azure.roledefinition

Role definitions define sets of permissions that can be assigned to an identity.

example

Return role definitions that explicitly have the permission to read authorization objects (role assignments, role definitions, etc). If a role definition inherits permissions (e.g. by having * permissions) they are not returned in this filter.

policies:
    - name: role-definition-permissions
      resource: azure.roledefinition
      filters:
        - type: value
          key: properties.permissions[0].actions
          value: Microsoft.Authorization/*/read
          op: contains

Filters