Azure Custom Role Definitions and Assignment Scopes
Working with custom Role Definitions in Azure can be a funny thing. Interestingly, when reviewing the Azure Active Directory user interface in Azure Portal you will not find a way to query all available role definitions. If you query the Roles and Administrators view you will only see administrator roles: With a PowerShell cmdlet you are able to list all. Get-AzRoleDefinition | select name | sort name | ft results in something like the following: Name ---- AcrDelete AcrImageSigner AcrPull AcrPush AcrQuarantineReader AcrQuarantineWriter API Management Service Contributor API Management Service Operator Role API Management Service Reader Role App Configuration Data Owner ... But are these really all the role definitions out there? Obviously not! This list is scoped to the subscription you are currently targeting with your current Azure Context. In order for you to try out yourself, just create a couple of role definitions with various assignment scopes. Assuming you have owne...