AzRoleAdvertizer

last sync: 2024-Nov-25 18:54:42 UTC

LocalNGFirewallAdministrator role

Azure BuiltIn RBAC Role definition

Name

LocalNGFirewallAdministrator role

a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2

Description

Allows user to create, modify, describe, or delete NGFirewalls.

CreatedOn

2023-02-03 11:42:56 UTC

UpdatedOn

2023-03-13 15:13:22 UTC

History

Date/Time (UTC ymd) (i)	Change	Change detail
2023-03-14 18:45:47	change: Actions	Actions: 'add Microsoft.OperationalInsights/workspaces/write; add Microsoft.OperationalInsights/workspaces/sharedKeys/read; add Microsoft.OperationalInsights/workspaces/read; add Microsoft.Network/virtualNetworks/read; add Microsoft.Network/virtualNetworks/subnets/join/action; add Microsoft.Network/publicIPAddresses/write; add Microsoft.Network/publicIPAddresses/read; add Microsoft.Network/publicIPAddresses/join/action; add Microsoft.Network/networkVirtualAppliances/read; add Microsoft.Network/networkVirtualAppliances/write; add Microsoft.Network/networkVirtualAppliances/delete; add Microsoft.Network/virtualHubs/read; add Microsoft.Network/virtualWans/read; add Microsoft.Network/virtualWans/virtualHubs/read; add Microsoft.Network/networkSecurityGroups/read; add Microsoft.Network/networkSecurityGroups/join/action'
2023-02-22 18:54:52	change: Actions	Actions: 'add Microsoft.Insights/metrics/read; add Microsoft.Insights/metricDefinitions/read; add Microsoft.Support/*'
2023-02-13 18:41:36	add: Role	a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2

Permissions summary

Effective control plane and data plane operations: 83 (unique operations)
•: 1
•Action: 16
•Delete: 4
•read: 55
•Write: 7

Actions: 28
Resolved control plane operations from Actions: 83
Effective control plane operations: 83
•: 1
•Action: 16
•Delete: 4
•read: 55
•Write: 7

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16089

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3303

Actions

Operation	Description
Microsoft.Authorization/*/read	wildcarded / no description
Microsoft.Insights/alertRules/*	wildcarded / no description
Microsoft.Insights/metricDefinitions/read	Read metric definitions
Microsoft.Insights/metrics/read	Read metrics
Microsoft.Network/networkSecurityGroups/join/action	Joins a network security group. Not Alertable.
Microsoft.Network/networkSecurityGroups/read	Gets a network security group definition
Microsoft.Network/networkVirtualAppliances/delete	Delete a Network Virtual Appliance
Microsoft.Network/networkVirtualAppliances/read	Get a Network Virtual Appliance
Microsoft.Network/networkVirtualAppliances/write	Create or update a Network Virtual Appliance
Microsoft.Network/publicIPAddresses/join/action	Joins a public ip address. Not Alertable.
Microsoft.Network/publicIPAddresses/read	Gets a public ip address definition.
Microsoft.Network/publicIPAddresses/write	Creates a public Ip address or updates an existing public Ip address.
Microsoft.Network/virtualHubs/read	Get a Virtual Hub
Microsoft.Network/virtualNetworks/read	Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/join/action	Joins a virtual network. Not Alertable.
Microsoft.Network/virtualWans/read	Get a Virtual Wan
Microsoft.Network/virtualWans/virtualHubs/read	Gets all Virtual Hubs that reference a Virtual Wan.
Microsoft.OperationalInsights/workspaces/read	Gets an existing workspace
Microsoft.OperationalInsights/workspaces/sharedKeys/read	Retrieves the shared keys for the workspace. These keys are used to connect Microsoft Operational Insights agents to the workspace.
Microsoft.OperationalInsights/workspaces/write	Creates a new workspace or links to an existing workspace by providing the customer id from the existing workspace.
Microsoft.ResourceHealth/availabilityStatuses/read	Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*	wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/read	Ruft Ressourcengruppen ab oder listet diese auf.
Microsoft.Support/*	wildcarded / no description
PaloAltoNetworks.Cloudngfw/firewalls/*	wildcarded / no description
PaloAltoNetworks.Cloudngfw/globalRulestacks/read	no description given
PaloAltoNetworks.Cloudngfw/localRulestacks/read	no description given
PaloAltoNetworks.Cloudngfw/Locations/operationStatuses/read	no description given

NotActions

n/a

DataActions

n/a

NotDataActions

n/a

Used in
BuiltIn Policy

none

JSON

api-version=2023-07-01-preview

Condition

none