Azure permissions for DevOps
This article lists the permissions for the Azure resource providers in the DevOps category. You can use these permissions in your own Azure custom roles to provide granular access control to resources in Azure. Permission strings have the following format: {Company}.{ProviderName}/{resourceType}/{action}
Microsoft.Chaos
| Action | Description |
|---|---|
| Microsoft.Chaos/register/action | Registers the subscription for the Chaos Resource Provider and enables the creation of Chaos resources. |
| Microsoft.Chaos/unregister/action | Unregisters the subscription for the Chaos Resource Provider and enables the creation of Chaos resources. |
| Microsoft.Chaos/experiments/write | Creates or updates a Chaos Experiment resource in a resource group. |
| Microsoft.Chaos/experiments/delete | Deletes a Chaos Experiment resource in a resource group. |
| Microsoft.Chaos/experiments/read | Gets all Chaos Experiments in a resource group. |
| Microsoft.Chaos/experiments/start/action | Starts a Chaos Experiment to inject faults. |
| Microsoft.Chaos/experiments/cancel/action | Cancels a running Chaos Experiment to stop the fault injection. |
| Microsoft.Chaos/experiments/executions/read | Gets all chaos experiment executions for a given chaos experiment. |
| Microsoft.Chaos/experiments/executions/getExecutionDetails/action | Gets details of a chaos experiment execution for a given chaos experiment. |
| Microsoft.Chaos/locations/operationResults/read | Gets an Operation Result. |
| Microsoft.Chaos/locations/operationStatuses/read | Gets an Operation Status. |
| Microsoft.Chaos/locations/targetTypes/read | Gets all TargetTypes. |
| Microsoft.Chaos/locations/targetTypes/capabilityTypes/read | Gets all CapabilityType. |
| Microsoft.Chaos/operations/read | Read the available Operations for Chaos Studio. |
| Microsoft.Chaos/skus/read | Read the available SKUs for Chaos Studio. |
| Microsoft.Chaos/targets/write | Creates or update a Target resource that extends a tracked resource. |
| Microsoft.Chaos/targets/delete | Deletes a Target resource that extends a tracked resource. |
| Microsoft.Chaos/targets/read | Gets all Targets that extend a tracked resource. |
| Microsoft.Chaos/targets/capabilities/write | Creates or update a Capability resource that extends a Target resource. |
| Microsoft.Chaos/targets/capabilities/delete | Deletes a Capability resource that extends a Target resource. |
| Microsoft.Chaos/targets/capabilities/read | Gets all Capabilities that extend a Target resource. |
Microsoft.LabServices
Set up labs for classrooms, trials, development and testing, and other scenarios.
| Action | Description |
|---|---|
| Microsoft.LabServices/register/action | Register the subscription with the Lab Services provider and enable the creation of labs. |
| Microsoft.LabServices/unregister/action | Unregister the subscription with the Lab Services provider. |
| Microsoft.LabServices/labAccounts/delete | Delete lab accounts. |
| Microsoft.LabServices/labAccounts/read | Read lab accounts. |
| Microsoft.LabServices/labAccounts/write | Add or modify lab accounts. |
| Microsoft.LabServices/labAccounts/CreateLab/action | Create a lab in a lab account. |
| Microsoft.LabServices/labAccounts/GetRegionalAvailability/action | Get regional availability information for each size category configured under a lab account |
| Microsoft.LabServices/labAccounts/GetPricingAndAvailability/action | Get the pricing and availability of combinations of sizes, geographies, and operating systems for the lab account. |
| Microsoft.LabServices/labAccounts/GetRestrictionsAndUsage/action | Get core restrictions and usage for this subscription |
| Microsoft.LabServices/labAccounts/galleryImages/delete | Delete gallery images. |
| Microsoft.LabServices/labAccounts/galleryImages/read | Read gallery images. |
| Microsoft.LabServices/labAccounts/galleryImages/write | Add or modify gallery images. |
| Microsoft.LabServices/labAccounts/labs/delete | Delete labs. |
| Microsoft.LabServices/labAccounts/labs/read | Read labs. |
| Microsoft.LabServices/labAccounts/labs/write | Add or modify labs. |
| Microsoft.LabServices/labAccounts/labs/AddUsers/action | Add users to a lab |
| Microsoft.LabServices/labAccounts/labs/SendEmail/action | Send email with registration link to the lab |
