoft Azure PowerShell
Other
4.21k stars 3.82k forks source link

Get-AzureRmRoleAssignment -Scope "/subscriptions/$SubscriptionId -IncludeClassicAdministrator not returning expected results #7679

Closed clfilipe closed 5 years ago

clfilipe commented 5 years ago

The command Get-AzureRmRoleAssignment -Scope "/subscriptions/$SubscriptionId does not return the Role Assignments of the subscription that was defined on scope. It only provides the Role assignments that are available for the subscription that is set at the moment of "Connect-AzureRmAccount". The user is not able to change the subscription if he does not run Select-AzureRmSubscription -SubscriptionId $SubscriptionId before running Get-AzureRmRoleAssignment. This is not what the documentation states and the PowerShell command should be reviewed.

markcowl commented 5 years ago

@clfilipe Can you please provide a debug trace showing an improperly returned role assignment?

Per the issue template, set $DebugPreference="Continue" and then execute the cmdlet with the aberrant behavior

clfilipe commented 5 years ago

Hello Mark,

Thank you for your e-mail. As requested, please find attached the Debug for the following command:

$DebugPreference = “Continue” Start-Transcript -path c:\GetAzureRmRoleAssignment.txt Connect-AzureRmAccount -TenantId 1b775e95-f070-4703-99c1-7d7ca62539dc Get-AzureRmRoleAssignment -Scope "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9" -IncludeClassicAdministrators Stop-Transcript $DebugPreference = 'SilentlyContinue'

We can see below that the subscription does not change for the Classic Administrator Roles when I try to scope. The user (photo@actionfour.onmicrosoft.commailto:photo@actionfour.onmicrosoft.com) is logged in and using the subscription bb5a765b-597f-49c1-a302-0881cfbcbc55 so all of the co-admin requests are targeting this subscription even though I am changing the scope for c36c3336-1b80-461f-afc6-0e794a55dfc9. Currently, we need to run the command Select-AzureRmSubscription -SubscriptionId $subscriptionId before in order to return Classic Role assignments for that sub.

[cid:image002.jpg@01D46F14.07614030]

Hope this was helpful to explain what I am trying to share. Let me know if you need anything else.

Thank you very much and best regards,

Cláudia Paiva Filipe Support Engineer EMEA Cloud Identity POD Support Customer Service and Support Office: +351 (21) 0602345 Claudia.Filipe@microsoft.commailto:Claudia.Filipe@microsoft.com 9:00 – 18:00 (UTC) [cid:image003.png@01D341B8.7D1BACF0] Alternate Contacts if I am unavailable: Backup | cloudidpodemea@microsoft.com Team Manager | Susana Rodrigues (susanar@microsoft.commailto:susanar@microsoft.com) +351 (21) 0491316

If you have any feedback about my work, please let either me or my manager Susana Rodrigues know at susanar@microsoft.commailto:susanar@microsoft.com

From: Mark Cowlishaw notifications@github.com Sent: 26 de outubro de 2018 19:10 To: Azure/azure-powershell azure-powershell@noreply.github.com Cc: Claudia Filipe Claudia.Filipe@microsoft.com; Mention mention@noreply.github.com Subject: Re: [Azure/azure-powershell] Get-AzureRmRoleAssignment -Scope "/subscriptions/$SubscriptionId -IncludeClassicAdministrator not returning expected results (#7679)

@clfilipehttps://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fclfilipe&data=02%7C01%7CClaudia.Filipe%40microsoft.com%7C4e98b1c0879d432723ef08d63b6e45fb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636761742144409646&sdata=uAZl4trB98wLrBV2gX2peaG2LKfC6MhoHQsypTmmr%2BQ%3D&reserved=0 Can you please provide a debug trace showing an improperly returned role assignment?

Per the issue template, set $DebugPreference="Continue" and then execute the cmdlet with the aberrant behavior

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAzure%2Fazure-powershell%2Fissues%2F7679%23issuecomment-433495973&data=02%7C01%7CClaudia.Filipe%40microsoft.com%7C4e98b1c0879d432723ef08d63b6e45fb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636761742144419659&sdata=woiDoylBG6vyDj3UlO3%2BBfq65E0CcSptrouJXrJHRkk%3D&reserved=0, or mute the threadhttps://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAqb5xllvPhkRPmI7IDfLViBosEaOFHHTks5uo1AEgaJpZM4X8D_4&data=02%7C01%7CClaudia.Filipe%40microsoft.com%7C4e98b1c0879d432723ef08d63b6e45fb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636761742144419659&sdata=pXqzGQVD%2Bt%2FsC0Bz0%2Fug9m2gzizII44kwPbGmvu8lXk%3D&reserved=0.

** Windows PowerShell transcript start Start time: 20181028224902 Username: EUROPE\clfilipe RunAs User: EUROPE\clfilipe Configuration Name: Machine: CLFILIPE-YOGA (Microsoft Windows NT 10.0.17134.0) Host Application: C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe Process ID: 26088 PSVersion: 5.1.17134.228 PSEdition: Desktop PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.228 BuildVersion: 10.0.17134.228 CLRVersion: 4.0.30319.42000 WSManStackVersion: 3.0 PSRemotingProtocolVersion: 2.3 SerializationVersion: 1.1.0.1

