Azure Role-Based Access Control (RBAC) comes with the following built-in roles that can be assigned to users, groups, and services.
NOTE: You cannot modify the definitions of these built-in roles.
| Role name | Description |
|---|---|
| API Management Service Contributor | Can manage API Management services |
| Application Insights Component Contributor | Can manage Application Insights components |
| Automation Operator | Able to start, stop, suspend, and resume jobs |
| BizTalk Contributor | Can manage BizTalk services |
| ClearDB MySQL DB Contributor | Can manage ClearDB MySQL databases |
| Contributor | Can manage everything except access. |
| Data Factory Contributor | Can create and manage data factories, and child resources within them. |
| DevTest Labs User | Can view everything and connect, start, restart, and shutdown virtual machines |
| DNS Zone Contributor | Can manage DNS zones and records |
| DocumentDB Account Contributor | Can manage DocumentDB accounts |
| Intelligent Systems Account Contributor | Can manage Intelligent Systems accounts |
| Network Contributor | Can manage all network resources |
| New Relic APM Account Contributor | Can manage New Relic Application Performance Management accounts and applications |
| Owner | Can manage everything, including access |
| Reader | Can view everything, but can’t make changes |
| Redis Cache Contributor | Can manage Redis caches |
| Scheduler Job Collections Contributor | Can manage scheduler job collections |
| Search Service Contributor | Can manage search services |
| Security Manager | Can manage security components, security policies, and virtual machines |
| SQL DB Contributor | Can manage SQL databases, but not their security-related policies |
| SQL Security Manager | Can manage the security-related policies of SQL servers and databases |
| SQL Server Contributor | Can manage SQL servers and databases, but not their security-related policies |
| Classic Storage Account Contributor | Can manage classic storage accounts |
| Storage Account Contributor | Can manage storage accounts |
| User Access Administrator | Can manage user access to Azure resources |
| Classic Virtual Machine Contributor | Can manage classic virtual machines, but not the virtual network or storage account to which they are connected |
| Virtual Machine Contributor | Can manage virtual machines, but not the virtual network or storage account to which they are connected |
| Classic Network Contributor | Can manage classic virtual networks and reserved IPs |
| Web Plan Contributor | Can manage web plans |
| Website Contributor | Can manage websites, but not the web plans to which they are connected |
For further information, please refer to the Azure documentation.
AzureMentor 