AzRoleAdvertizer

last sync: 2024-Nov-25 18:54:42 UTC

Azure Red Hat OpenShift Machine API Operator Role

Azure BuiltIn RBAC Role definition

NameAzure Red Hat OpenShift Machine API Operator Role
Id0358943c-7e01-48ba-8889-02cc51d78637
DescriptionEnables permissions for the operator to manage the lifecycle of specific purpose custom resource definitions (CRD), controllers, and RBAC objects that extend the Kubernetes API. This declares the desired state of machines in a cluster.
CreatedOn2024-01-30 16:11:37 UTC
UpdatedOn2024-10-03 14:45:22 UTC
History
Date/Time (UTC ymd) (i) Change Change detail
2024-10-03 17:51:55 change: DisplayName, Actions New DisplayName: 'Azure Red Hat OpenShift Machine API Operator Role'
Old DisplayName: 'Azure RedHat OpenShift Machine API Operator Role',
Actions: 'add Microsoft.Compute/capacityReservationGroups/deploy/action'
2024-04-15 17:47:24 change: Actions Actions: 'add Microsoft.Compute/availabilitySets/delete; add Microsoft.Compute/availabilitySets/read; add Microsoft.Compute/availabilitySets/write; add Microsoft.Compute/diskEncryptionSets/read; add Microsoft.Compute/disks/delete; add Microsoft.Compute/galleries/images/versions/read; add Microsoft.Compute/skus/read; add Microsoft.Compute/virtualMachines/delete; add Microsoft.Compute/virtualMachines/read; add Microsoft.Compute/virtualMachines/write; add Microsoft.ManagedIdentity/userAssignedIdentities/assign/action; add Microsoft.Network/applicationSecurityGroups/read; add Microsoft.Network/loadBalancers/backendAddressPools/join/action; add Microsoft.Network/loadBalancers/read; add Microsoft.Network/loadBalancers/write; add Microsoft.Network/networkInterfaces/delete; add Microsoft.Network/networkInterfaces/join/action; add Microsoft.Network/networkInterfaces/loadBalancers/read; add Microsoft.Network/networkInterfaces/read; add Microsoft.Network/networkInterfaces/write; add Microsoft.Network/networkSecurityGroups/read; add Microsoft.Network/networkSecurityGroups/write; add Microsoft.Network/publicIPAddresses/delete; add Microsoft.Network/publicIPAddresses/join/action; add Microsoft.Network/publicIPAddresses/read; add Microsoft.Network/publicIPAddresses/write; add Microsoft.Network/routeTables/read; add Microsoft.Network/virtualNetworks/delete; add Microsoft.Network/virtualNetworks/read; add Microsoft.Network/virtualNetworks/subnets/join/action; add Microsoft.Network/virtualNetworks/subnets/read'
2024-01-31 19:57:40 add: Role 0358943c-7e01-48ba-8889-02cc51d78637
Permissions summary Effective control plane and data plane operations: 33 (unique operations)
•action: 6
•delete: 6
•read: 15
•write: 6

Actions: 33
Resolved control plane operations from Actions: 33
Effective control plane operations: 33
•action: 6
•delete: 6
•read: 15
•write: 6

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16139

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3303
Actions
Operation Description
Microsoft.Compute/availabilitySets/deleteDeletes the availability set
Microsoft.Compute/availabilitySets/readGet the properties of an availability set
Microsoft.Compute/availabilitySets/writeCreates a new availability set or updates an existing one
Microsoft.Compute/capacityReservationGroups/deploy/actionDeploy a new VM/VMSS using Capacity Reservation Group
Microsoft.Compute/diskEncryptionSets/readGet the properties of a disk encryption set
Microsoft.Compute/disks/deleteDeletes the Disk
Microsoft.Compute/galleries/images/versions/readGets the properties of Gallery Image Version
Microsoft.Compute/skus/readGets the list of Microsoft.Compute SKUs available for your Subscription
Microsoft.Compute/virtualMachines/deleteDeletes the virtual machine
Microsoft.Compute/virtualMachines/readGet the properties of a virtual machine
Microsoft.Compute/virtualMachines/writeCreates a new virtual machine or updates an existing virtual machine
Microsoft.ManagedIdentity/userAssignedIdentities/assign/actionRBAC action for assigning an existing user assigned identity to a resource
Microsoft.Network/applicationSecurityGroups/readGets an Application Security Group ID.
Microsoft.Network/loadBalancers/backendAddressPools/join/actionJoins a load balancer backend address pool. Not Alertable.
Microsoft.Network/loadBalancers/readGets a load balancer definition
Microsoft.Network/loadBalancers/writeCreates a load balancer or updates an existing load balancer
Microsoft.Network/networkInterfaces/deleteDeletes a network interface
Microsoft.Network/networkInterfaces/join/actionJoins a Virtual Machine to a network interface. Not Alertable.
Microsoft.Network/networkInterfaces/loadBalancers/readGets all the load balancers that the network interface is part of
Microsoft.Network/networkInterfaces/readGets a network interface definition.
Microsoft.Network/networkInterfaces/writeCreates a network interface or updates an existing network interface.
Microsoft.Network/networkSecurityGroups/readGets a network security group definition
Microsoft.Network/networkSecurityGroups/writeCreates a network security group or updates an existing network security group
Microsoft.Network/publicIPAddresses/deleteDeletes a public Ip address.
Microsoft.Network/publicIPAddresses/join/actionJoins a public ip address. Not Alertable.
Microsoft.Network/publicIPAddresses/readGets a public ip address definition.
Microsoft.Network/publicIPAddresses/writeCreates a public Ip address or updates an existing public Ip address.
Microsoft.Network/routeTables/readGets a route table definition
Microsoft.Network/virtualNetworks/deleteDeletes a virtual network
Microsoft.Network/virtualNetworks/readGet the virtual network definition
Microsoft.Network/virtualNetworks/subnets/join/actionJoins a virtual network. Not Alertable.
Microsoft.Network/virtualNetworks/subnets/readGets a virtual network subnet definition
Microsoft.Resources/subscriptions/resourceGroups/readRuft Ressourcengruppen ab oder listet diese auf.
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy		 none
JSON
api-version=2023-07-01-preview
Condition none