Role definitions define sets of permissions that can be assigned to an identity.
Return role definitions that explicitly have the permission to read authorization objects (role assignments, role definitions, etc). If a role definition inherits permissions (e.g. by having * permissions) they are not returned in this filter.
policies: - name: role-definition-permissions resource: azure.roledefinition filters: - type: value key: properties.permissions.actions value: Microsoft.Authorization/*/read op: contains