Transcript started, output file is c:\GetAzureRmRoleAssignment.txt DEBUG: 22:49:02 - ConnectAzureRmAccountCommand begin processing with ParameterSet 'UserWithSubscriptionId'. DEBUG: 22:49:02 - using account id 'photo@actionfour.onmicrosoft.com'... DEBUG: 22:49:02 - Autosave setting from startup session: 'CurrentUser' DEBUG: 22:49:02 - No autosave setting detected in environment variable 'AzureRmContextAutoSave'. DEBUG: 22:49:02 - Using Autosave scope 'CurrentUser' DEBUG: [Common.Authentication]: Authenticating using configuration values: Domain: '1b775e95-f070-4703-99c1-7d7ca62539dc', Endpoint: 'https://login.microsoftonline.com/', ClientId: '1950a258-227b-4e31-a9cf-717495945fc2', ClientRedirect: 'urn:ietf:wg:oauth:2.0:oob', ResourceClientUri: 'https://management.core.windows.net/', ValidateAuthrity: 'True' DEBUG: [Common.Authentication]: Acquiring token using context with Authority 'https://login.microsoftonline.com/1b775e95-f070-4703-99c1-7d7ca62539dc/', CorrelationId: '00000000-0000-0000-0000-000000000000', ValidateAuthority: 'True' DEBUG: [Common.Authentication]: Acquiring token using AdalConfiguration with Domain: '1b775e95-f070-4703-99c1-7d7ca62539dc', AdEndpoint: 'https://login.microsoftonline.com/', ClientId: '1950a258-227b-4e31-a9cf-717495945fc2', ClientRedirectUri: urn:ietf:wg:oauth:2.0:oob DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : DEBUG: 10/28/2018 22:49:02: 4918106a-556c-43ec-9eed-8cb52d189da5 - AcquireTokenHandlerBase: === Token Acquisition started: Authority: https://login.microsoftonline.com/1b775e95-f070-4703-99c1-7d7ca62539dc/ Resource: https://management.core.windows.net/ ClientId: 1950a258-227b-4e31-a9cf-717495945fc2 CacheType: Microsoft.Azure.Commands.Common.Authentication.ProtectedFileTokenCache (10 items) Authentication Target: User DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : DEBUG: 10/28/2018 22:49:02: - WindowsFormsWebAuthenticationDialogBase: Navigating to 'https://login.microsoftonline.com/1b775e95-f070-4703-99c1-7d7ca62539dc/oauth2/authorize?resource=https://management.core.windows.net/&client_id=1950a258-227b-4e31-a9cf-717495945fc2&response_type=code&haschrome=1&redirect_uri=urn:ietf:wg:oauth:2.0:oob&client-request-id=4918106a-556c-43ec-9eed-8cb52d189da5&prompt=login&x-client-SKU=.NET&x-client-Ver=2.28.3.860&x-client-CPU=x64&x-client-OS=Microsoft Windows NT 10.0.17134.0&site_id=501358&display=popup'. DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : DEBUG: 10/28/2018 22:49:03: - WindowsFormsWebAuthenticationDialogBase: Navigating to 'https://login.microsoftonline.com/1b775e95-f070-4703-99c1-7d7ca62539dc/oauth2/authorize?resource=https://management.core.windows.net/&client_id=1950a258-227b-4e31-a9cf-717495945fc2&response_type=code&haschrome=1&redirect_uri=urn:ietf:wg:oauth:2.0:oob&client-request-id=4918106a-556c-43ec-9eed-8cb52d189da5&prompt=login&x-client-SKU=.NET&x-client-Ver=2.28.3.860&x-client-CPU=x64&x-client-OS=Microsoft Windows NT 10.0.17134.0&site_id=501358&display=popup&sso_nonce=AQABAAAAAAC5una0EUFgTIF8ElaxtWjTAW8-S-g1HKK_5MmsMFK8ebCYAqlPWJ5nkiv0hc-GvlvMgXDLuA4YDRkJ2daBMRyWXlO-pzjNYSdHlr1jJeqB3yAA&mscrid=4918106a-556c-43ec-9eed-8cb52d189da5'. DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : DEBUG: 10/28/2018 22:49:03: - WindowsFormsWebAuthenticationDialogBase: Navigated to 'https://login.microsoftonline.com/1b775e95-f070-4703-99c1-7d7ca62539dc/oauth2/authorize?resource=https://management.core.windows.net/&client_id=1950a258-227b-4e31-a9cf-717495945fc2&response_type=code&haschrome=1&redirect_uri=urn:ietf:wg:oauth:2.0:oob&client-request-id=4918106a-556c-43ec-9eed-8cb52d189da5&prompt=login&x-client-SKU=.NET&x-client-Ver=2.28.3.860&x-client-CPU=x64&x-client-OS=Microsoft Windows NT 10.0.17134.0&site_id=501358&display=popup&sso_nonce=AQABAAAAAAC5una0EUFgTIF8ElaxtWjTAW8-S-g1HKK_5MmsMFK8ebCYAqlPWJ5nkiv0hc-GvlvMgXDLuA4YDRkJ2daBMRyWXlO-pzjNYSdHlr1jJeqB3yAA&mscrid=4918106a-556c-43ec-9eed-8cb52d189da5'. DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : DEBUG: 10/28/2018 22:49:17: - WindowsFormsWebAuthenticationDialogBase: Navigating to 'https://login.microsoftonline.com/1b775e95-f070-4703-99c1-7d7ca62539dc/login'. DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : DEBUG: 10/28/2018 22:49:17: - WindowsFormsWebAuthenticationDialogBase: WebBrowser state: IsBusy: True, ReadyState: Complete, Created: True, Disposing: False, IsDisposed: False, IsOffline: False DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : DEBUG: 10/28/2018 22:49:17: - WindowsFormsWebAuthenticationDialogBase: WebBrowser state (after Stop): IsBusy: False, ReadyState: Complete, Created: True, Disposing: False, IsDisposed: False, IsOffline: False DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : DEBUG: 10/28/2018 22:49:18: - TokenCache: Deserialized 10 items to token cache. DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : DEBUG: 10/28/2018 22:49:18: 4918106a-556c-43ec-9eed-8cb52d189da5 - TokenCache: Storing token in the cache... DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : DEBUG: 10/28/2018 22:49:18: 4918106a-556c-43ec-9eed-8cb52d189da5 - TokenCache: An item was stored in the cache DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : DEBUG: 10/28/2018 22:49:18: 4918106a-556c-43ec-9eed-8cb52d189da5 - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned: Access Token Hash: oNcCfgj49AwdqcSnpM0YNjzd7T/PBCdxvgFUR0i4LAE= Refresh Token Hash: gVlD8G1ADGdUcucBdyqeWXAczbqmGSNM9kypSiQd7cg= Expiration Time: 10/28/2018 23:49:17 +00:00 User Hash: k14r/IVOxuXayKLdmHUJQhyE4IbemtutwN1UrALjYQE= DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : DEBUG: 10/28/2018 22:49:18: - TokenCache: Serializing token cache with 10 items. DEBUG: ============================ HTTP REQUEST ============================

HTTP Method: GET

Absolute Uri: https://management.azure.com/subscriptions?api-version=2016-06-01

Headers: x-ms-client-request-id : d5d6959c-c8fc-497b-be36-618f8e997903 accept-language : en-US

Body: DEBUG: ============================ HTTP RESPONSE ============================

Status Code: OK

Headers: Pragma : no-cache x-ms-ratelimit-remaining-tenant-reads: 11999 x-ms-request-id : 823beab8-c73a-4c61-9d56-63345bec50ca x-ms-correlation-request-id : 823beab8-c73a-4c61-9d56-63345bec50ca x-ms-routing-request-id : UKWEST:20181028T224916Z:823beab8-c73a-4c61-9d56-63345bec50ca Strict-Transport-Security : max-age=31536000; includeSubDomains X-Content-Type-Options : nosniff Cache-Control : no-cache Date : Sun, 28 Oct 2018 22:49:16 GMT