| Microsoft.LabServices/labAccounts/labs/GetLabPricingAndAvailability/action | Get the pricing per lab unit for this lab and the availability which indicates if this lab can scale up. |
| Microsoft.LabServices/labAccounts/labs/SyncUserList/action | Syncs the changes from the AAD group to the userlist |
| Microsoft.LabServices/labAccounts/labs/environmentSettings/delete | Delete environment setting. |
| Microsoft.LabServices/labAccounts/labs/environmentSettings/read | Read environment setting. |
| Microsoft.LabServices/labAccounts/labs/environmentSettings/write | Add or modify environment setting. |
| Microsoft.LabServices/labAccounts/labs/environmentSettings/Publish/action | Provisions/deprovisions required resources for an environment setting based on current state of the lab/environment setting. |
| Microsoft.LabServices/labAccounts/labs/environmentSettings/Start/action | Starts a template by starting all resources inside the template. |
| Microsoft.LabServices/labAccounts/labs/environmentSettings/Stop/action | Stops a template by stopping all resources inside the template. |
| Microsoft.LabServices/labAccounts/labs/environmentSettings/SaveImage/action | Saves current template image to the shared gallery in the lab account |
| Microsoft.LabServices/labAccounts/labs/environmentSettings/ResetPassword/action | Resets password on the template virtual machine. |
| Microsoft.LabServices/labAccounts/labs/environmentSettings/environments/delete | Delete environments. |
| Microsoft.LabServices/labAccounts/labs/environmentSettings/environments/read | Read environments. |
| Microsoft.LabServices/labAccounts/labs/environmentSettings/environments/Start/action | Starts an environment by starting all resources inside the environment. |
| Microsoft.LabServices/labAccounts/labs/environmentSettings/environments/Stop/action | Stops an environment by stopping all resources inside the environment |
| Microsoft.LabServices/labAccounts/labs/environmentSettings/environments/ResetPassword/action | Resets the user password on an environment |
| Microsoft.LabServices/labAccounts/labs/environmentSettings/schedules/delete | Delete schedules. |
| Microsoft.LabServices/labAccounts/labs/environmentSettings/schedules/read | Read schedules. |
| Microsoft.LabServices/labAccounts/labs/environmentSettings/schedules/write | Add or modify schedules. |
| Microsoft.LabServices/labAccounts/labs/users/delete | Delete users. |
| Microsoft.LabServices/labAccounts/labs/users/read | Read users. |
| Microsoft.LabServices/labAccounts/labs/users/write | Add or modify users. |
| Microsoft.LabServices/labAccounts/sharedGalleries/delete | Delete sharedgalleries. |
| Microsoft.LabServices/labAccounts/sharedGalleries/read | Read sharedgalleries. |
| Microsoft.LabServices/labAccounts/sharedGalleries/write | Add or modify sharedgalleries. |
| Microsoft.LabServices/labAccounts/sharedImages/delete | Delete sharedimages. |
| Microsoft.LabServices/labAccounts/sharedImages/read | Read sharedimages. |
| Microsoft.LabServices/labAccounts/sharedImages/write | Add or modify sharedimages. |
| Microsoft.LabServices/labPlans/read | Get the properties of a lab plan. |
| Microsoft.LabServices/labPlans/write | Create new or update an existing lab plan. |
| Microsoft.LabServices/labPlans/delete | Delete the lab plan. |
| Microsoft.LabServices/labPlans/saveImage/action | Create an image from a virtual machine in the gallery attached to the lab plan. |
| Microsoft.LabServices/labPlans/images/read | Get the properties of an image. |
| Microsoft.LabServices/labPlans/images/write | Enable or disable a marketplace or gallery image. |
| Microsoft.LabServices/labs/read | Get the properties of a lab. |
| Microsoft.LabServices/labs/write | Create new or update an existing lab. |
| Microsoft.LabServices/labs/delete | Delete the lab and all its users, schedules and virtual machines. |
| Microsoft.LabServices/labs/publish/action | Publish a lab by propagating image of the template virtual machine to all virtual machines in the lab. |
| Microsoft.LabServices/labs/syncGroup/action | Updates the list of users from the Active Directory group assigned to the lab. |
| Microsoft.LabServices/labs/schedules/read | Get the properties of a schedule. |
| Microsoft.LabServices/labs/schedules/write | Create new or update an existing schedule. |
