AzRoleAdvertizer

last sync: 2024-Sep-19 17:51:49 UTC

Azure Red Hat OpenShift Machine API Operator Role

Azure BuiltIn RBAC Role definition

Name

Azure Red Hat OpenShift Machine API Operator Role

0358943c-7e01-48ba-8889-02cc51d78637

Description

Enables permissions for the operator to manage the lifecycle of specific purpose custom resource definitions (CRD), controllers, and RBAC objects that extend the Kubernetes API. This declares the desired state of machines in a cluster.

CreatedOn

2024-01-31 16:20:01 UTC

UpdatedOn

2024-07-31 16:34:05 UTC

History

Date/Time (UTC ymd) (i)	Change	Change detail
2024-04-15 17:47:24	change: Actions	Actions: 'add Microsoft.Compute/availabilitySets/delete; add Microsoft.Compute/availabilitySets/read; add Microsoft.Compute/availabilitySets/write; add Microsoft.Compute/diskEncryptionSets/read; add Microsoft.Compute/disks/delete; add Microsoft.Compute/galleries/images/versions/read; add Microsoft.Compute/skus/read; add Microsoft.Compute/virtualMachines/delete; add Microsoft.Compute/virtualMachines/read; add Microsoft.Compute/virtualMachines/write; add Microsoft.ManagedIdentity/userAssignedIdentities/assign/action; add Microsoft.Network/applicationSecurityGroups/read; add Microsoft.Network/loadBalancers/backendAddressPools/join/action; add Microsoft.Network/loadBalancers/read; add Microsoft.Network/loadBalancers/write; add Microsoft.Network/networkInterfaces/delete; add Microsoft.Network/networkInterfaces/join/action; add Microsoft.Network/networkInterfaces/loadBalancers/read; add Microsoft.Network/networkInterfaces/read; add Microsoft.Network/networkInterfaces/write; add Microsoft.Network/networkSecurityGroups/read; add Microsoft.Network/networkSecurityGroups/write; add Microsoft.Network/publicIPAddresses/delete; add Microsoft.Network/publicIPAddresses/join/action; add Microsoft.Network/publicIPAddresses/read; add Microsoft.Network/publicIPAddresses/write; add Microsoft.Network/routeTables/read; add Microsoft.Network/virtualNetworks/delete; add Microsoft.Network/virtualNetworks/read; add Microsoft.Network/virtualNetworks/subnets/join/action; add Microsoft.Network/virtualNetworks/subnets/read'
2024-01-31 19:57:40	add: Role	0358943c-7e01-48ba-8889-02cc51d78637

Permissions summary

Effective control plane and data plane operations: 32 (unique operations)
•action: 5
•delete: 6
•read: 15
•write: 6

Actions: 32
Resolved control plane operations from Actions: 32
Effective control plane operations: 32
•action: 5
•delete: 6
•read: 15
•write: 6

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 15763

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3259

Actions

Operation	Description
Microsoft.Compute/availabilitySets/delete	Deletes the availability set
Microsoft.Compute/availabilitySets/read	Get the properties of an availability set
Microsoft.Compute/availabilitySets/write	Creates a new availability set or updates an existing one
Microsoft.Compute/diskEncryptionSets/read	Get the properties of a disk encryption set
Microsoft.Compute/disks/delete	Deletes the Disk
Microsoft.Compute/galleries/images/versions/read	Gets the properties of Gallery Image Version
Microsoft.Compute/skus/read	Gets the list of Microsoft.Compute SKUs available for your Subscription
Microsoft.Compute/virtualMachines/delete	Deletes the virtual machine
Microsoft.Compute/virtualMachines/read	Get the properties of a virtual machine
Microsoft.Compute/virtualMachines/write	Creates a new virtual machine or updates an existing virtual machine
Microsoft.ManagedIdentity/userAssignedIdentities/assign/action	RBAC action for assigning an existing user assigned identity to a resource
Microsoft.Network/applicationSecurityGroups/read	Gets an Application Security Group ID.
Microsoft.Network/loadBalancers/backendAddressPools/join/action	Joins a load balancer backend address pool. Not Alertable.
Microsoft.Network/loadBalancers/read	Gets a load balancer definition
Microsoft.Network/loadBalancers/write	Creates a load balancer or updates an existing load balancer
Microsoft.Network/networkInterfaces/delete	Deletes a network interface
Microsoft.Network/networkInterfaces/join/action	Joins a Virtual Machine to a network interface. Not Alertable.
Microsoft.Network/networkInterfaces/loadBalancers/read	Gets all the load balancers that the network interface is part of
Microsoft.Network/networkInterfaces/read	Gets a network interface definition.
Microsoft.Network/networkInterfaces/write	Creates a network interface or updates an existing network interface.
Microsoft.Network/networkSecurityGroups/read	Gets a network security group definition
Microsoft.Network/networkSecurityGroups/write	Creates a network security group or updates an existing network security group
Microsoft.Network/publicIPAddresses/delete	Deletes a public Ip address.
Microsoft.Network/publicIPAddresses/join/action	Joins a public ip address. Not Alertable.
Microsoft.Network/publicIPAddresses/read	Gets a public ip address definition.
Microsoft.Network/publicIPAddresses/write	Creates a public Ip address or updates an existing public Ip address.
Microsoft.Network/routeTables/read	Gets a route table definition
Microsoft.Network/virtualNetworks/delete	Deletes a virtual network
Microsoft.Network/virtualNetworks/read	Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/join/action	Joins a virtual network. Not Alertable.
Microsoft.Network/virtualNetworks/subnets/read	Gets a virtual network subnet definition
Microsoft.Resources/subscriptions/resourceGroups/read	Gets or lists resource groups.

NotActions

n/a

DataActions

n/a

NotDataActions

n/a

Used in
BuiltIn Policy

none

JSON

api-version=2023-07-01-preview

Condition

none