AzRoleAdvertizer

last sync: 2024-Nov-25 18:54:42 UTC

Defender CSPM Storage Data Scanner

Azure BuiltIn RBAC Role definition

Name

Defender CSPM Storage Data Scanner

0b6ca2e8-2cdc-4bd6-b896-aa3d8c21fc35

Description

Grants access to read blobs and files. This role is used by the data scanner of Dfender CSPM.

CreatedOn

2024-10-16 15:31:49 UTC

UpdatedOn

2024-11-06 16:01:17 UTC

History

Date/Time (UTC ymd) (i)	Change	Change detail
2024-11-06 18:56:37	change: Actions, DataActions	Actions: 'add Microsoft.Storage/storageAccounts/blobServices/containers/read; add Microsoft.Storage/storageAccounts/fileServices/shares/read', DataActions: 'add Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read; add Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read'
2024-10-16 17:55:33	add: Role	0b6ca2e8-2cdc-4bd6-b896-aa3d8c21fc35

Permissions summary

Effective control plane and data plane operations: 4 (unique operations)
•read: 4

Actions: 2
Resolved control plane operations from Actions: 2
Effective control plane operations: 2
•read: 2

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16170

DataActions: 2
Resolved data plane operations: 2
Effective data plane operations: 2
•read: 2

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3301

Actions

Operation	Description
Microsoft.Storage/storageAccounts/blobServices/containers/read	Returns list of containers
Microsoft.Storage/storageAccounts/fileServices/shares/read	List file shares

NotActions

n/a

DataActions

Operation	Description
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read	Returns a blob or a list of blobs
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read	Returns a file/folder or a list of files/folders

NotDataActions

n/a

Used in
BuiltIn Policy

none

JSON

api-version=2023-07-01-preview

Condition

none