Body: { "value": [ { "id": "/subscriptions/bb5a765b-597f-49c1-a302-0881cfbcbc55", "subscriptionId": "bb5a765b-597f-49c1-a302-0881cfbcbc55", "displayName": "Pago pelo Uso", "state": "Enabled", "subscriptionPolicies": { "locationPlacementId": "Public_2014-09-01", "quotaId": "PayAsYouGo_2014-09-01", "spendingLimit": "Off" }, "authorizationSource": "Legacy, RoleBased" }, { "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9", "subscriptionId": "c36c3336-1b80-461f-afc6-0e794a55dfc9", "displayName": "Pay-As-You-Go", "state": "Enabled", "subscriptionPolicies": { "locationPlacementId": "Public_2014-09-01", "quotaId": "PayAsYouGo_2014-09-01", "spendingLimit": "Off" }, "authorizationSource": "Legacy, RoleBased" } ] }

Account : photo@actionfour.onmicrosoft.com SubscriptionName : Pago pelo Uso SubscriptionId : bb5a765b-597f-49c1-a302-0881cfbcbc55 TenantId : 1b775e95-f070-4703-99c1-7d7ca62539dc Environment : AzureCloud

DEBUG: AzureQoSEvent: CommandName - Connect-AzureRmAccount; IsSuccess - True; Duration - 00:00:16.3890009; Exception - ; DEBUG: Finish sending metric. DEBUG: 22:49:19 - ConnectAzureRmAccountCommand end processing. DEBUG: 22:49:19 - ConnectAzureRmAccountCommand end processing. DEBUG: 22:49:19 - GetAzureRoleAssignmentCommand begin processing with ParameterSet 'ScopeParameterSet'. DEBUG: 22:49:19 - using account id 'photo@actionfour.onmicrosoft.com'... DEBUG: [Common.Authentication]: Authenticating using Account: 'photo@actionfour.onmicrosoft.com', environment: 'AzureCloud', tenant: '1b775e95-f070-4703-99c1-7d7ca62539dc' DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : DEBUG: 10/28/2018 22:49:19: e3df5faf-e3ad-426b-98d1-ebe8e2f07606 - AcquireTokenHandlerBase: === Token Acquisition started: Authority: https://login.microsoftonline.com/1b775e95-f070-4703-99c1-7d7ca62539dc/ Resource: https://graph.windows.net/ ClientId: 1950a258-227b-4e31-a9cf-717495945fc2 CacheType: Microsoft.Azure.Commands.Common.Authentication.ProtectedFileTokenCache (10 items) Authentication Target: User DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : DEBUG: 10/28/2018 22:49:19: - TokenCache: Deserialized 10 items to token cache. DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : DEBUG: 10/28/2018 22:49:19: e3df5faf-e3ad-426b-98d1-ebe8e2f07606 - TokenCache: Looking up cache for a token... DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : DEBUG: 10/28/2018 22:49:19: e3df5faf-e3ad-426b-98d1-ebe8e2f07606 - TokenCache: An item matching the requested resource was found in the cache DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : DEBUG: 10/28/2018 22:49:19: e3df5faf-e3ad-426b-98d1-ebe8e2f07606 - TokenCache: 47.6135074533333 minutes left until token in cache expires DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : DEBUG: 10/28/2018 22:49:19: e3df5faf-e3ad-426b-98d1-ebe8e2f07606 - TokenCache: A matching item (access token or refresh token or both) was found in the cache DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : DEBUG: 10/28/2018 22:49:19: e3df5faf-e3ad-426b-98d1-ebe8e2f07606 - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned: Access Token Hash: rrn5gmDuYlV0rtjU2I0YykOAPAqagwCGYANKMQuyvIw= Refresh Token Hash: gVlD8G1ADGdUcucBdyqeWXAczbqmGSNM9kypSiQd7cg= Expiration Time: 10/28/2018 23:36:56 +00:00 User Hash: k14r/IVOxuXayKLdmHUJQhyE4IbemtutwN1UrALjYQE= DEBUG: [Common.Authentication]: Authenticating using Account: 'photo@actionfour.onmicrosoft.com', environment: 'AzureCloud', tenant: '1b775e95-f070-4703-99c1-7d7ca62539dc' DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : DEBUG: 10/28/2018 22:49:19: 189087b7-d8d2-494e-a593-2a73c83fd059 - AcquireTokenHandlerBase: === Token Acquisition started: Authority: https://login.microsoftonline.com/1b775e95-f070-4703-99c1-7d7ca62539dc/ Resource: https://management.core.windows.net/ ClientId: 1950a258-227b-4e31-a9cf-717495945fc2 CacheType: Microsoft.Azure.Commands.Common.Authentication.ProtectedFileTokenCache (10 items) Authentication Target: User DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : DEBUG: 10/28/2018 22:49:19: - TokenCache: Deserialized 10 items to token cache. DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : DEBUG: 10/28/2018 22:49:19: 189087b7-d8d2-494e-a593-2a73c83fd059 - TokenCache: Looking up cache for a token... DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : DEBUG: 10/28/2018 22:49:19: 189087b7-d8d2-494e-a593-2a73c83fd059 - TokenCache: An item matching the requested resource was found in the cache DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : DEBUG: 10/28/2018 22:49:19: 189087b7-d8d2-494e-a593-2a73c83fd059 - TokenCache: 59.9628962316667 minutes left until token in cache expires DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : DEBUG: 10/28/2018 22:49:19: 189087b7-d8d2-494e-a593-2a73c83fd059 - TokenCache: A matching item (access token or refresh token or both) was found in the cache DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : DEBUG: 10/28/2018 22:49:19: 189087b7-d8d2-494e-a593-2a73c83fd059 - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned: Access Token Hash: oNcCfgj49AwdqcSnpM0YNjzd7T/PBCdxvgFUR0i4LAE= Refresh Token Hash: gVlD8G1ADGdUcucBdyqeWXAczbqmGSNM9kypSiQd7cg= Expiration Time: 10/28/2018 23:49:17 +00:00 User Hash: k14r/IVOxuXayKLdmHUJQhyE4IbemtutwN1UrALjYQE= DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : DEBUG: 10/28/2018 22:49:19: 25bade4a-6443-4b17-9b51-e74f7b099d16 - AcquireTokenHandlerBase: === Token Acquisition started: Authority: https://login.microsoftonline.com/1b775e95-f070-4703-99c1-7d7ca62539dc/ Resource: https://management.core.windows.net/ ClientId: 1950a258-227b-4e31-a9cf-717495945fc2 CacheType: Microsoft.Azure.Commands.Common.Authentication.ProtectedFileTokenCache (10 items) Authentication Target: User DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : DEBUG: 10/28/2018 22:49:19: - TokenCache: Deserialized 10 items to token cache. DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : DEBUG: 10/28/2018 22:49:19: 25bade4a-6443-4b17-9b51-e74f7b099d16 - TokenCache: Looking up cache for a token... DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : DEBUG: 10/28/2018 22:49:19: 25bade4a-6443-4b17-9b51-e74f7b099d16 - TokenCache: An item matching the requested resource was found in the cache DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : DEBUG: 10/28/2018 22:49:19: 25bade4a-6443-4b17-9b51-e74f7b099d16 - TokenCache: 59.9626358533333 minutes left until token in cache expires DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : DEBUG: 10/28/2018 22:49:19: 25bade4a-6443-4b17-9b51-e74f7b099d16 - TokenCache: A matching item (access token or refresh token or both) was found in the cache DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : DEBUG: 10/28/2018 22:49:19: 25bade4a-6443-4b17-9b51-e74f7b099d16 - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned: Access Token Hash: oNcCfgj49AwdqcSnpM0YNjzd7T/PBCdxvgFUR0i4LAE= Refresh Token Hash: gVlD8G1ADGdUcucBdyqeWXAczbqmGSNM9kypSiQd7cg= Expiration Time: 10/28/2018 23:49:17 +00:00 User Hash: k14r/IVOxuXayKLdmHUJQhyE4IbemtutwN1UrALjYQE= DEBUG: ============================ HTTP REQUEST ============================

