AzRoleAdvertizer

last sync: 2024-Nov-25 18:54:42 UTC

Azure Container Storage Owner

Azure BuiltIn RBAC Role definition

NameAzure Container Storage Owner
Id95de85bd-744d-4664-9dde-11430bc34793
DescriptionLets you install Azure Container Storage and grants access to its storage resources
CreatedOn2024-03-06 18:39:55 UTC
UpdatedOn2024-03-28 20:02:49 UTC
History
Date/Time (UTC ymd) (i) Change Change detail
2024-05-02 17:48:17 add: Role 95de85bd-744d-4664-9dde-11430bc34793
Permissions summary Effective control plane and data plane operations: 78 (unique operations)
•action: 11
•delete: 9
•read: 48
•write: 10

Actions: 17
Resolved control plane operations from Actions: 78
Effective control plane operations: 78
•action: 11
•delete: 9
•read: 48
•write: 10

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16094

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3303
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Authorization/roleAssignments/delete conditionedDelete a role assignment at the specified scope.
Microsoft.Authorization/roleAssignments/write conditionedCreate a role assignment at the specified scope.
Microsoft.ElasticSan/elasticSans/*wildcarded / no description
Microsoft.ElasticSan/elasticSans/volumeGroups/*wildcarded / no description
Microsoft.ElasticSan/elasticSans/volumeGroups/volumes/*wildcarded / no description
Microsoft.ElasticSan/locations/*wildcarded / no description
Microsoft.ElasticSan/locations/asyncoperations/readPolls the status of an asynchronous operation.
Microsoft.KubernetesConfiguration/extensions/deleteDeletes extension instance resource.
Microsoft.KubernetesConfiguration/extensions/operations/readGets Async Operation status.
Microsoft.KubernetesConfiguration/extensions/readGets extension instance resource.
Microsoft.KubernetesConfiguration/extensions/writeCreates or updates extension resource.
Microsoft.Management/managementGroups/readList management groups for the authenticated user.
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/readRuft die Liste der Abonnements ab.
Microsoft.Resources/subscriptions/resourceGroups/readRuft Ressourcengruppen ab oder listet diese auf.
Microsoft.Support/*wildcarded / no description
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy		 none
JSON
api-version=2023-07-01-preview
Condition
    
    (
        (
            !
            (
                ActionMatches {
                'Microsoft.Authorization/roleAssignments/write'
                }
            )
        )
        OR
        (
            @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
            08d4c71a-cc63-4ce4-a9c8-5dd251b4d619 (Azure Container Storage Operator)
            }
        )
    )
    AND
    (
        (
            !
            (
                ActionMatches {
                'Microsoft.Authorization/roleAssignments/delete'
                }
            )
        )
        OR
        (
            @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
            08d4c71a-cc63-4ce4-a9c8-5dd251b4d619 (Azure Container Storage Operator)
            }
        )
    )