From c4c00db0f75abbba6d51aeee8ba4074954481601 Mon Sep 17 00:00:00 2001
From: MrMCake <asehr@hotmail.de>
Date: Fri, 30 Sep 2022 21:41:20 +0200
Subject: [PATCH 1/4] Cleanup of custom roles

---
 .../accounts/.bicep/nested_roleAssignments.bicep              | 1 -
 .../availabilitySets/.bicep/nested_roleAssignments.bicep      | 2 --
 .../diskEncryptionSets/.bicep/nested_roleAssignments.bicep    | 2 --
 .../galleries/images/.bicep/nested_roleAssignments.bicep      | 3 ---
 .../images/.bicep/nested_roleAssignments.bicep                | 3 ---
 .../.bicep/nested_roleAssignments.bicep                       | 2 --
 .../registries/.bicep/nested_roleAssignments.bicep            | 2 --
 .../workspaces/.bicep/nested_roleAssignments.bicep            | 1 -
 .../applicationGateways/.bicep/nested_roleAssignments.bicep   | 2 --
 .../.bicep/nested_roleAssignments.bicep                       | 2 --
 .../azureFirewalls/.bicep/nested_roleAssignments.bicep        | 2 --
 .../bastionHosts/.bicep/nested_roleAssignments.bicep          | 2 --
 .../queueServices/queues/.bicep/nested_roleAssignments.bicep  | 4 ----
 13 files changed, 28 deletions(-)

diff --git a/modules/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep
index d0dc97ef7c..7e4ea857ae 100644
--- a/modules/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep
+++ b/modules/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep
@@ -58,7 +58,6 @@ var builtInRoleNames = {
   'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')
   'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')
   'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')
-  'masterreader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7796-14b4-4889-afef-fbb65a93e5a2')
   'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')
   'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb')
   'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')
diff --git a/modules/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep
index deeae1c5b2..4707b65be0 100644
--- a/modules/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep
+++ b/modules/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep
@@ -40,14 +40,12 @@ var builtInRoleNames = {
   'Avere Cluster Create': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a7b1b19a-0e83-4fe5-935c-faaefbfd18c3')
   'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')
   'Azure Service Deploy Release Management Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21d96096-b162-414a-8302-d8354f9d91b2')
-  'CAL-Custom-Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b266cd7-0bba-4ae2-8423-90ede5e1e898')
   'DevTest Labs User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')
   'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')
   'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')
   'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')
   'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')
   'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')
-  'masterreader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7796-14b4-4889-afef-fbb65a93e5a2')
   'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')
   'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb')
   'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')
diff --git a/modules/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep
index 5cdc604597..8499cb794d 100644
--- a/modules/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep
+++ b/modules/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep
@@ -40,13 +40,11 @@ var builtInRoleNames = {
   'Avere Cluster Create': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a7b1b19a-0e83-4fe5-935c-faaefbfd18c3')
   'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')
   'Azure Service Deploy Release Management Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21d96096-b162-414a-8302-d8354f9d91b2')
-  'CAL-Custom-Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b266cd7-0bba-4ae2-8423-90ede5e1e898')
   'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')
   'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')
   'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')
   'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')
   'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')
-  'masterreader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7796-14b4-4889-afef-fbb65a93e5a2')
   'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')
   'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb')
   'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')
diff --git a/modules/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep
index ca33748441..0d194fa533 100644
--- a/modules/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep
+++ b/modules/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep
@@ -40,17 +40,14 @@ var builtInRoleNames = {
   'Avere Cluster Create': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a7b1b19a-0e83-4fe5-935c-faaefbfd18c3')
   'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')
   'Azure Service Deploy Release Management Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21d96096-b162-414a-8302-d8354f9d91b2')
-  'CAL-Custom-Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b266cd7-0bba-4ae2-8423-90ede5e1e898')
   'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')
   'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')
   'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')
   'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')
   'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')
-  'masterreader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7796-14b4-4889-afef-fbb65a93e5a2')
   'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')
   'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb')
   'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')
-  'myCustomRoleAtSub': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '60cb79d9-783a-50a4-9f05-d4c579fb8ce3')
 }
 