HTTP Method: GET

Absolute Uri: https://management.azure.com//subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleAssignments?api-version=2018-01-01-preview

Headers: x-ms-client-request-id : 0fcbda48-327c-45df-adb7-afdea0667518 accept-language : en-US

Body: DEBUG: ============================ HTTP RESPONSE ============================

Status Code: OK

Headers: Pragma : no-cache x-ms-request-charge : 1 x-ms-request-id : 7d849521-5b61-4943-8820-41bfc9877ee4 X-Content-Type-Options : nosniff Strict-Transport-Security : max-age=31536000; includeSubDomains x-ms-ratelimit-remaining-subscription-reads: 11999 x-ms-correlation-request-id : a4afb1bb-264c-4d7c-9b54-308711b8f50a x-ms-routing-request-id : UKWEST:20181028T224917Z:a4afb1bb-264c-4d7c-9b54-308711b8f50a Cache-Control : no-cache Date : Sun, 28 Oct 2018 22:49:17 GMT Set-Cookie : x-ms-gateway-slice=productionb; path=/; secure; HttpOnly Server : Microsoft-IIS/10.0

Body: { "value": [ { "properties": { "roleDefinitionId": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635", "principalId": "39890d74-9eae-4456-9422-2a4d1849a656", "principalType": "User", "scope": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9", "createdOn": "2018-10-26T10:37:53.4998141Z", "updatedOn": "2018-10-26T10:37:53.4998141Z", "createdBy": "724bc5a9-d094-4502-a06f-a16b87b65e4b", "updatedBy": "724bc5a9-d094-4502-a06f-a16b87b65e4b" }, "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleAssignments/0e92d5a6-a632-454f-8f15-d455bc9c3f6f", "type": "Microsoft.Authorization/roleAssignments", "name": "0e92d5a6-a632-454f-8f15-d455bc9c3f6f" }, { "properties": { "roleDefinitionId": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9", "principalId": "724bc5a9-d094-4502-a06f-a16b87b65e4b", "principalType": "User", "scope": "/", "createdOn": "2018-10-26T10:26:13.0834258Z", "updatedOn": "2018-10-26T10:26:13.0834258Z", "createdBy": "724bc5a9-d094-4502-a06f-a16b87b65e4b", "updatedBy": "724bc5a9-d094-4502-a06f-a16b87b65e4b" }, "id": "/providers/Microsoft.Authorization/roleAssignments/8a9a2cf3-3e0a-4b11-bd1f-3ee163cc4f2a", "type": "Microsoft.Authorization/roleAssignments", "name": "8a9a2cf3-3e0a-4b11-bd1f-3ee163cc4f2a" } ] } DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : DEBUG: 10/28/2018 22:49:20: 2eeb4c02-e3c7-40a8-9e36-222ae2a3698f - AcquireTokenHandlerBase: === Token Acquisition started: Authority: https://login.microsoftonline.com/1b775e95-f070-4703-99c1-7d7ca62539dc/ Resource: https://management.core.windows.net/ ClientId: 1950a258-227b-4e31-a9cf-717495945fc2 CacheType: Microsoft.Azure.Commands.Common.Authentication.ProtectedFileTokenCache (10 items) Authentication Target: User DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : DEBUG: 10/28/2018 22:49:20: - TokenCache: Deserialized 10 items to token cache. DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : DEBUG: 10/28/2018 22:49:20: 2eeb4c02-e3c7-40a8-9e36-222ae2a3698f - TokenCache: Looking up cache for a token... DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : DEBUG: 10/28/2018 22:49:20: 2eeb4c02-e3c7-40a8-9e36-222ae2a3698f - TokenCache: An item matching the requested resource was found in the cache DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : DEBUG: 10/28/2018 22:49:20: 2eeb4c02-e3c7-40a8-9e36-222ae2a3698f - TokenCache: 59.9546763466667 minutes left until token in cache expires DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : DEBUG: 10/28/2018 22:49:20: 2eeb4c02-e3c7-40a8-9e36-222ae2a3698f - TokenCache: A matching item (access token or refresh token or both) was found in the cache DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : DEBUG: 10/28/2018 22:49:20: 2eeb4c02-e3c7-40a8-9e36-222ae2a3698f - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned: Access Token Hash: oNcCfgj49AwdqcSnpM0YNjzd7T/PBCdxvgFUR0i4LAE= Refresh Token Hash: gVlD8G1ADGdUcucBdyqeWXAczbqmGSNM9kypSiQd7cg= Expiration Time: 10/28/2018 23:49:17 +00:00 User Hash: k14r/IVOxuXayKLdmHUJQhyE4IbemtutwN1UrALjYQE= DEBUG: ============================ HTTP REQUEST ============================

HTTP Method: GET

Absolute Uri: https://management.azure.com//subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions?api-version=2018-01-01-preview

Headers: x-ms-client-request-id : 1450f4af-1d29-4298-93fa-f08ed29cc1a9 accept-language : en-US

Body: DEBUG: ============================ HTTP RESPONSE ============================

Status Code: OK

Headers: Pragma : no-cache x-ms-request-charge : 1 x-ms-request-id : b7ed592d-b9cb-4ebb-84ef-155f41e32988 X-Content-Type-Options : nosniff Strict-Transport-Security : max-age=31536000; includeSubDomains x-ms-ratelimit-remaining-subscription-reads: 11998 x-ms-correlation-request-id : c76a2226-d662-4f77-966c-565a3dccbd29 x-ms-routing-request-id : UKWEST:20181028T224918Z:c76a2226-d662-4f77-966c-565a3dccbd29 Cache-Control : no-cache Date : Sun, 28 Oct 2018 22:49:17 GMT Set-Cookie : x-ms-gateway-slice=productionb; path=/; secure; HttpOnly Server : Microsoft-IIS/10.0

