Azure Role-Based Access Control (RBAC) comes with the following built-in roles that can be assigned to users, groups, and services.
NOTE: You cannot modify the definitions of these built-in roles.
Role name | Description |
---|---|
API Management Service Contributor | Can manage API Management services |
Application Insights Component Contributor | Can manage Application Insights components |
Automation Operator | Able to start, stop, suspend, and resume jobs |
BizTalk Contributor | Can manage BizTalk services |
ClearDB MySQL DB Contributor | Can manage ClearDB MySQL databases |
Contributor | Can manage everything except access. |
Data Factory Contributor | Can create and manage data factories, and child resources within them. |
DevTest Labs User | Can view everything and connect, start, restart, and shutdown virtual machines |
DNS Zone Contributor | Can manage DNS zones and records |
DocumentDB Account Contributor | Can manage DocumentDB accounts |
Intelligent Systems Account Contributor | Can manage Intelligent Systems accounts |
Network Contributor | Can manage all network resources |
New Relic APM Account Contributor | Can manage New Relic Application Performance Management accounts and applications |
Owner | Can manage everything, including access |
Reader | Can view everything, but can’t make changes |
Redis Cache Contributor | Can manage Redis caches |
Scheduler Job Collections Contributor | Can manage scheduler job collections |
Search Service Contributor | Can manage search services |
Security Manager | Can manage security components, security policies, and virtual machines |
SQL DB Contributor | Can manage SQL databases, but not their security-related policies |
SQL Security Manager | Can manage the security-related policies of SQL servers and databases |
SQL Server Contributor | Can manage SQL servers and databases, but not their security-related policies |
Classic Storage Account Contributor | Can manage classic storage accounts |
Storage Account Contributor | Can manage storage accounts |
User Access Administrator | Can manage user access to Azure resources |
Classic Virtual Machine Contributor | Can manage classic virtual machines, but not the virtual network or storage account to which they are connected |
Virtual Machine Contributor | Can manage virtual machines, but not the virtual network or storage account to which they are connected |
Classic Network Contributor | Can manage classic virtual networks and reserved IPs |
Web Plan Contributor | Can manage web plans |
Website Contributor | Can manage websites, but not the web plans to which they are connected |
For further information, please refer to the Azure documentation.