This is set of resources that the access applies to
Role Assignment
This is the process of attaching a role definition to a user/group/service prinicipal/managed identity at a particular scope for the purpose of granting access.
Exercise: Give the Reader Access at the subscription level to the Developers Group
Understanding Azure Role Definitions
Role definition has some properties
Sample built in role defintion for Contributor in JSON Format
{
"id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
"properties": {
"roleName": "Contributor",
"description": "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"*"
],
"notActions": [
"Microsoft.Authorization/*/Delete",
"Microsoft.Authorization/*/Write",
"Microsoft.Authorization/elevateAccess/Action",
"Microsoft.Blueprint/blueprintAssignments/write",
"Microsoft.Blueprint/blueprintAssignments/delete",
"Microsoft.Compute/galleries/share/action"
],
"dataActions": [],
"notDataActions": []
}
]
}
}