| Microsoft.LabServices/labs/schedules/delete | Delete the schedule. |
| Microsoft.LabServices/labs/users/read | Get the properties of a user. |
| Microsoft.LabServices/labs/users/write | Create new or update an existing user. |
| Microsoft.LabServices/labs/users/delete | Delete the user. |
| Microsoft.LabServices/labs/users/invite/action | Send email invitation to a user to join the lab. |
| Microsoft.LabServices/labs/virtualMachines/read | Get the properties of a virtual machine. |
| Microsoft.LabServices/labs/virtualMachines/start/action | Start a virtual machine. |
| Microsoft.LabServices/labs/virtualMachines/stop/action | Stop and deallocate a virtual machine. |
| Microsoft.LabServices/labs/virtualMachines/reimage/action | Reimage a virtual machine to the last published image. |
| Microsoft.LabServices/labs/virtualMachines/redeploy/action | Redeploy a virtual machine to a different compute node. |
| Microsoft.LabServices/labs/virtualMachines/resetPassword/action | Reset local user's password on a virtual machine. |
| Microsoft.LabServices/locations/operationResults/read | Get the properties and status of an asynchronous operation. |
| Microsoft.LabServices/locations/operations/read | Read operations. |
| Microsoft.LabServices/locations/usages/read | Get Usage in a location |
| Microsoft.LabServices/skus/read | Get the properties of a Lab Services SKU. |
| Microsoft.LabServices/users/Register/action | Register a user to a managed lab |
| Microsoft.LabServices/users/ListAllEnvironments/action | List all Environments for the user |
| Microsoft.LabServices/users/StartEnvironment/action | Starts an environment by starting all resources inside the environment. |
| Microsoft.LabServices/users/StopEnvironment/action | Stops an environment by stopping all resources inside the environment |
| Microsoft.LabServices/users/ResetPassword/action | Resets the user password on an environment |
| Microsoft.LabServices/users/UserSettings/action | Updates and returns personal user settings. |
| DataAction | Description |
| Microsoft.LabServices/labPlans/createLab/action | Create a new lab from a lab plan. |
Microsoft.SecurityDevOps
Azure service: Microsoft Defender for Cloud
| Action | Description |
|---|---|
| Microsoft.SecurityDevOps/register/action | Register the subscription for Microsoft.SecurityDevOps |
| Microsoft.SecurityDevOps/unregister/action | Unregister the subscription for Microsoft.SecurityDevOps |
| Microsoft.SecurityDevOps/azureDevOpsConnectors/read | read azureDevOpsConnectors |
| Microsoft.SecurityDevOps/azureDevOpsConnectors/read | read azureDevOpsConnectors |
| Microsoft.SecurityDevOps/azureDevOpsConnectors/write | write azureDevOpsConnectors |
| Microsoft.SecurityDevOps/azureDevOpsConnectors/delete | delete azureDevOpsConnectors |
| Microsoft.SecurityDevOps/azureDevOpsConnectors/write | write azureDevOpsConnectors |
| Microsoft.SecurityDevOps/azureDevOpsConnectors/configure/action | action configure |
| Microsoft.SecurityDevOps/azureDevOpsConnectors/read | read azureDevOpsConnectors |
| Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/read | read orgs |
| Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/write | write orgs |
| Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/write | write orgs |
| Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/read | read orgs |
| Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/read | read projects |
| Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/write | write projects |
| Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/write | write projects |
| Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/read | read projects |
| Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/repos/read | read repos |
| Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/repos/write | write repos |
| Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/repos/write | write repos |
| Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/repos/read | read repos |
| Microsoft.SecurityDevOps/azureDevOpsConnectors/repos/read | read repos |
| Microsoft.SecurityDevOps/azureDevOpsConnectors/stats/read | read stats |
| Microsoft.SecurityDevOps/gitHubConnectors/read | read gitHubConnectors |
| Microsoft.SecurityDevOps/gitHubConnectors/read | read gitHubConnectors |
| Microsoft.SecurityDevOps/gitHubConnectors/write | write gitHubConnectors |
