AzRoleAdvertizer

last sync: 2024-Sep-19 17:51:49 UTC

Azure Kubernetes Service RBAC Admin

Azure BuiltIn RBAC Role definition

NameAzure Kubernetes Service RBAC Admin
Id3498e952-d568-435e-9b2c-8d77e338d7f7
DescriptionLets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.
CreatedOn2020-07-02 17:50:30 UTC
UpdatedOn2023-05-09 20:10:39 UTC
History
Date/Time (UTC ymd) (i) Change Change detail
2023-05-10 17:43:09 change: DataActions, NotDataActions DataActions: 'remove Microsoft.ContainerService/managedClusters/apps/controllerrevisions/read; remove Microsoft.ContainerService/managedClusters/apps/daemonsets/*; remove Microsoft.ContainerService/managedClusters/apps/deployments/*; remove Microsoft.ContainerService/managedClusters/apps/replicasets/*; remove Microsoft.ContainerService/managedClusters/apps/statefulsets/*; remove Microsoft.ContainerService/managedClusters/authorization.k8s.io/localsubjectaccessreviews/write; remove Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/*; remove Microsoft.ContainerService/managedClusters/batch/cronjobs/*; remove Microsoft.ContainerService/managedClusters/batch/jobs/*; remove Microsoft.ContainerService/managedClusters/configmaps/*; remove Microsoft.ContainerService/managedClusters/coordination.k8s.io/leases/read; remove Microsoft.ContainerService/managedClusters/coordination.k8s.io/leases/write; remove Microsoft.ContainerService/managedClusters/coordination.k8s.io/leases/delete; remove Microsoft.ContainerService/managedClusters/discovery.k8s.io/endpointslices/read; remove Microsoft.ContainerService/managedClusters/endpoints/*; remove Microsoft.ContainerService/managedClusters/events.k8s.io/events/read; remove Microsoft.ContainerService/managedClusters/events/*; remove Microsoft.ContainerService/managedClusters/extensions/daemonsets/*; remove Microsoft.ContainerService/managedClusters/extensions/deployments/*; remove Microsoft.ContainerService/managedClusters/extensions/ingresses/*; remove Microsoft.ContainerService/managedClusters/extensions/networkpolicies/*; remove Microsoft.ContainerService/managedClusters/extensions/replicasets/*; remove Microsoft.ContainerService/managedClusters/limitranges/read; remove Microsoft.ContainerService/managedClusters/metrics.k8s.io/pods/read; remove Microsoft.ContainerService/managedClusters/metrics.k8s.io/nodes/read; remove Microsoft.ContainerService/managedClusters/namespaces/read; remove Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/*; remove Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/*; remove Microsoft.ContainerService/managedClusters/persistentvolumeclaims/*; remove Microsoft.ContainerService/managedClusters/pods/*; remove Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/*; remove Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/rolebindings/*; remove Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/roles/*; remove Microsoft.ContainerService/managedClusters/replicationcontrollers/*; remove Microsoft.ContainerService/managedClusters/resourcequotas/read; remove Microsoft.ContainerService/managedClusters/secrets/*; remove Microsoft.ContainerService/managedClusters/serviceaccounts/*; remove Microsoft.ContainerService/managedClusters/services/*; add Microsoft.ContainerService/managedClusters/*',
NotDataActions: 'add Microsoft.ContainerService/managedClusters/resourcequotas/write; add Microsoft.ContainerService/managedClusters/resourcequotas/delete; add Microsoft.ContainerService/managedClusters/namespaces/write; add Microsoft.ContainerService/managedClusters/namespaces/delete'
