AzRoleAdvertizer

last sync: 2024-Aug-15 18:18:54 UTC

PostgreSQL Flexible Management Service Contributor

Azure BuiltIn RBAC Role definition

Name

PostgreSQL Flexible Management Service Contributor

a60b64c0-1adf-4051-956a-78f3ae578c7d

Description

Create, read, modify, and delete required resources objects to be used by Azure PostgreSQL Flexible servers.

CreatedOn

2024-08-06 15:15:42 UTC

UpdatedOn

2024-08-06 15:15:42 UTC

History

Date/Time (UTC ymd) (i)	Change	Change detail
2024-08-06 18:20:07	add: Role	a60b64c0-1adf-4051-956a-78f3ae578c7d

Permissions summary

Effective control plane and data plane operations: 168 (unique operations)
•: 1
•action: 28
•delete: 24
•read: 88
•write: 27

Actions: 131
Resolved control plane operations from Actions: 168
Effective control plane operations: 168
•: 1
•action: 28
•delete: 24
•read: 88
•write: 27

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 15433

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3240

Actions

Operation	Description
Microsoft.Authorization/*/read	wildcarded / no description
Microsoft.Compute/diskEncryptionSets/*	wildcarded / no description
Microsoft.Compute/diskEncryptionSets/delete	Delete a disk encryption set
Microsoft.Compute/diskEncryptionSets/read	Get the properties of a disk encryption set
Microsoft.Compute/diskEncryptionSets/write	Create a new disk encryption set or update an existing one
Microsoft.Compute/disks/beginGetAccess/action	Get the SAS URI of the Disk for blob access
Microsoft.Compute/disks/delete	Deletes the Disk
Microsoft.Compute/disks/endGetAccess/action	Revoke the SAS URI of the Disk
Microsoft.Compute/disks/read	Get the properties of a Disk
Microsoft.Compute/disks/write	Creates a new Disk or updates an existing one
Microsoft.Compute/galleries/images/versions/read	Gets the properties of Gallery Image Version
Microsoft.Compute/locations/DiskOperations/read	Gets the status of an asynchronous Disk operation
Microsoft.Compute/locations/operations/read	Gets the status of an asynchronous operation
Microsoft.Compute/locations/usages/read	Gets service limits and current usage quantities for the subscription's compute resources in a location
Microsoft.Compute/skus/read	Gets the list of Microsoft.Compute SKUs available for your Subscription
Microsoft.Compute/snapshots/beginGetAccess/action	Get the SAS URI of the Snapshot for blob access
Microsoft.Compute/snapshots/delete	Delete a Snapshot
Microsoft.Compute/snapshots/endGetAccess/action	Revoke the SAS URI of the Snapshot
Microsoft.Compute/snapshots/read	Get the properties of a Snapshot
Microsoft.Compute/snapshots/write	Create a new Snapshot or update an existing one
Microsoft.Compute/virtualMachines/deallocate/action	Powers off the virtual machine and releases the compute resources
Microsoft.Compute/virtualMachines/delete	Deletes the virtual machine
Microsoft.Compute/virtualMachines/extensions/delete	Deletes the virtual machine extension
Microsoft.Compute/virtualMachines/extensions/read	Get the properties of a virtual machine extension
Microsoft.Compute/virtualMachines/extensions/write	Creates a new virtual machine extension or updates an existing one
Microsoft.Compute/virtualMachines/powerOff/action	Powers off the virtual machine. Note that the virtual machine will continue to be billed.
Microsoft.Compute/virtualMachines/read	Get the properties of a virtual machine
Microsoft.Compute/virtualMachines/restart/action	Restarts the virtual machine
Microsoft.Compute/virtualMachines/runCommand/action	Executes a predefined script on the virtual machine
Microsoft.Compute/virtualMachines/start/action	Starts the virtual machine
Microsoft.Compute/virtualMachines/write	Creates a new virtual machine or updates an existing virtual machine
Microsoft.DocumentDB/databaseAccounts/read	Reads a database account.
Microsoft.Insights/alertRules/*	wildcarded / no description
Microsoft.Insights/diagnosticSettings/read	Read a resource diagnostic setting
microsoft.insights/diagnosticSettings/write	Create or update a resource diagnostic setting
microsoft.insights/metrics/read	Read metrics
Microsoft.KeyVault/vaults/delete	Deletes a key vault
Microsoft.KeyVault/vaults/deploy/action	Enables access to secrets in a key vault when deploying Azure resources
Microsoft.KeyVault/vaults/read	View the properties of a key vault
Microsoft.KeyVault/vaults/write	Creates a new key vault or updates the properties of an existing key vault. Certain properties may require more permissions.
Microsoft.ManagedIdentity/userAssignedIdentities/assign/action	RBAC action for assigning an existing user assigned identity to a resource
Microsoft.ManagedIdentity/userAssignedIdentities/delete	Deletes an existing user assigned identity
Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/read	Get or list Federated Identity Credentials
