azure.roledefinition

Role definitions define sets of permissions that can be assigned to an identity.

example:

Return role definitions that explicitly have the permission to read authorization objects (role assignments, role definitions, etc). If a role definition inherits permissions (e.g. by having * permissions) they are not returned in this filter.

policies:
    - name: role-definition-permissions
      resource: azure.roledefinition
      filters:
        - type: value
          key: properties.permissions[0].actions
          value: Microsoft.Authorization/*/read
          op: contains

Filters

Actions