| Microsoft.SecurityDevOps/gitHubConnectors/delete | delete gitHubConnectors |
| Microsoft.SecurityDevOps/gitHubConnectors/write | write gitHubConnectors |
| Microsoft.SecurityDevOps/gitHubConnectors/configure/action | action configure |
| Microsoft.SecurityDevOps/gitHubConnectors/read | read gitHubConnectors |
| Microsoft.SecurityDevOps/gitHubConnectors/gitHubInstallations/read | read gitHubInstallations |
| Microsoft.SecurityDevOps/gitHubConnectors/gitHubInstallations/read | read gitHubInstallations |
| Microsoft.SecurityDevOps/gitHubConnectors/gitHubInstallations/gitHubRepositories/read | read gitHubRepositories |
| Microsoft.SecurityDevOps/gitHubConnectors/gitHubInstallations/gitHubRepositories/read | read gitHubRepositories |
| Microsoft.SecurityDevOps/gitHubConnectors/owners/read | read owners |
| Microsoft.SecurityDevOps/gitHubConnectors/owners/read | read owners |
| Microsoft.SecurityDevOps/gitHubConnectors/owners/write | write owners |
| Microsoft.SecurityDevOps/gitHubConnectors/owners/write | write owners |
| Microsoft.SecurityDevOps/gitHubConnectors/owners/repos/read | read repos |
| Microsoft.SecurityDevOps/gitHubConnectors/owners/repos/read | read repos |
| Microsoft.SecurityDevOps/gitHubConnectors/owners/repos/write | write repos |
| Microsoft.SecurityDevOps/gitHubConnectors/owners/repos/write | write repos |
| Microsoft.SecurityDevOps/gitHubConnectors/repos/read | read repos |
| Microsoft.SecurityDevOps/gitHubConnectors/stats/read | read stats |
| Microsoft.SecurityDevOps/gitLabConnectors/read | read gitLabConnectors |
| Microsoft.SecurityDevOps/gitLabConnectors/read | read gitLabConnectors |
| Microsoft.SecurityDevOps/gitLabConnectors/write | write gitLabConnectors |
| Microsoft.SecurityDevOps/gitLabConnectors/delete | delete gitLabConnectors |
| Microsoft.SecurityDevOps/gitLabConnectors/write | write gitLabConnectors |
| Microsoft.SecurityDevOps/gitLabConnectors/configure/action | action configure |
| Microsoft.SecurityDevOps/gitLabConnectors/read | read gitLabConnectors |
| Microsoft.SecurityDevOps/gitLabConnectors/groups/read | read groups |
| Microsoft.SecurityDevOps/gitLabConnectors/groups/read | read groups |
| Microsoft.SecurityDevOps/gitLabConnectors/groups/write | write groups |
| Microsoft.SecurityDevOps/gitLabConnectors/groups/delete | delete groups |
| Microsoft.SecurityDevOps/gitLabConnectors/groups/write | write groups |
| Microsoft.SecurityDevOps/gitLabConnectors/groups/listSubgroups/action | action listSubgroups |
| Microsoft.SecurityDevOps/gitLabConnectors/groups/projects/read | read projects |
| Microsoft.SecurityDevOps/gitLabConnectors/groups/projects/read | read projects |
| Microsoft.SecurityDevOps/gitLabConnectors/groups/projects/write | write projects |
| Microsoft.SecurityDevOps/gitLabConnectors/groups/projects/delete | delete projects |
| Microsoft.SecurityDevOps/gitLabConnectors/groups/projects/write | write projects |
| Microsoft.SecurityDevOps/gitLabConnectors/projects/read | read projects |
| Microsoft.SecurityDevOps/gitLabConnectors/stats/read | read stats |
| Microsoft.SecurityDevOps/Locations/OperationStatuses/read | read OperationStatuses |
| Microsoft.SecurityDevOps/Locations/OperationStatuses/write | write OperationStatuses |
| Microsoft.SecurityDevOps/Operations/read | read Operations |
Microsoft.VisualStudio
The powerful and flexible environment for developing applications in the cloud.
Azure service: Azure DevOps
| Action | Description |
|---|---|
| Microsoft.VisualStudio/Register/Action | Register Azure Subscription with Microsoft.VisualStudio provider |
| Microsoft.VisualStudio/Account/Write | Set Account |
| Microsoft.VisualStudio/Account/Delete | Delete Account |
| Microsoft.VisualStudio/Account/Read | Read Account |
| Microsoft.VisualStudio/Account/Extension/Read | Read Account/Extension |
| Microsoft.VisualStudio/Account/Project/Read | Read Account/Project |
| Microsoft.VisualStudio/Account/Project/Write | Set Account/Project |
| Microsoft.VisualStudio/Extension/Write | Set Extension |
| Microsoft.VisualStudio/Extension/Delete | Delete Extension |
| Microsoft.VisualStudio/Extension/Read | Read Extension |
| Microsoft.VisualStudio/Project/Write | Set Project |
| Microsoft.VisualStudio/Project/Delete | Delete Project |
| Microsoft.VisualStudio/Project/Read | Read Project |