Microsoft.ManagedIdentity/userAssignedIdentities/read	Gets an existing user assigned identity
Microsoft.ManagedIdentity/userAssignedIdentities/write	Creates a new user assigned identity or updates the tags associated with an existing user assigned identity
Microsoft.Network/loadBalancers/backendAddressPools/backendPoolAddresses/read	Lists the backend addresses of the Load Balancer backend address pool
Microsoft.Network/loadBalancers/backendAddressPools/delete	Deletes a load balancer backend address pool
Microsoft.Network/loadBalancers/backendAddressPools/health/action	Get Health Details of Backend Instance
Microsoft.Network/loadBalancers/backendAddressPools/join/action	Joins a load balancer backend address pool. Not Alertable.
Microsoft.Network/loadBalancers/backendAddressPools/read	Gets a load balancer backend address pool definition
Microsoft.Network/loadBalancers/backendAddressPools/write	Creates a load balancer backend address pool or updates an existing load balancer backend address pool
Microsoft.Network/loadBalancers/delete	Deletes a load balancer
Microsoft.Network/loadBalancers/inboundNatRules/delete	Deletes a load balancer inbound nat rule
Microsoft.Network/loadBalancers/inboundNatRules/join/action	Joins a load balancer inbound nat rule. Not Alertable.
Microsoft.Network/loadBalancers/inboundNatRules/read	Gets a load balancer inbound nat rule definition
Microsoft.Network/loadBalancers/inboundNatRules/write	Creates a load balancer inbound nat rule or updates an existing load balancer inbound nat rule
Microsoft.Network/loadBalancers/loadBalancingRules/read	Gets a load balancer load balancing rule definition
Microsoft.Network/loadBalancers/outboundRules/read	Gets a load balancer outbound rule definition
Microsoft.Network/loadBalancers/probes/read	Gets a load balancer probe
Microsoft.Network/loadBalancers/read	Gets a load balancer definition
Microsoft.Network/loadBalancers/write	Creates a load balancer or updates an existing load balancer
Microsoft.Network/locations/operationResults/read	Gets operation result of an async POST or DELETE operation
Microsoft.Network/locations/operations/read	Gets operation resource that represents status of an asynchronous operation
Microsoft.Network/locations/serviceTags/read	Get Service Tags
Microsoft.Network/locations/supportedVirtualMachineSizes/read	Gets supported virtual machines sizes
Microsoft.Network/locations/usages/read	Gets the resources usage metrics
Microsoft.Network/networkInterfaces/delete	Deletes a network interface
Microsoft.Network/networkInterfaces/join/action	Joins a Virtual Machine to a network interface. Not Alertable.
Microsoft.Network/networkInterfaces/read	Gets a network interface definition.
Microsoft.Network/networkInterfaces/write	Creates a network interface or updates an existing network interface.
Microsoft.Network/networkSecurityGroups/delete	Deletes a network security group
Microsoft.Network/networkSecurityGroups/join/action	Joins a network security group. Not Alertable.
Microsoft.Network/networkSecurityGroups/read	Gets a network security group definition
Microsoft.Network/networkSecurityGroups/securityRules/read	Gets a security rule definition
Microsoft.Network/networkSecurityGroups/write	Creates a network security group or updates an existing network security group
Microsoft.Network/networkWatchers/read	Get the network watcher definition
Microsoft.Network/privateDnsOperationStatuses/read	Gets status of a Private DNS operation
Microsoft.Network/privateDnsZones/delete	Delete a Private DNS zone.
Microsoft.Network/privateDnsZones/read	Get the Private DNS zone properties, in JSON format. Note that this command does not retrieve the virtual networks to which the Private DNS zone is linked or the record sets contained within the zone.
Microsoft.Network/privateDnsZones/write	Create or update a Private DNS zone within a resource group. Note that this command cannot be used to create or update virtual network links or record sets within the zone.
Microsoft.Network/publicIPAddresses/delete	Deletes a public Ip address.
Microsoft.Network/publicIPAddresses/join/action	Joins a public ip address. Not Alertable.
Microsoft.Network/publicIPAddresses/read	Gets a public ip address definition.
Microsoft.Network/publicIPAddresses/write	Creates a public Ip address or updates an existing public Ip address.
Microsoft.Network/virtualNetworks/delete	Deletes a virtual network
Microsoft.Network/virtualNetworks/read	Get the virtual network definition
Microsoft.Network/virtualNetworks/remoteVirtualNetworkPeeringProxies/delete	no description given
Microsoft.Network/virtualNetworks/remoteVirtualNetworkPeeringProxies/write	no description given
Microsoft.Network/virtualNetworks/subnets/delete	Deletes a virtual network subnet
Microsoft.Network/virtualNetworks/subnets/join/action	Joins a virtual network. Not Alertable.
