diff --git a/common/roles.go b/common/roles.go
index ff4b502c..3c219133 100644
--- a/common/roles.go
+++ b/common/roles.go
@@ -11,26 +11,46 @@ const (
 	ContributorRoleName = "Contributor"
 	// Reader Role - has access to view all resource, but can't make changes
 	ReaderRoleName = "Reader"
+	// Location Contributor Role - has permissions to run any operation on the location resource
+	LocationContributorRoleName = "LocationContributor"
 	// Group Contributor Role - has permissions to run any operation on the group resource
 	GroupContributorRoleName = "GroupContributor"
 	// Node Contributor Role - has permissions to create and get nodes
 	NodeContributorRoleName = "NodeContributor"
-	// MacPool Contributor Role - has permissions to run any operation on MacPools
+	// Cluster Contributor Role - has permissions to create and get clusters
+	ClusterContributorRoleName = "ClusterContributor"
+	// MacPool Contributor Role - has permissions to run any operation on mac pools
 	MacPoolContributorRoleName = "MacPoolContributor"
-	// VipPool Contributor Role - has permissions to run any operation on VipPools
+	// VipPool Contributor Role - has permissions to run any operation on vip pools
 	VipPoolContributorRoleName = "VipPoolContributor"
+	// GalleryImage Contributor Role - has permissions to run any operation on gallery images
+	GalleryImageContributorRoleName = "GalleryImageContributor"
+	// ControlPlane Contributor Role - has permissions to run any operation on control planes
+	ControlPlaneContributorRoleName = "ControlPlaneContributor"
+	// StorageContainer Contributor Role - has permissions to run any operation on storage containers
+	StorageContainerContributorRoleName = "StorageContainerContributor"
 	// LB Contributor Role - has permissions to run any operation on LBs
 	LBContributorRoleName = "LBContributor"
 	// Network Interface Contributor Role - has permissions to run any operation on network interfaces
 	NIContributorRoleName = "NetworkInterfaceContributor"
 	// VM Contributor Role - has permissions to run any operation on VMs
 	VMContributorRoleName = "VMContributor"
+	// VirtualMachineImage Contributor Role - has permissions to run any operation on VirtualMachineImages
+	VMIContributorRoleName = "VirtualMachineImageContributor"
+	// VirtualMachineScaleSet Contributor Role - has permissions to run any operation on VirtualMachineScaleSets
+	VMSSContributorRoleName = "VMSSContributor"
 	// BareMetalMachine Contributor Role - has permissions to run any operation on BareMetalMachines
 	BMMContributorRoleName = "BareMetalMachineContributor"
 	// VirtualNetwork Contributor Role - has permissions to run any operation on VirtualNetworks
 	VNetContributorRoleName = "VirtualNetworkContributor"
 	// VirtualHardDisk Contributor Role - has permissions to run any operation on VirtualHardDisks
 	VHDContributorRoleName = "VirtualHardDiskContributor"
+	// Kubernetes Contributor Role - has permissions to run any operation on Kubernetes resources
+	KubernetesContributorRoleName = "KubernetesContributor"
+	// EtcdCluster Contributor Role - has permissions to run any operation on EtcdClusters
+	EtcdClusterContributorRoleName = "EtcdClusterContributor"
+	// EtcdServer Contributor Role - has permissions to run any operation on EtcdServers
+	EtcdServerContributorRoleName = "EtcdServerContributor"
 	// Role Contributor Role - has permissions to operate on roles and assign them
 	RoleContributorRoleName = "RoleContributor"
 	// Identity Contributor Role - has permissions to run any operation on Identities
@@ -43,26 +63,46 @@ const (
 	KeyContributorRoleName = "KeyContributor"
 	// Secret Contributor role - has permissions to run any operation on Secrets
 	SecretContributorRoleName = "SecretContributor"
+	// Location Reader role - has permissions to run read operations on locations
+	LocationReaderRoleName = "LocationReader"
 	// Group Reader Role - has permissions to run read operations on the group resource
 	GroupReaderRoleName = "GroupReader"
 	// Node Reader Role - has permissions to get nodes
 	NodeReaderRoleName = "NodeReader"
-	// MacPool Reader Role - has permissions to run read operations on MacPools
+	// Cluster Reader Role - has permissions to get clusters
+	ClusterReaderRoleName = "ClusterReader"
+	// MacPool Reader Role - has permissions to run read operations on mac pools
 	MacPoolReaderRoleName = "MacPoolReader"
-	// VipPool Reader Role - has permissions to run read operations on VipPools
+	// VipPool Reader Role - has permissions to run read operations on vip pools
 	VipPoolReaderRoleName = "VipPoolReader"
+	// GalleryImage Reader Role - has permissions to run read operations on gallery images
+	GalleryImageReaderRoleName = "GalleryImageReader"
+	// ControlPlane Reader Role - has permissions to run read operations on control planes
+	ControlPlaneReaderRoleName = "ControlPlaneReader"
+	// StorageContainer Reader Role - has permissions to run read operations on storage containers
+	StorageContainerReaderRoleName = "StorageContainerReader"
 	// LB Reader Role - has permissions to run read operations on LBs and interfaces
 	LBReaderRoleName = "LBReader"
 	// Network Interface Reader Role - has permissions to run read operations on network interfaces
 	NIReaderRoleName = "NetworkInterfaceReader"
 	// VM Reader Role - has permissions to run read operations on VMs
 	VMReaderRoleName = "VMReader"
+	// VirtualMachineImage Reader Role - has permissions to run read operations on VirtualMachineImages
+	VMIReaderRoleName = "VirtualMachineImageReader"
+	// VirtualMachineScaleSet Reader Role - has permissions to run read operations on VirtualMachineScaleSets
+	VMSSReaderRoleName = "VMSSReader"
 	// BareMetalMachine Reader Role - has permissions to run read operations on BareMetalMachines
 	BMMReaderRoleName = "BareMetalMachineReader"
 	// VirtualNetwork Reader Role - has permissions to run read operations on VirtualNetworks
 	VNetReaderRoleName = "VirtualNetworkReader"
 	// VirtualHardDisk Reader Role - has permissions to run read operations on VirtualHardDisks
 	VHDReaderRoleName = "VirtualHardDiskReader"
+	// Kubernetes Reader Role - has permissions to run read operations on Kubernetes resources
+	KubernetesReaderRoleName = "KubernetesReader"
+	// EtcdCluster Reader Role - has permissions to run read operations on EtcdClusters
+	EtcdClusterReaderRoleName = "EtcdClusterReader"
+	// EtcdServer Reader Role - has permissions to run read operations on EtcdServers
+	EtcdServerReaderRoleName = "EtcdServerReader"
 	// Identity Reader Role - has permissions to run read operations on Identities
 	IdentityReaderRoleName = "IdentityReader"
 	// Role Reader Role - has permissions to operate on roles and assign them