{ "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "actions": { "type": "array", "defaultValue": [ "Microsoft.Billing/*/read", "Microsoft.Commerce/*/read", "Microsoft.Consumption/*/read", "Microsoft.Insights/*/read", "Microsoft.ResourceGraph/*/read", "Microsoft.Advisor/recommendations/read", "Microsoft.Web/kubeEnvironments/read", "Microsoft.Kubernetes/connectedClusters/read", "Microsoft.Kubernetes/RegisteredSubscriptions/read", "Microsoft.Resources/subscriptions/resourceGroups/read" ], "metadata": { "description": "Array of actions for the roleDefinition" } }, "notActions": { "type": "array", "defaultValue": [], "metadata": { "description": "Array of notActions for the roleDefinition" } }, "roleName": { "type": "string", "defaultValue": "Cloud Ctrl Read Only Role", "metadata": { "description": "Friendly name of the role definition" } }, "roleDescription": { "type": "string", "defaultValue": "Subscription Level Deployment of a Role Definition", "metadata": { "description": "Detailed description of the role definition" } }, "scopes": { "type": "array", "defaultValue": [], "metadata": { "description": "Array of notActions for the roleDefinition" } }, }, "variables": { "roleDefName": "[guid(subscription().id, string(parameters('actions')), string(parameters('notActions')))]" }, "resources": [ { "type": "Microsoft.Authorization/roleDefinitions", "apiVersion": "2018-07-01", "name": "[variables('roleDefName')]", "properties": { "roleName": "[parameters('roleName')]", "description": "[parameters('roleDescription')]", "type": "customRole", "isCustom": true, "permissions": [ { "actions": "[parameters('actions')]", "notActions": "[parameters('notActions')]" } ], "assignableScopes": "[parameters('scopes')]" } } ] }