2023-05-08 17:44:42 change: DataActions, NotDataActions DataActions: 'remove Microsoft.ContainerService/managedClusters/*; add Microsoft.ContainerService/managedClusters/apps/controllerrevisions/read; add Microsoft.ContainerService/managedClusters/apps/daemonsets/*; add Microsoft.ContainerService/managedClusters/apps/deployments/*; add Microsoft.ContainerService/managedClusters/apps/replicasets/*; add Microsoft.ContainerService/managedClusters/apps/statefulsets/*; add Microsoft.ContainerService/managedClusters/authorization.k8s.io/localsubjectaccessreviews/write; add Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/*; add Microsoft.ContainerService/managedClusters/batch/cronjobs/*; add Microsoft.ContainerService/managedClusters/batch/jobs/*; add Microsoft.ContainerService/managedClusters/configmaps/*; add Microsoft.ContainerService/managedClusters/coordination.k8s.io/leases/read; add Microsoft.ContainerService/managedClusters/coordination.k8s.io/leases/write; add Microsoft.ContainerService/managedClusters/coordination.k8s.io/leases/delete; add Microsoft.ContainerService/managedClusters/discovery.k8s.io/endpointslices/read; add Microsoft.ContainerService/managedClusters/endpoints/*; add Microsoft.ContainerService/managedClusters/events.k8s.io/events/read; add Microsoft.ContainerService/managedClusters/events/*; add Microsoft.ContainerService/managedClusters/extensions/daemonsets/*; add Microsoft.ContainerService/managedClusters/extensions/deployments/*; add Microsoft.ContainerService/managedClusters/extensions/ingresses/*; add Microsoft.ContainerService/managedClusters/extensions/networkpolicies/*; add Microsoft.ContainerService/managedClusters/extensions/replicasets/*; add Microsoft.ContainerService/managedClusters/limitranges/read; add Microsoft.ContainerService/managedClusters/metrics.k8s.io/pods/read; add Microsoft.ContainerService/managedClusters/metrics.k8s.io/nodes/read; add Microsoft.ContainerService/managedClusters/namespaces/read; add Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/*; add Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/*; add Microsoft.ContainerService/managedClusters/persistentvolumeclaims/*; add Microsoft.ContainerService/managedClusters/pods/*; add Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/*; add Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/rolebindings/*; add Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/roles/*; add Microsoft.ContainerService/managedClusters/replicationcontrollers/*; add Microsoft.ContainerService/managedClusters/resourcequotas/read; add Microsoft.ContainerService/managedClusters/secrets/*; add Microsoft.ContainerService/managedClusters/serviceaccounts/*; add Microsoft.ContainerService/managedClusters/services/*',
NotDataActions: 'remove Microsoft.ContainerService/managedClusters/resourcequotas/write; remove Microsoft.ContainerService/managedClusters/resourcequotas/delete; remove Microsoft.ContainerService/managedClusters/namespaces/write; remove Microsoft.ContainerService/managedClusters/namespaces/delete'
2022-10-13 16:34:55 change: Actions Actions: 'remove Microsoft.Insights/alertRules/*; remove Microsoft.Resources/deployments/write; remove Microsoft.Support/*'
2020-07-03 14:58:03 add: Role 3498e952-d568-435e-9b2c-8d77e338d7f7
Permissions summary Effective control plane and data plane operations: 371 (unique operations)
•action: 11
•delete: 66
•read: 222
•write: 72

Actions: 5
Resolved control plane operations from Actions: 31
Effective control plane operations: 31
•action: 1
•read: 30

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 15764

DataActions: 1
Resolved data plane operations: 344
Effective data plane operations: 340
•action: 10
•delete: 66
•read: 192
•write: 72

NotDataActions: 4
Resolved data plane operations from NotDataActions: 4
Effective denied data plane operations: 2919
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionList the clusterUser credential of a managed cluster
Microsoft.Resources/subscriptions/operationresults/readGet the subscription operation results.
Microsoft.Resources/subscriptions/readGets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
NotActions n/a
DataActions
Operation Description
Microsoft.ContainerService/managedClusters/*wildcarded / no description
NotDataActions
Operation Description
Microsoft.ContainerService/managedClusters/namespaces/deleteDeletes namespaces
Microsoft.ContainerService/managedClusters/namespaces/writeWrites namespaces
Microsoft.ContainerService/managedClusters/resourcequotas/deleteDeletes resourcequotas
Microsoft.ContainerService/managedClusters/resourcequotas/writeWrites resourcequotas
Used in
BuiltIn Policy		 none
JSON
api-version=2023-07-01-preview
Condition none