AzRoleAdvertizer

last sync: 2024-Nov-25 18:54:42 UTC

Kubernetes Cluster - Azure Arc Onboarding

Azure BuiltIn RBAC Role definition

Name

Kubernetes Cluster - Azure Arc Onboarding

34e09817-6cbe-4d01-b1a2-e0eac5743d41

Description

Role definition to authorize any user/service to create connectedClusters resource

CreatedOn

2019-11-18 17:00:02 UTC

UpdatedOn

2024-10-31 01:30:51 UTC

History

Date/Time (UTC ymd) (i)	Change	Change detail
2024-10-31 18:50:49	change: Actions	Actions: 'add Microsoft.KubernetesConfiguration/extensions/write; add Microsoft.KubernetesConfiguration/extensions/read; add Microsoft.KubernetesConfiguration/extensions/delete; add Microsoft.KubernetesConfiguration/extensions/operations/read'
2020-02-11 08:11:18	change: DisplayName	Old DisplayName: Kubernetes Cluster - Azure Arc Onborading
2019-12-13 11:23:49	change: DisplayName	Old DisplayName: Kubernetes Cluster - Azure Arc Onborading Role

Permissions summary

Effective control plane and data plane operations: 55 (unique operations)
•: 1
•Action: 6
•Delete: 2
•read: 41
•Write: 5

Actions: 13
Resolved control plane operations from Actions: 55
Effective control plane operations: 55
•: 1
•Action: 6
•Delete: 2
•read: 41
•Write: 5

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16117

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3303

Actions

Operation	Description
Microsoft.Authorization/*/read	wildcarded / no description
Microsoft.Insights/alertRules/*	wildcarded / no description
Microsoft.Kubernetes/connectedClusters/read	Read connectedClusters
Microsoft.Kubernetes/connectedClusters/Write	Writes connectedClusters
Microsoft.KubernetesConfiguration/extensions/delete	Deletes extension instance resource.
Microsoft.KubernetesConfiguration/extensions/operations/read	Gets Async Operation status.
Microsoft.KubernetesConfiguration/extensions/read	Gets extension instance resource.
Microsoft.KubernetesConfiguration/extensions/write	Creates or updates extension resource.
Microsoft.Resources/deployments/write	Erstellt oder aktualisiert eine Bereitstellung.
Microsoft.Resources/subscriptions/operationresults/read	Ruft die Ergebnisse des Abonnementvorgangs ab.
Microsoft.Resources/subscriptions/read	Ruft die Liste der Abonnements ab.
Microsoft.Resources/subscriptions/resourceGroups/read	Ruft Ressourcengruppen ab oder listet diese auf.
Microsoft.Support/*	wildcarded / no description

NotActions

n/a

DataActions

n/a

NotDataActions

n/a

Used in
BuiltIn Policy

Policy DisplayName	Policy Id	Category	State
Configure Azure Arc Private Link Scopes with private endpoints	d6eeba80-df61-4de5-8772-bc1b7852ba6b	Azure Arc	GA
Configure Azure Arc-enabled Kubernetes clusters to use an Azure Arc Private Link Scope	4002015b-1272-4dfb-8943-fed4aeec39b6	Azure Arc	GA

JSON

api-version=2023-07-01-preview

Condition

none