Platform roles dictionary
The following table lists all the platform roles by category. To see the detailed permissions for each platform role, select the name of the category in the table.
Cloud Commander users only see the menu options and dialogs for their assigned roles. See Platform roles required for specific tasks. If you can't see a menu option or dialog that you need, contact the Cloud Commander administrator at your MSP organization.
| Category | Platform role | Role description |
|---|---|---|
| Auditing | Audit Administrators | Can manage all audit-related features. |
| Azure Compute | Azure Resource Management Storage Account Reader | Can read all Azure Resource Management Storage Account Command Blocks. |
| Azure Resource Management Storage Account Writer | Can read and execute all Azure Resource Management Storage Account Command Blocks. | |
| Azure Resource Management Virtual Machines Reader | Can read all Azure Resource Management Virtual Machines Command Blocks. | |
| Azure Resource Management Virtual Machines Writer | Can read and execute all Azure Resource ManagementVirtual Machines Command Blocks. | |
| Azure Management | Azure Management Resource Admin | Can run all operations on Azure Management resources. |
| Azure Management Resource Reader | Can view all Azure Management resources & alerts. | |
| Azure Management Resource Writer | Can run start, stop, and restart operation on Azure Management resources. | |
| Azure Portal Management | Azure Portal Management License Reader | Can read all Azure Portal Management License Command Blocks. |
| Azure Portal Management License Writer | Can read and execute all Azure Portal Management License Command Blocks. | |
| Azure Portal Management User Settings and B2B Policies Reader | Can read all Azure Portal Management User Settings and B2B Policies Command Blocks. | |
| Azure Portal Management User Settings and B2B Policies Writer | Can read and execute all Azure Portal Management User Settings and B2B Policies Command Blocks. | |
| Command Exchange | Exchange Reader | Can read all Exchange Command Blocks. |
| Exchange Writer | Can read and execute all Exchange Command Blocks. | |
| Command Job Log | Command Block Job Log Reader | Can read all Platform Command Blocks. |
| Command Partner Center | Partner Center Subscription Reader | Can read all Partner Center Management Command Blocks. |
| Partner Center Subscription Writer | Can read and execute all Partner Center Management Command Blocks. | |
| Identity and Access | Identity and Access Essentials Reader | Can read all Identity and Access Essentials Command Blocks. |
| Identity and Access Essentials Writer | Can read and execute all Identity and Access Essentials Command Blocks. | |
| Identity Protection Reader | Can read all Identity and Access Command Blocks. | |
| Identity Protection Writer | Can read and execute all Identity and Access Command Blocks. | |
| Microsoft Entra ID Authentication Methods Reader | Can read all Identity and Access Command Blocks. | |
| Microsoft Entra ID Authentication Methods Writer | Can read and execute all Identity and Access Command Blocks. | |
| Microsoft Entra ID Domains Reader | Can read all Identity and Access Command Blocks. | |
| Microsoft Entra ID Domains Writer | Can read and execute all Identity and Access Command Blocks. | |
| Microsoft Entra ID Group Reader | Can read all Identity and Access Essentials Command Blocks | |
| Microsoft Entra ID Group Writer | Can read and execute all Identity and Access Essentials Command Blocks. | |
| Microsoft Entra ID Organization Reader | Can read all Identity and Access Command Blocks. | |
| Microsoft Entra ID Organization Writer | Can read and execute all Identity and Access Command Blocks. | |
| Microsoft Entra Reader | Can read all Identity and Access Command Blocks. | |
| Microsoft Entra Writer | Can read and execute all Identity and Access Command Blocks. | |
| Microsoft Entra Role Reader | Can read all Identity ad Access Command Blocks. | |
| Microsoft Entra Role Writer | Can read and execute all Identity and Access Command Blocks. | |
| Licenses | License Administrators | Can manage all available license-related features. |
| Microsoft Endpoint Manager | Microsoft Endpoint Manager Apps Reader | Can read all Microsoft Endpoint Manager Command Blocks. |
| Microsoft Endpoint Manager Apps Writer | Can read and execute all Microsoft Endpoint Manager Command Blocks. | |
| Microsoft Endpoint Manager Device Configuration And Policies Reader | Can read all Microsoft Endpoint Manager Command Blocks. | |
