Azure Management roles and permissions

Role	Permission	Description
Azure Management Resource Admin Can run all operations on Azure Management resources.	azure.alert.read	For all customers in the user's defined scope, the user can: View all resources Drill down to view resource details View Azure Alerts Perform start, restart, stop, and deallocate operations
	azure.resource.read
	azure.resource.readbasic
	azure.virtualmachine.deallocate
	azure.virtualmachine.restart
	azure.virtualmachine.start
	azure.virtualmachine.stop
	azure.vm.read
	azure.vm.readbasic
	azuremgmt.error.read
	azuremgmt.integration.read
	azuremgmt.operation.read
	azuremgmt.subscription.read
	azuremgmt.subscription.write
	azuremgmt.user.read
Azure Management Resource Reader Can view all Azure Management resources & alerts.	azure.alert.read	For all customers in the user's defined scope, the user can: View all resources Drill down to view resource details View Azure Alerts
	azure.resource.read
	azure.resource.readbasic
	azure.vm.read
	azure.vm.readbasic
	azuremgmt.error.read
	azuremgmt.integration.read
	azuremgmt.subscription.read
	azuremgmt.user.read
Azure Management Resource Writer Can run start, stop, and restart operation on Azure Management resources.	azure.alert.read	For all customers in the user's defined scope, the user can: View all resources Drill down to view resource details View Azure Alerts Perform start, restart, and stop operations
	azure.resource.read
	azure.resource.readbasic
	azure.virtualmachine.restart
	azure.virtualmachine.start
	azure.virtualmachine.stop
	azure.vm.read
	azure.vm.readbasic
	azuremgmt.error.read
	azuremgmt.integration.read
	azuremgmt.operation.read
	azuremgmt.subscription.read
	azuremgmt.subscription.write
	azuremgmt.user.read

Related articles

• Platform roles dictionary

Updated: Jan 09, 2026