Body: { "value": [ { "properties": { "roleName": "AcrImagePuller", "type": "BuiltInRole", "description": "acr image puller", "assignableScopes": [ "/" ], "permissions": [ { "actions": [ "Microsoft.ContainerRegistry/registries/pull/read" ], "notActions": [], "dataActions": [], "notDataActions": [] } ], "createdOn": "2018-10-22T19:01:56.8227182Z", "updatedOn": "2018-10-22T19:30:16.7630891Z", "createdBy": null, "updatedBy": null }, "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d", "type": "Microsoft.Authorization/roleDefinitions", "name": "7f951dda-4ed3-4680-a7ca-43fe172d538d" }, { "properties": { "roleName": "AcrImageSigner", "type": "BuiltInRole", "description": "acr image signer", "assignableScopes": [ "/" ], "permissions": [ { "actions": [ "Microsoft.ContainerRegistry/registries//read", "Microsoft.ContainerRegistry/registries//write" ], "notActions": [], "dataActions": [], "notDataActions": [] } ], "createdOn": "2018-03-15T23:23:08.4038322Z", "updatedOn": "2018-03-17T01:25:51.8758677Z", "createdBy": null, "updatedBy": null }, "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/6cef56e8-d556-48e5-a04f-b8e64114680f", "type": "Microsoft.Authorization/roleDefinitions", "name": "6cef56e8-d556-48e5-a04f-b8e64114680f" }, { "properties": { "roleName": "AcrQuarantineReader", "type": "BuiltInRole", "description": "acr quarantine data reader", "assignableScopes": [ "/" ], "permissions": [ { "actions": [ "Microsoft.ContainerRegistry/registries//read" ], "notActions": [], "dataActions": [], "notDataActions": [] } ], "createdOn": "2018-03-16T00:27:39.9596835Z", "updatedOn": "2018-03-17T01:26:48.6387319Z", "createdBy": null, "updatedBy": null }, "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/cdda3590-29a3-44f6-95f2-9f980659eb04", "type": "Microsoft.Authorization/roleDefinitions", "name": "cdda3590-29a3-44f6-95f2-9f980659eb04" }, { "properties": { "roleName": "AcrQuarantineWriter", "type": "BuiltInRole", "description": "acr quarantine data writer", "assignableScopes": [ "/" ], "permissions": [ { "actions": [ "Microsoft.ContainerRegistry/registries//write", "Microsoft.ContainerRegistry/registries//read" ], "notActions": [], "dataActions": [], "notDataActions": [] } ], "createdOn": "2018-03-16T00:26:37.587182Z", "updatedOn": "2018-03-17T01:27:36.3941651Z", "createdBy": null, "updatedBy": null }, "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", "type": "Microsoft.Authorization/roleDefinitions", "name": "c8d4ff99-41c3-41a8-9f60-21dfdad59608" }, { "properties": { "roleName": "API Management Service Contributor", "type": "BuiltInRole", "description": "Lets you manage API Management services, but not access to them.", "assignableScopes": [ "/" ], "permissions": [ { "actions": [ "Microsoft.ApiManagement/service/", "Microsoft.Authorization//read", "Microsoft.Insights/alertRules/", "Microsoft.ResourceHealth/availabilityStatuses/read", "Microsoft.Resources/deployments/", "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Support/" ], "notActions": [], "dataActions": [], "notDataActions": [] } ], "createdOn": "0001-01-01T08:00:00Z", "updatedOn": "2017-01-23T23:12:00.5823195Z", "createdBy": null, "updatedBy": null }, "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/312a565d-c81f-4fd8-895a-4e21e48d571c", "type": "Microsoft.Authorization/roleDefinitions", "name": "312a565d-c81f-4fd8-895a-4e21e48d571c" }, { "properties": { "roleName": "API Management Service Operator Role", "type": "BuiltInRole", "description": "Can manage service but not the APIs", "assignableScopes": [ "/" ], "permissions": [ { "actions": [ "Microsoft.ApiManagement/service//read", "Microsoft.ApiManagement/service/backup/action", "Microsoft.ApiManagement/service/delete", "Microsoft.ApiManagement/service/managedeployments/action", "Microsoft.ApiManagement/service/read", "Microsoft.ApiManagement/service/restore/action", "Microsoft.ApiManagement/service/updatecertificate/action", "Microsoft.ApiManagement/service/updatehostname/action", "Microsoft.ApiManagement/service/write", "Microsoft.Authorization//read", "Microsoft.Insights/alertRules/", "Microsoft.ResourceHealth/availabilityStatuses/read", "Microsoft.Resources/deployments/", "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Support/" ], "notActions": [ "Microsoft.ApiManagement/service/users/keys/read" ], "dataActions": [], "notDataActions": [] } ], "createdOn": "2016-11-09T00:03:42.1194019Z", "updatedOn": "2016-11-18T23:56:25.4682649Z", "createdBy": null, "updatedBy": null }, "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/e022efe7-f5ba-4159-bbe4-b44f577e9b61", "type": "Microsoft.Authorization/roleDefinitions", "name": "e022efe7-f5ba-4159-bbe4-b44f577e9b61" }, { "properties": { "roleName": "API Management Service Reader Role", "type": "BuiltInRole", "description": "Read-only access to service and APIs", "assignableScopes": [ "/" ], "permissions": [ { "actions": [ "Microsoft.ApiManagement/service//read", "Microsoft.ApiManagement/service/read", "Microsoft.Authorization//read", "Microsoft.Insights/alertRules/", "Microsoft.ResourceHealth/availabilityStatuses/read", "Microsoft.Resources/deployments/", "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Support/" ], "notActions": [ "Microsoft.ApiManagement/service/users/keys/read" ], "dataActions": [], "notDataActions": [] } ], "createdOn": "2016-11-09T00:26:45.1540473Z", "updatedOn": "2017-01-23T23:10:34.8876776Z", "createdBy": null, "updatedBy": null }, "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/71522526-b88f-4d52-b57f-d31fc3546d0d", "type": "Microsoft.Authorization/roleDefinitions", "name": "71522526-b88f-4d52-b57f-d31fc3546d0d" }, { "properties": { "roleName": "Application Insights Component Contributor", "type": "BuiltInRole", "description": "Can manage Application Insights components", "assignableScopes": [ "/" ], "permissions": [ { "actions": [ "Microsoft.Authorization//read", "Microsoft.Insights/alertRules/", "Microsoft.Insights/components/", "Microsoft.Insights/webtests/", "Microsoft.ResourceHealth/availabilityStatuses/read", "Microsoft.Resources/deployments/", "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Support/" ], "notActions": [], "dataActions": [], "notDataActions": [] } ], "createdOn": "0001-01-01T08:00:00Z", "updatedOn": "2016-11-29T20:30:34.2313394Z", "createdBy": null, "updatedBy": null }, "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/ae349356-3a1b-4a5e-921d-050484c6347e", "type": "Microsoft.Authorization/roleDefinitions", "name": "ae349356-3a1b-4a5e-921d-050484c6347e" }, { "properties": { "roleName": "Application Insights Snapshot Debugger", "type": "BuiltInRole", "description": "Gives user permission to use Application Insights Snapshot Debugger features", "assignableScopes": [ "/" ], "permissions": [ { "actions": [ "Microsoft.Authorization//read", "Microsoft.Insights/alertRules/", "Microsoft.Insights/components//read", "Microsoft.Resources/deployments/", "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Support/" ], "notActions": [], "dataActions": [], "notDataActions": [] } ], "createdOn": "2017-04-19T21:25:12.3728747Z", "updatedOn": "2017-04-19T23:34:59.9511581Z", "createdBy": null, "updatedBy": null }, "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/08954f03-6346-4c2e-81c0-ec3a5cfae23b", "type": "Microsoft.Authorization/roleDefinitions", "name": "08954f03-6346-4c2e-81c0-ec3a5cfae23b" }, { "properties": { "roleName": "Automation Job Operator", "type": "BuiltInRole", "description": "Create and Manage Jobs using Automation Runbooks.", "assignableScopes": [ "/" ], "permissions": [ { "actions": [ "Microsoft.Authorization//read", "Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read", "Microsoft.Automation/automationAccounts/jobs/read", "Microsoft.Automation/automationAccounts/jobs/resume/action", "Microsoft.Automation/automationAccounts/jobs/stop/action", "Microsoft.Automation/automationAccounts/jobs/streams/read", "Microsoft.Automation/automationAccounts/jobs/suspend/action", "Microsoft.Automation/automationAccounts/jobs/write", "Microsoft.Automation/automationAccounts/jobs/output/read", "Microsoft.Insights/alertRules/", "Microsoft.Resources/deployments/", "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Support/" ], "notActions": [], "dataActions": [], "notDataActions": [] } ], "createdOn": "2017-04-19T20:52:41.0020018Z", "updatedOn": "2018-08-14T22:08:48.1147327Z", "createdBy": null, "updatedBy": null }, "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/4fe576fe-1146-4730-92eb-48519fa6bf9f", "type": "Microsoft.Authorization/roleDefinitions", "name": "4fe576fe-1146-4730-92eb-48519fa6bf9f" }, { "properties": { "roleName": "Automation Operator", "type": "BuiltInRole", "description": "Automation Operators are able to start, stop, suspend, and resume jobs", "assignableScopes": [ "/" ], "permissions": [ { "actions": [ "Microsoft.Authorization//read", "Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read", "Microsoft.Automation/automationAccounts/jobs/read", "Microsoft.Automation/automationAccounts/jobs/resume/action", "Microsoft.Automation/automationAccounts/jobs/stop/action", "Microsoft.Automation/automationAccounts/jobs/streams/read", "Microsoft.Automation/automationAccounts/jobs/suspend/action", "Microsoft.Automation/automationAccounts/jobs/write", "Microsoft.Automation/automationAccounts/jobSchedules/read", "Microsoft.Automation/automationAccounts/jobSchedules/write", "Microsoft.Automation/automationAccounts/linkedWorkspace/read", "Microsoft.Automation/automationAccounts/read", "Microsoft.Automation/automationAccounts/runbooks/read", "Microsoft.Automation/automationAccounts/schedules/read", "Microsoft.Automation/automationAccounts/schedules/write", "Microsoft.Insights/alertRules/", "Microsoft.ResourceHealth/availabilityStatuses/read", "Microsoft.Resources/deployments/", "Microsoft.Automation/automationAccounts/jobs/output/read", "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Support/" ], "notActions": [], "dataActions": [], "notDataActions": [] } ], "createdOn": "2015-08-18T01:05:03.391613Z", "updatedOn": "2018-05-10T20:12:39.69782Z", "createdBy": null, "updatedBy": null }, "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/d3881f73-407a-4167-8283-e981cbba0404", "type": "Microsoft.Authorization/roleDefinitions", "name": "d3881f73-407a-4167-8283-e981cbba0404" }, { "properties": { "roleName": "Automation Runbook Operator", "type": "BuiltInRole", "description": "Read Runbook properties - to be able to create Jobs of the runbook.", "assignableScopes": [ "/" ], "permissions": [ { "actions": [ "Microsoft.Authorization//read", "Microsoft.Automation/automationAccounts/runbooks/read", "Microsoft.Insights/alertRules/", "Microsoft.Resources/deployments/", "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Support/" ], "notActions": [], "dataActions": [], "notDataActions": [] } ], "createdOn": "2017-04-19T20:47:49.5640674Z", "updatedOn": "2017-04-25T01:00:45.6444999Z", "createdBy": null, "updatedBy": null }, "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/5fb5aef8-1081-4b8e-bb16-9d5d0385bab5", "type": "Microsoft.Authorization/roleDefinitions", "name": "5fb5aef8-1081-4b8e-bb16-9d5d0385bab5" }, { "properties": { "roleName": "Azure Kubernetes Service Cluster Admin Role", "type": "BuiltInRole", "description": "List cluster admin credential action.", "assignableScopes": [ "/" ], "permissions": [ { "actions": [ "Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action" ], "notActions": [], "dataActions": [], "notDataActions": [] } ], "createdOn": "2018-08-15T21:38:18.5953853Z", "updatedOn": "2018-08-15T21:47:19.4427524Z", "createdBy": null, "updatedBy": null }, "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8", "type": "Microsoft.Authorization/roleDefinitions", "name": "0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8" }, { "properties": { "roleName": "Azure Kubernetes Service Cluster User Role", "type": "BuiltInRole", "description": "List cluster user credential action.", "assignableScopes": [ "/" ], "permissions": [ { "actions": [ "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action" ], "notActions": [], "dataActions": [], "notDataActions": [] } ], "createdOn": "2018-08-15T22:04:53.4037241Z", "updatedOn": "2018-08-15T22:06:51.5961392Z", "createdBy": null, "updatedBy": null }, "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/4abbcc35-e782-43d8-92c5-2d3f1bd2253f", "type": "Microsoft.Authorization/roleDefinitions", "name": "4abbcc35-e782-43d8-92c5-2d3f1bd2253f" }, { "properties": { "roleName": "Azure Maps Data Reader (Preview)", "type": "BuiltInRole", "description": "Grants access to read map related data from an Azure maps account.", "assignableScopes": [ "/" ], "permissions": [ { "actions": [], "notActions": [], "dataActions": [ "Microsoft.Maps/accounts/data/read" ], "notDataActions": [] } ], "createdOn": "2018-10-05T19:47:03.472307Z", "updatedOn": "2018-10-05T19:48:52.8066321Z", "createdBy": null, "updatedBy": null }, "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/423170ca-a8f6-4b0f-8487-9e4eb8f49bfa", "type": "Microsoft.Authorization/roleDefinitions", "name": "423170ca-a8f6-4b0f-8487-9e4eb8f49bfa" }, { "properties": { "roleName": "Azure Stack Registration Owner", "type": "BuiltInRole", "description": "Lets you manage Azure Stack registrations.", "assignableScopes": [ "/" ], "permissions": [ { "actions": [ "Microsoft.AzureStack/registrations/products/listDetails/action", "Microsoft.AzureStack/registrations/products/read", "Microsoft.AzureStack/registrations/read" ], "notActions": [], "dataActions": [], "notDataActions": [] } ], "createdOn": "2017-11-13T23:42:06.2161827Z", "updatedOn": "2017-11-13T23:54:02.400708Z", "createdBy": null, "updatedBy": null }, "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/6f12a6df-dd06-4f3e-bcb1-ce8be600526a", "type": "Microsoft.Authorization/roleDefinitions", "name": "6f12a6df-dd06-4f3e-bcb1-ce8be600526a" }, { "properties": { "roleName": "Backup