 resource galleryImage 'Microsoft.Compute/galleries/images@2021-10-01' existing = {
diff --git a/modules/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep
index f143080f2a..c2734ebe8a 100644
--- a/modules/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep
+++ b/modules/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep
@@ -40,17 +40,14 @@ var builtInRoleNames = {
   'Avere Cluster Create': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a7b1b19a-0e83-4fe5-935c-faaefbfd18c3')
   'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')
   'Azure Service Deploy Release Management Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21d96096-b162-414a-8302-d8354f9d91b2')
-  'CAL-Custom-Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b266cd7-0bba-4ae2-8423-90ede5e1e898')
   'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')
   'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')
   'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')
   'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')
   'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')
-  'masterreader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7796-14b4-4889-afef-fbb65a93e5a2')
   'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')
   'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb')
   'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')
-  'myCustomRoleAtSub': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '60cb79d9-783a-50a4-9f05-d4c579fb8ce3')
 }
 
 resource image 'Microsoft.Compute/images@2021-04-01' existing = {
diff --git a/modules/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep
index f0b623e3cc..a3e2b88e39 100644
--- a/modules/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep
+++ b/modules/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep
@@ -40,13 +40,11 @@ var builtInRoleNames = {
   'Avere Cluster Create': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a7b1b19a-0e83-4fe5-935c-faaefbfd18c3')
   'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')
   'Azure Service Deploy Release Management Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21d96096-b162-414a-8302-d8354f9d91b2')
-  'CAL-Custom-Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b266cd7-0bba-4ae2-8423-90ede5e1e898')
   'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')
   'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')
   'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')
   'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')
   'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')
-  'masterreader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7796-14b4-4889-afef-fbb65a93e5a2')
   'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')
   'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb')
   'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')
diff --git a/modules/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep
index a9b24d3cf9..7858825cf2 100644
--- a/modules/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep
+++ b/modules/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep
@@ -44,13 +44,11 @@ var builtInRoleNames = {
   'AcrQuarantineReader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'cdda3590-29a3-44f6-95f2-9f980659eb04')
   'AcrQuarantineWriter': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c8d4ff99-41c3-41a8-9f60-21dfdad59608')
   'Azure Service Deploy Release Management Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21d96096-b162-414a-8302-d8354f9d91b2')
-  'CAL-Custom-Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b266cd7-0bba-4ae2-8423-90ede5e1e898')
   'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')
   'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')
   'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')
   'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')
   'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')
-  'masterreader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7796-14b4-4889-afef-fbb65a93e5a2')
   'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')
   'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb')
   'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')
diff --git a/modules/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep
index fcaa1d5b27..b8231582e8 100644
--- a/modules/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep
+++ b/modules/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep
@@ -43,7 +43,6 @@ var builtInRoleNames = {
   'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')
   'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')
   'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')
-  'masterreader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7796-14b4-4889-afef-fbb65a93e5a2')
   'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')
   'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb')
   'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')
diff --git a/modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep
index 2a8356a4ca..aaf63ffd18 100644
--- a/modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep
+++ b/modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep
@@ -40,14 +40,12 @@ var builtInRoleNames = {
   'Avere Cluster Create': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a7b1b19a-0e83-4fe5-935c-faaefbfd18c3')
   'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')
   'Azure Service Deploy Release Management Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21d96096-b162-414a-8302-d8354f9d91b2')
-  'CAL-Custom-Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b266cd7-0bba-4ae2-8423-90ede5e1e898')
   'ExpressRoute Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7896-14b4-4889-afef-fbb65a96e5a2')
   'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')
   'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')
   'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')
   'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')
   'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')
-  'masterreader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7796-14b4-4889-afef-fbb65a93e5a2')
   'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')
   'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb')
   'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')
diff --git a/modules/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep
index d3032f76e7..d0f4f73a93 100644
--- a/modules/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep
+++ b/modules/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep
@@ -40,14 +40,12 @@ var builtInRoleNames = {
   'Avere Cluster Create': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a7b1b19a-0e83-4fe5-935c-faaefbfd18c3')
   'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')
   'Azure Service Deploy Release Management Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21d96096-b162-414a-8302-d8354f9d91b2')
-  'CAL-Custom-Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b266cd7-0bba-4ae2-8423-90ede5e1e898')
   'ExpressRoute Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7896-14b4-4889-afef-fbb65a96e5a2')
   'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')
   'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')
   'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')
   'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')
   'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')
-  'masterreader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7796-14b4-4889-afef-fbb65a93e5a2')
   'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')
   'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb')
   'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')
diff --git a/modules/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep
index 84df6c1d8e..5acb26da2a 100644
--- a/modules/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep
+++ b/modules/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep
@@ -40,14 +40,12 @@ var builtInRoleNames = {
   'Avere Cluster Create': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a7b1b19a-0e83-4fe5-935c-faaefbfd18c3')
   'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')
   'Azure Service Deploy Release Management Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21d96096-b162-414a-8302-d8354f9d91b2')
-  'CAL-Custom-Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b266cd7-0bba-4ae2-8423-90ede5e1e898')
   'ExpressRoute Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7896-14b4-4889-afef-fbb65a96e5a2')
   'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')
   'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')
   'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')
   'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')
   'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')
-  'masterreader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7796-14b4-4889-afef-fbb65a93e5a2')
   'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')
   'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb')
   'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')
diff --git a/modules/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep
index 8769fe743b..0dd6a4e0f1 100644
--- a/modules/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep
+++ b/modules/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep
@@ -40,14 +40,12 @@ var builtInRoleNames = {
   'Avere Cluster Create': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a7b1b19a-0e83-4fe5-935c-faaefbfd18c3')
   'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')
   'Azure Service Deploy Release Management Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21d96096-b162-414a-8302-d8354f9d91b2')
-  'CAL-Custom-Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b266cd7-0bba-4ae2-8423-90ede5e1e898')
   'ExpressRoute Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7896-14b4-4889-afef-fbb65a96e5a2')
   'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')
   'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')
   'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')
   'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')
   'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')
-  'masterreader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7796-14b4-4889-afef-fbb65a93e5a2')
   'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')
   'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb')
   'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')
diff --git a/modules/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep
index a70afd19cb..e385c83e68 100644
--- a/modules/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep
+++ b/modules/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep
@@ -42,11 +42,8 @@ var builtInRoleNames = {
   'Azure Service Deploy Release Management Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21d96096-b162-414a-8302-d8354f9d91b2')
   'Backup Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')
   'Backup Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')
-  'CAL-Custom-Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b266cd7-0bba-4ae2-8423-90ede5e1e898')
   'DevTest Labs User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')
   'Disk Snapshot Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7efff54f-a5b4-42b5-a1c5-5411624893ce')
-  'Dsms Role (deprecated)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b91f4c0b-46e3-47bb-a242-eecfe23b3b5b')
-  'Dsms Role (do not use)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7aff565e-6c55-448d-83db-ccf482c6da2f')
   'GenevaWarmPathResourceContributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9f15f5f5-77bd-413a-aa88-4b9c68b1e7bc')
   'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')
   'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')
@@ -54,7 +51,6 @@ var builtInRoleNames = {
   'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')
   'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')
   'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')
-  'masterreader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7796-14b4-4889-afef-fbb65a93e5a2')
   'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')
   'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb')
   'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')

From 1315e41f75e6ffc475d22a9d543aced28a6bf3c2 Mon Sep 17 00:00:00 2001
From: MrMCake <asehr@hotmail.de>
Date: Fri, 30 Sep 2022 21:43:23 +0200
Subject: [PATCH 2/4] RBAC cleanup

