Azure Role Assignments
Arpio replicates Role Assignments to preserve access control configurations in recovery environments.
The following attributes are translated during replication:
| Attribute | Translation Method |
|---|---|
| Name | A new/deterministic GUID is assigned to the recovery role assignment |
| Role Definition ID | For references to built-in roles, the subscription ID portion of the ID is translated. For references to custom role definitions, the ID is fully translated. |
| Principal ID | Translated to recovery identity principal ID |
| Scope | Translated to recovery subscription, resource group, or resource |
The following resources are automatically selected into recovery points when a Role Assignment is selected:
- Custom role definition reference by the role assignment (if applicable)
Normally, role assignments are created at standby. However, if the Principal ID or Scope references cannot be resolved at standby (e.g. because the referenced resource/identity doesn't exist at standby), the role assignment will only be created during failover.