Role Definition or Azure Roles

Role definition (referring to an Azure role) is a group of actions that can be performed by a particular entity. They are nothing but a set of permissions required to deal with the resources present on the Azure portal.  A basic role definition looks like the following (in Azure PowerShell)

{
  "Name": "Contributor",
  "Id": "b24988ac-6180-42a0-ab88-20f7382dd24c",
  "IsCustom": false,
  "Description": "Lets you manage 
  everything except access to resources.",
  "Actions": [
    "*"
  ],
  "NotActions": [
    "Microsoft.Authorization/*/Delete",
    "Microsoft.Authorization/*/Write",
    "Microsoft.Authorization/elevateAccess/Action",
    "Microsoft.Blueprint/blueprintAssignments/write",
    "Microsoft.Blueprint/blueprintAssignments/delete"
  ],
  "DataActions": [],
  "NotDataActions": [],
  "AssignableScopes": [
    "/"
  ]
}

Security Principal:

The service principal will use the resources. Azure gives two options when creating a role assignment – User, Group, or service principal and Managed Identity.

Scope:

The resource to which the security principal is given access. It can be either the management group, the subscription, the resource group, resource.

Pre-requisite:- Azure

Azure role-based access control is an access management system built over Azure Resource Manager which provides fine-grained access to specific users over specific resources.