---
 .../.bicep/{nested_rbac.bicep => nested_roleAssignments.bicep}  | 0
 modules/Microsoft.Cache/redis/deploy.bicep                      | 2 +-
 .../.bicep/{nested_rbac.bicep => nested_roleAssignments.bicep}  | 0
 modules/Microsoft.PowerBIDedicated/capacities/deploy.bicep      | 2 +-
 .../.bicep/{nested_rbac.bicep => nested_roleAssignments.bicep}  | 0
 modules/Microsoft.SignalRService/webPubSub/deploy.bicep         | 2 +-
 .../.bicep/{nested_rbac.bicep => nested_roleAssignments.bicep}  | 0
 modules/Microsoft.Synapse/workspaces/deploy.bicep               | 2 +-
 8 files changed, 4 insertions(+), 4 deletions(-)
 rename modules/Microsoft.Cache/redis/.bicep/{nested_rbac.bicep => nested_roleAssignments.bicep} (100%)
 rename modules/Microsoft.PowerBIDedicated/capacities/.bicep/{nested_rbac.bicep => nested_roleAssignments.bicep} (100%)
 rename modules/Microsoft.SignalRService/webPubSub/.bicep/{nested_rbac.bicep => nested_roleAssignments.bicep} (100%)
 rename modules/Microsoft.Synapse/workspaces/.bicep/{nested_rbac.bicep => nested_roleAssignments.bicep} (100%)

diff --git a/modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep b/modules/Microsoft.Cache/redis/.bicep/nested_roleAssignments.bicep
similarity index 100%
rename from modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep
rename to modules/Microsoft.Cache/redis/.bicep/nested_roleAssignments.bicep
diff --git a/modules/Microsoft.Cache/redis/deploy.bicep b/modules/Microsoft.Cache/redis/deploy.bicep
index 2278ab6f12..3bad7284f7 100644
--- a/modules/Microsoft.Cache/redis/deploy.bicep
+++ b/modules/Microsoft.Cache/redis/deploy.bicep
@@ -228,7 +228,7 @@ resource redisCache_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@20
   scope: redisCache
 }
 
-module redisCache_rbac '.bicep/nested_rbac.bicep' = [for (roleAssignment, index) in roleAssignments: {
+module redisCache_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: {
   name: '${uniqueString(deployment().name, location)}-AppGateway-Rbac-${index}'
   params: {
     description: contains(roleAssignment, 'description') ? roleAssignment.description : ''
diff --git a/modules/Microsoft.PowerBIDedicated/capacities/.bicep/nested_rbac.bicep b/modules/Microsoft.PowerBIDedicated/capacities/.bicep/nested_roleAssignments.bicep
similarity index 100%
rename from modules/Microsoft.PowerBIDedicated/capacities/.bicep/nested_rbac.bicep
rename to modules/Microsoft.PowerBIDedicated/capacities/.bicep/nested_roleAssignments.bicep
diff --git a/modules/Microsoft.PowerBIDedicated/capacities/deploy.bicep b/modules/Microsoft.PowerBIDedicated/capacities/deploy.bicep
index 72ee3013aa..4148ac2453 100644
--- a/modules/Microsoft.PowerBIDedicated/capacities/deploy.bicep
+++ b/modules/Microsoft.PowerBIDedicated/capacities/deploy.bicep
@@ -77,7 +77,7 @@ resource powerbi_lock 'Microsoft.Authorization/locks@2016-09-01' = if (!empty(lo
   scope: powerbi
 }
 
-module powerbi_rbac '.bicep/nested_rbac.bicep' = [for (roleAssignment, index) in roleAssignments: {
+module powerbi_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: {
   name: '${deployment().name}-rbac-${index}'
   params: {
     roleAssignmentObj: roleAssignment
diff --git a/modules/Microsoft.SignalRService/webPubSub/.bicep/nested_rbac.bicep b/modules/Microsoft.SignalRService/webPubSub/.bicep/nested_roleAssignments.bicep
similarity index 100%
rename from modules/Microsoft.SignalRService/webPubSub/.bicep/nested_rbac.bicep
rename to modules/Microsoft.SignalRService/webPubSub/.bicep/nested_roleAssignments.bicep
diff --git a/modules/Microsoft.SignalRService/webPubSub/deploy.bicep b/modules/Microsoft.SignalRService/webPubSub/deploy.bicep
index f1507698f5..4495b69c04 100644
--- a/modules/Microsoft.SignalRService/webPubSub/deploy.bicep
+++ b/modules/Microsoft.SignalRService/webPubSub/deploy.bicep
@@ -146,7 +146,7 @@ resource webPubSub_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(
   scope: webPubSub
 }
 