| Microsoft Endpoint Manager Device Configuration And Policies Writer | Can read and execute all Microsoft Endpoint Manager Command Blocks. | |
| Microsoft Endpoint Manager Device Reader | Can read all Microsoft Endpoint Manager Command Blocks. | |
| Microsoft Endpoint Manager Device Writer | Can read and execute all Microsoft Endpoint Manager Command Blocks. | |
| Microsoft Endpoint Manager RBAC Settings Reader | Can read all Microsoft Endpoint Manager Command Blocks. | |
| Microsoft Endpoint Manager RBAC Settings Writer | Can read and execute all Microsoft Endpoint Manager Command Blocks. | |
| Microsoft Entra ID | Microsoft Entra ID Group Administrators | Can manage all Microsoft Entra ID group-related features. |
| Microsoft Exchange Online | Microsoft Exchange Online Calendar Reader | Can read all Exchange Online Command Blocks. |
| Microsoft Exchange Online Calendar Writer | Can read and execute all Exchange Online Command Blocks. | |
| Microsoft Exchange Online Mail Reader | Can read all Exchange Online Command Blocks. | |
| Microsoft Exchange Online Mail Writer | Can read and execute all Exchange Online Command Blocks | |
| Microsoft Exchange Online PowerShell Reader | Can read all Exchange Online PowerShell Command Blocks. | |
| Microsoft Exchange Online PowerShell Writer | Can read and execute all Exchange Online PowerShell Command Blocks. | |
| Microsoft Graph Security | Microsoft Secure Scores Reader | Can read all Security and compliance Command Blocks. |
| Microsoft Secure Scores Writer | Can read and execute all Security and compliance Command Blocks. | |
| Microsoft Security Alerts Reader | Can read all Security and compliance Command Blocks. | |
| Microsoft Security Alerts Writer | Can read and execute all Security and compliance Command Blocks. | |
| Microsoft Threats Assessments Reader | Can read all Security and compliance Command Blocks. | |
| Microsoft Threats Assessments Writer | Can read and execute all Security and compliance Command Blocks. | |
| Microsoft Partner Center | Partner Center Customer Reader | Can read all Partner Center Management Command Blocks. |
| Partner Center Customer Writer | Can read and execute all Partner Center Management Command Blocks. | |
| Microsoft SharePoint | Microsoft OneDrive for Business Reader | Can read all Microsoft OneDrive Command Blocks. |
| Microsoft OneDrive for Business Writer | Can read and execute all Microsoft OneDrive Command Blocks. | |
| Microsoft SharePoint Online Reader | Can read all Microsoft SharePoint Online Command Blocks. | |
| Microsoft SharePoint Online Writer | Can read and execute all Microsoft SharePoint Online Command Blocks. | |
| Microsoft Windows 365 Reader | Can read all Microsoft Windows 365 Command Blocks. | |
| Microsoft Windows 365 Writer | Can write all Microsoft Windows 365 Command Blocks. | |
| Microsoft Teamwork | Microsoft Teams Reader | Can read all Microsoft Teams Command Blocks. |
| Microsoft Teams Writer | Can read and execute Microsoft Teams Command Blocks. | |
| Partner Center | Partner Center Administrators | Can manage Microsoft Partner Center settings and customers. |
| Platform (category) | Administrators | Can manage administrative features such as onboardings and configurations based on the purchased plan. |
| Command Platform Role Reader | Can read all management Command Blocks. | |
| Command Platform Role Writer | Can read and execute all management Command Blocks. | |
| DelegateAccessGroup Readers | Can read all Delegate Access Groups. | |
| Group Reader | Can read all management Command Blocks. | |
| Group Writer | Can read and execute all management Command Blocks. | |
| Microsoft Invoices Administrators | Can manage invoice related features. | |
| Product and Price Consumer Management | Can manage product and price consumer. | |
| Product and Price Management Reader | Can read available product and price plans. | |
| Product and Price Management Writer | Can manage product and price plans. | |
| Report Essentials Reader | Can read reports. | |
| Role Administrators | Can manage all role-related features. | |
| User Administrators | Can manage all user-related features. | |
| User Group Administrators | Can manage all user group-related features. | |
| Users Reader | Can read all users. | |
| Subscriptions and licenses | Product and Subscription Administrator | Can manage products and subscriptions. |
| Subscription Management | Can manage subscriptions. |
Updated: Jul 09, 2024