| Display name | Attribute Log Administrator | ||
|---|---|---|---|
| Id | 5b784334-f94b-471a-a387-e7219fc49ca2 | ||
| Description | Read audit logs and configure diagnostic settings for events related to custom security attributes. | ||
| Detailed description | Assign the Attribute Log Reader role to users who need to do the following tasks: * Read audit logs for attribute set changes * Read audit logs for custom security attribute definition changes * Read audit logs for custom security attribute assignment changes * Configure diagnostic settings for custom security attributes Users with this role *cannot* read audit logs for other events. By default, Global Administrator and other administrator roles do not have permissions to read audit logs for custom security attributes. To read audit logs for custom security attributes, you must be assigned this role or the Attribute Log Reader role. |
||
| Categories | identity | ||
| isPrivileged | False | ||
| EntraOps Tier Level | ControlPlane | ||
| #Resource Actions unique | 56 | ||
| #Resource Actions Operations unique | 56 | ||
| #Resource Actions privileged | 0 | ||
| #Resource Actions direct | 2 | ||
| Resource Actions inherited | True | ||
| #Resource Actions inherited | 54 | ||
| Resource Actions inherited from | Directory Readers (88d8e3e3-8f55-4a1e-953a-9b9898b8876b) | ||
| #Resource Actions overlap direct&inherited | 0 | ||
| Resource Actions overlap direct&inherited | |||
| #Resource Actions inherited to | 0 other Entra Id Roles | ||
| Resource Actions inherited to | n/a | ||
| #Resource Actions conditioned | 0 | ||
| #Resource Actions unconditioned | 56 | ||
| #NameSpaces | 2 | ||
| NameSpaces | microsoft.azure.customSecurityAttributeDiagnosticSettings: 1 microsoft.directory: 55 |
||
| Actions | allTasks: 1 read: 55 |
||
| Operations actionVerbs | GET: 55 n/a: 1 |
||
| Resource Actions where Consent Policy applies | 0 | ||
| Resource Actions / Consent Policy | n/a | ||
| JSON enriched |
|
||
| JSON raw (v1.0 endpoint) |
|
||
| JSON raw (beta endpoint) |
|