-module webPubSub_rbac '.bicep/nested_rbac.bicep' = [for (roleAssignment, index) in roleAssignments: {
+module webPubSub_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: {
   name: '${uniqueString(deployment().name, location)}-WebPubSub-Rbac-${index}'
   params: {
     description: contains(roleAssignment, 'description') ? roleAssignment.description : ''
diff --git a/modules/Microsoft.Synapse/workspaces/.bicep/nested_rbac.bicep b/modules/Microsoft.Synapse/workspaces/.bicep/nested_roleAssignments.bicep
similarity index 100%
rename from modules/Microsoft.Synapse/workspaces/.bicep/nested_rbac.bicep
rename to modules/Microsoft.Synapse/workspaces/.bicep/nested_roleAssignments.bicep
diff --git a/modules/Microsoft.Synapse/workspaces/deploy.bicep b/modules/Microsoft.Synapse/workspaces/deploy.bicep
index 4b9d99e697..fb72b06a36 100644
--- a/modules/Microsoft.Synapse/workspaces/deploy.bicep
+++ b/modules/Microsoft.Synapse/workspaces/deploy.bicep
@@ -258,7 +258,7 @@ resource workspace_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(
 }
 
 // RBAC
-module workspace_rbac '.bicep/nested_rbac.bicep' = [for (roleAssignment, index) in roleAssignments: {
+module workspace_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: {
   name: '${uniqueString(deployment().name, location)}-Workspace-Rbac-${index}'
   params: {
     principalIds: roleAssignment.principalIds

From 5901f2b4b4bd70b943949a3b3ad9c30f9551d3c4 Mon Sep 17 00:00:00 2001
From: MrMCake <asehr@hotmail.de>
Date: Fri, 30 Sep 2022 21:44:18 +0200
Subject: [PATCH 3/4] Added missing properties

---
 .../keyValues/.bicep/nested_roleAssignments.bicep            | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/modules/Microsoft.AppConfiguration/configurationStores/keyValues/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.AppConfiguration/configurationStores/keyValues/.bicep/nested_roleAssignments.bicep
index 44de91061d..8d6fe27691 100644
--- a/modules/Microsoft.AppConfiguration/configurationStores/keyValues/.bicep/nested_roleAssignments.bicep
+++ b/modules/Microsoft.AppConfiguration/configurationStores/keyValues/.bicep/nested_roleAssignments.bicep
@@ -61,7 +61,10 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [
     description: description
     roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName
     principalId: principalId
-    principalType: !empty(principalType) ? principalType : null
+    principalType: !empty(principalType) ? any(principalType) : null
+    condition: !empty(condition) ? condition : null
+    conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null
+    delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null
   }
   scope: appConfiguration
 }]

From 07e41cbbf1090c471c29e21265b76800fe40d702 Mon Sep 17 00:00:00 2001
From: MrMCake <asehr@hotmail.de>
Date: Fri, 30 Sep 2022 22:11:56 +0200
Subject: [PATCH 4/4] Updated BackupVault

---
 .../.bicep/nested_roleAssignments.bicep           | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/modules/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep
index dd41a228cb..0a50483411 100644
--- a/modules/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep
+++ b/modules/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep
@@ -34,9 +34,22 @@ param conditionVersion string = '2.0'
 param delegatedManagedIdentityResourceId string = ''
 
 var builtInRoleNames = {
-  'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
+  'Backup Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')
+  'Backup Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')
+  'Backup Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a795c7a0-d4a2-40c1-ae25-d81f01202912')
   'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
+  'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')
+  'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')
+  'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')
+  'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')
+  'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')
+  'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')
+  'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')
+  'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
   'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
+  'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')
+  'Role Based Access Control Administrator (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')
+  'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')
 }
 
 resource backupVault 'Microsoft.DataProtection/backupVaults@2022-03-01' existing = {