Microsoft.Network/virtualNetworks/subnets/read	Gets a virtual network subnet definition
Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/delete	no description given
Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/Details/read	no description given
Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/read	no description given
Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/validate/action	no description given
Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/write	no description given
Microsoft.Network/virtualNetworks/subnets/write	Creates a virtual network subnet or updates an existing virtual network subnet
Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete	Deletes a virtual network peering
Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read	Gets a virtual network peering definition
Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write	Creates a virtual network peering or updates an existing virtual network peering
Microsoft.Network/virtualNetworks/write	Creates a virtual network or updates an existing virtual network
Microsoft.Resources/deployments/*	wildcarded / no description
Microsoft.Resources/deployments/operations/read	Gets or lists deployment operations.
Microsoft.Resources/deployments/read	Gets or lists deployments.
Microsoft.Resources/subscriptions/providers/read	Gets or lists resource providers.
Microsoft.Resources/subscriptions/resourcegroups/read	Gets or lists resource groups.
Microsoft.Resources/subscriptions/resourceGroups/read	Gets or lists resource groups.
Microsoft.Resources/subscriptions/resourcegroups/write	Creates or updates a resource group.
Microsoft.Security/assessments/read	Get security assessments on your subscription
Microsoft.Storage/locations/usages/read	Returns the limit and the current usage count for resources in the specified subscription
Microsoft.Storage/operations/read	Polls the status of an asynchronous operation.
Microsoft.Storage/skus/read	Lists the Skus supported by Microsoft.Storage.
Microsoft.Storage/storageAccounts/blobServices/containers/delete	Returns the result of deleting a container
Microsoft.Storage/storageAccounts/blobServices/containers/read	Returns list of containers
Microsoft.Storage/storageAccounts/blobServices/containers/write	Returns the result of put blob container
Microsoft.Storage/storageAccounts/blobServices/read	Returns blob service properties or statistics
Microsoft.Storage/storageAccounts/delete	Deletes an existing storage account.
Microsoft.Storage/storageAccounts/fileservices/read	Get file service properties
Microsoft.Storage/storageAccounts/fileServices/shares/read	List file shares
Microsoft.Storage/storageAccounts/listKeys/action	Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/managementPolicies/delete	Delete storage account management policies
Microsoft.Storage/storageAccounts/managementPolicies/read	Get storage management account policies
Microsoft.Storage/storageAccounts/managementPolicies/write	Put storage account management policies
Microsoft.Storage/storageAccounts/privateEndpointConnections/read	Get Private Endpoint Connection
Microsoft.Storage/storageAccounts/queueServices/queues/read	Returns a queue or a list of queues.
Microsoft.Storage/storageAccounts/read	Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Storage/storageAccounts/regenerateKey/action	Regenerates the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/sharedIdentities/read	no description given
Microsoft.Storage/storageAccounts/sharedIdentities/write	no description given
Microsoft.Storage/storageAccounts/tableServices/tables/read	Query tables
Microsoft.Storage/storageAccounts/write	Creates a storage account with the specified parameters or update the properties or tags or adds custom domain for the specified storage account.

NotActions

n/a

DataActions

n/a

NotDataActions

n/a

Used in
BuiltIn Policy

none

JSON

api-version=2023-07-01-preview

Condition

    (
        (
            !
            (
                ActionMatches {
                'Microsoft.Authorization/roleAssignments/write'
                }
            )
        )
        OR
        (
            @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
            ba92f5b4-2d11-453d-a403-e96b0029c9fe (Storage Blob Data Contributor),
            c12c1c16-33a1-487b-954d-41c89c60f349 (Reader and Data Access)
            }
        )
    )
    AND
    (
        (
            !
            (
                ActionMatches {
                'Microsoft.Authorization/roleAssignments/delete'
                }
            )
        )
        OR
        (
            @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
            ba92f5b4-2d11-453d-a403-e96b0029c9fe (Storage Blob Data Contributor),
            c12c1c16-33a1-487b-954d-41c89c60f349 (Reader and Data Access)
            }
        )
    )