last sync: 2024-Jun-14 18:20:25 UTC

Key Vault Administrator

Azure BuiltIn RBAC Role definition

NameKey Vault Administrator
DescriptionPerform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets. Cannot manage key vault resources or manage role assignments. Only works for key vaults that use the 'Azure role-based access control' permission model.
CreatedOn2020-05-19 17:52:46 UTC
UpdatedOn2021-11-11 20:14:30 UTC
Date/Time (UTC ymd) (i) Change Change detail
2020-05-19 20:42:36 add: Role 00482a5a-887f-4fb3-b363-3b7fe8e74483
Permissions summary Effective control plane and data plane operations: 125 (unique operations)
•: 1
•Action: 47
•Delete: 8
•read: 63
•Write: 6

Actions: 10
Resolved control plane operations from Actions: 74
Effective control plane operations: 74
•: 1
•Action: 10
•Delete: 2
•read: 58
•Write: 3

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 15605

DataActions: 1
Resolved data plane operations: 52
Effective data plane operations: 52
•action: 37
•delete: 6
•read: 6
•write: 3

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3115
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.KeyVault/checkNameAvailability/readChecks that a key vault name is valid and is not in use
Microsoft.KeyVault/deletedVaults/readView the properties of soft deleted key vaults
Microsoft.KeyVault/locations/*/readwildcarded / no description
Microsoft.KeyVault/operations/readLists operations available on Microsoft.KeyVault resource provider
Microsoft.KeyVault/vaults/*/readwildcarded / no description
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Support/*wildcarded / no description
NotActions n/a
Operation Description
Microsoft.KeyVault/vaults/*wildcarded / no description
NotDataActions n/a
Used in
BuiltIn Policy
Condition none