Contributor", "type": "BuiltInRole", "description": "Lets you manage backup service,but can't create vaults and give access to others", "assignableScopes": [ "/" ], "permissions": [ { "actions": [ "Microsoft.Authorization//read", "Microsoft.Network/virtualNetworks/read", "Microsoft.RecoveryServices/locations/", "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/", "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/", "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action", "Microsoft.RecoveryServices/Vaults/backupJobs/", "Microsoft.RecoveryServices/Vaults/backupJobsExport/action", "Microsoft.RecoveryServices/Vaults/backupJobsExport/operationResults/read", "Microsoft.RecoveryServices/Vaults/backupManagementMetaData/", "Microsoft.RecoveryServices/Vaults/backupOperationResults/", "Microsoft.RecoveryServices/Vaults/backupPolicies/", "Microsoft.RecoveryServices/Vaults/backupProtectableItems/", "Microsoft.RecoveryServices/Vaults/backupProtectedItems/", "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/", "Microsoft.RecoveryServices/Vaults/backupSecurityPIN/", "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read", "Microsoft.RecoveryServices/Vaults/certificates/", "Microsoft.RecoveryServices/Vaults/extendedInformation/", "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read", "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/", "Microsoft.RecoveryServices/Vaults/read", "Microsoft.RecoveryServices/Vaults/registeredIdentities/", "Microsoft.RecoveryServices/Vaults/usages/", "Microsoft.Resources/deployments/", "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Storage/storageAccounts/read", "Microsoft.RecoveryServices/Vaults/backupstorageconfig/", "Microsoft.RecoveryServices/Vaults/backupconfig/", "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action", "Microsoft.RecoveryServices/Vaults/write", "Microsoft.RecoveryServices/Vaults/backupOperations/read", "Microsoft.RecoveryServices/Vaults/backupEngines/read", "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/", "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read", "Microsoft.RecoveryServices/locations/backupStatus/action", "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action", "Microsoft.RecoveryServices/locations/backupValidateFeatures/action", "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write", "Microsoft.RecoveryServices/operations/read", "Microsoft.RecoveryServices/locations/operationStatus/read", "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read", "Microsoft.Support/" ], "notActions": [], "dataActions": [], "notDataActions": [] } ], "createdOn": "2017-01-03T13:12:15.7321344Z", "updatedOn": "2018-10-17T13:36:21.1616745Z", "createdBy": null, "updatedBy": null }, "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b", "type": "Microsoft.Authorization/roleDefinitions", "name": "5e467623-bb1f-42f4-a55d-6e525e11384b" }, { "properties": { "roleName": "Backup Operator", "type": "BuiltInRole", "description": "Lets you manage backup services, except removal of backup, vault creation and giving access to others", "assignableScopes": [ "/" ], "permissions": [ { "actions": [ "Microsoft.Authorization//read", "Microsoft.Network/virtualNetworks/read", "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read", "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read", "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action", "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read", "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read", "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read", "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action", "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read", "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action", "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action", "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write", "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read", "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action", "Microsoft.RecoveryServices/Vaults/backupJobs/", "Microsoft.RecoveryServices/Vaults/backupJobsExport/action", "Microsoft.RecoveryServices/Vaults/backupJobsExport/operationResults/read", "Microsoft.RecoveryServices/Vaults/backupManagementMetaData/read", "Microsoft.RecoveryServices/Vaults/backupOperationResults/", "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read", "Microsoft.RecoveryServices/Vaults/backupPolicies/read", "Microsoft.RecoveryServices/Vaults/backupProtectableItems/", "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read", "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read", "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read", "Microsoft.RecoveryServices/Vaults/certificates/write", "Microsoft.RecoveryServices/Vaults/extendedInformation/read", "Microsoft.RecoveryServices/Vaults/extendedInformation/write", "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read", "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/", "Microsoft.RecoveryServices/Vaults/read", "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read", "Microsoft.RecoveryServices/Vaults/registeredIdentities/read", "Microsoft.RecoveryServices/Vaults/registeredIdentities/write", "Microsoft.RecoveryServices/Vaults/usages/read", "Microsoft.Resources/deployments/", "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Storage/storageAccounts/read", "Microsoft.RecoveryServices/Vaults/backupstorageconfig/", "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action", "Microsoft.RecoveryServices/Vaults/backupOperations/read", "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read", "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write", "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action", "Microsoft.RecoveryServices/Vaults/backupEngines/read", "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write", "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read", "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read", "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read", "Microsoft.RecoveryServices/locations/backupStatus/action", "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action", "Microsoft.RecoveryServices/locations/backupValidateFeatures/action", "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write", "Microsoft.RecoveryServices/operations/read", "Microsoft.RecoveryServices/locations/operationStatus/read", "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read", "Microsoft.Support/" ], "notActions": [], "dataActions": [], "notDataActions": [] } ], "createdOn": "2017-01-03T13:21:11.894764Z", "updatedOn": "2018-10-17T13:35:18.6198865Z", "createdBy": null, "updatedBy": null }, "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/00c29273-979b-4161-815c-10b084fb9324", "type": "Microsoft.Authorization/roleDefinitions", "name": "00c29273-979b-4161-815c-10b084fb9324" }, { "properties": { "roleName": "Backup Reader", "type": "BuiltInRole", "description": "Can view backup services, but can't make changes", "assignableScopes": [ "/" ], "permissions": [ { "actions": [ "Microsoft.Authorization//read", "Microsoft.RecoveryServices/locations/allocatedStamp/read", "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read", "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read", "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read", "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read", "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read", "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read", "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read", "Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/read", "Microsoft.RecoveryServices/Vaults/backupJobs/read", "Microsoft.RecoveryServices/Vaults/backupJobsExport/action", "Microsoft.RecoveryServices/Vaults/backupJobsExport/operationResults/read", "Microsoft.RecoveryServices/Vaults/backupManagementMetaData/read", "Microsoft.RecoveryServices/Vaults/backupOperationResults/read", "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read", "Microsoft.RecoveryServices/Vaults/backupPolicies/read", "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read", "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read", "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read", "Microsoft.RecoveryServices/Vaults/extendedInformation/read", "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read", "Microsoft.RecoveryServices/Vaults/read", "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read", "Microsoft.RecoveryServices/Vaults/registeredIdentities/read", "Microsoft.RecoveryServices/Vaults/backupstorageconfig/read", "Microsoft.RecoveryServices/Vaults/backupconfig/read", "Microsoft.RecoveryServices/Vaults/backupOperations/read", "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read", "Microsoft.RecoveryServices/Vaults/backupEngines/read", "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read", "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read", "Microsoft.RecoveryServices/locations/backupStatus/action", "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/", "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write", "Microsoft.RecoveryServices/operations/read", "Microsoft.RecoveryServices/locations/operationStatus/read", "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read", "Microsoft.RecoveryServices/Vaults/usages/read" ], "notActions": [], "dataActions": [], "notDataActions": [] } ], "createdOn": "2017-01-03T13:18:41.3893065Z", "updatedOn": "2018-10-17T13:32:59.2941632Z", "createdBy": null, "updatedBy": null }, "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/a795c7a0-d4a2-40c1-ae25-d81f01202912", "type": "Microsoft.Authorization/roleDefinitions", "name": "a795c7a0-d4a2-40c1-ae25-d81f01202912" }, { "properties": { "roleName": "Billing Reader", "type": "BuiltInRole", "description": "Lets you read billing data", "assignableScopes": [ "/" ], "permissions": [ { "actions": [ "Microsoft.Authorization//read", "Microsoft.Billing//read", "Microsoft.Commerce//read", "Microsoft.Consumption//read", "Microsoft.Management/managementGroups/read", "Microsoft.CostManagement//read", "Microsoft.Support/" ], "notActions": [], "dataActions": [], "notDataActions": [] } ], "createdOn": "2017-04-25T02:13:38.9054151Z", "updatedOn": "2018-09-26T17:45:09.2227236Z", "createdBy": null, "updatedBy": null }, "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64", "type": "Microsoft.Authorization/roleDefinitions", "name": "fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64" }, { "properties": { "roleName": "BizTalk Contributor", "type": "BuiltInRole", "description": "Lets you manage BizTalk services, but not access to them.", "assignableScopes": [ "/" ], "permissions": [ { "actions": [ "Microsoft.Authorization//read", "Microsoft.BizTalkServices/BizTalk/", "Microsoft.Insights/alertRules/", "Microsoft.ResourceHealth/availabilityStatuses/read", "Microsoft.Resources/deployments/", "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Support/" ], "notActions": [], "dataActions": [], "notDataActions": [] } ], "createdOn": "0001-01-01T08:00:00Z", "updatedOn": "2016-05-31T23:13:55.8430061Z", "createdBy": null, "updatedBy": null }, "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/5e3c6656-6cfa-4708-81fe-0de47ac73342", "type": "Microsoft.Authorization/roleDefinitions", "name": "5e3c6656-6cfa-4708-81fe-0de47ac73342" }, { "properties": { "roleName": "CDN Endpoint Contributor", "type": "BuiltInRole", "description": "Can manage CDN endpoints, but can’t grant access to other users.", "assignableScopes": [ "/" ], "permissions": [ { "actions": [ "Microsoft.Authorization//read", "Microsoft.Cdn/edgenodes/read", "Microsoft.Cdn/operationresults/", "Microsoft.Cdn/profiles/endpoints/", "Microsoft.Insights/alertRules/", "Microsoft.Resources/deployments/", "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Support/" ], "notActions": [], "dataActions": [], "notDataActions": [] } ], "createdOn": "2016-01-23T02:48:46.4996252Z", "updatedOn": "2016-05-31T23:13:52.6231539Z", "createdBy": null, "updatedBy": null }, "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/426e0c7f-0c7e-4658-b36f-ff54d6c29b45", "type": "Microsoft.Authorization/roleDefinitions", "name": "426e0c7f-0c7e-4658-b36f-ff54d6c29b45" }, { "properties": { "roleName": "CDN Endpoint Reader", "type": "BuiltInRole", "description": "Can view CDN endpoints, but can’t make changes.", "assignableScopes": [ "/" ], "permissions": [ { "actions": [ "Microsoft.Authorization//read", "Microsoft.Cdn/edgenodes/read", "Microsoft.Cdn/operationresults/", "Microsoft.Cdn/profiles/endpoints//read", "Microsoft.Insights/alertRules/", "Microsoft.Resources/deployments/", "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Support/" ], "notActions": [], "dataActions": [], "notDataActions": [] } ], "createdOn": "2016-01-23T02:48:46.4996252Z", "updatedOn": "2016-05-31T23:13:53.1585846Z", "createdBy": null, "updatedBy": null }, "id": "/subscriptions/c36c3336-1b80-461f-afc6-0e794a55dfc9/providers/Microsoft.Authorization/roleDefinitions/871e35f6-b5c1-49cc-a043-bde969a0f2cd", "type": "Microsoft.Authorization/roleDefinitions", "name": "871e35f6-b5c1-49cc-a043-bde969a0f2cd" }, { "properties": { "roleName": "CDN Profile Contributor", "type": "BuiltInRole", "description": "Can manage CDN profiles and their endpoints, but can’t grant access to other users.", "assignableScopes": [ "/" ], "permissions": [ { "actions": [ "Microsoft.Authorization//read", "Microsoft.Cdn/edgenodes/read", "Microsoft.Cdn/operationresults/", "Microsoft.Cdn/profiles/", "Microsoft.Insights/alertRules/", "Microsoft.Resources/deployments/", "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Support/" ], "notActions": [],

darshanhs90 commented 5 years ago

@sneivandt Is looking in to fixing this

darshanhs90 commented 5 years ago

Closing this issue as it is fixed in https://github.com/Azure/azure-powershell/pull/7743