AzRoleAdvertizer

last sync: 2025-Apr-29 17:15:48 UTC

Azure Red Hat OpenShift Machine API Operator

Azure BuiltIn RBAC Role definition

Name

Azure Red Hat OpenShift Machine API Operator
Microsoft Learn

0358943c-7e01-48ba-8889-02cc51d78637

Description

Manage the lifecycle of specific-purpose custom resource definitions (CRD), controllers, and Azure RBAC objects that extend the Kubernetes API to declares the desired state of machines in a cluster.

Category

Containers
Microsoft Learn

CreatedOn

2024-01-30 16:11:37 UTC

UpdatedOn

2025-03-20 13:43:14 UTC

Permissions summary

Effective control plane and data plane operations: 35 (unique operations)
•action: 10
•delete: 5
•read: 14
•write: 6

Actions: 35
Resolved control plane operations from Actions: 35
Effective control plane operations: 35
•action: 10
•delete: 5
•read: 14
•write: 6

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16455

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3371

Actions

Operation	Description
Microsoft.Compute/availabilitySets/delete	Deletes the availability set
Microsoft.Compute/availabilitySets/read	Get the properties of an availability set
Microsoft.Compute/availabilitySets/write	Creates a new availability set or updates an existing one
Microsoft.Compute/capacityReservationGroups/deploy/action	Deploy a new VM/VMSS using Capacity Reservation Group
Microsoft.Compute/diskEncryptionSets/read	Get the properties of a disk encryption set
Microsoft.Compute/disks/delete	Deletes the Disk
Microsoft.Compute/galleries/images/versions/read	Gets the properties of Gallery Image Version
Microsoft.Compute/skus/read	Gets the list of Microsoft.Compute SKUs available for your Subscription
Microsoft.Compute/virtualMachines/delete	Deletes the virtual machine
Microsoft.Compute/virtualMachines/read	Get the properties of a virtual machine
Microsoft.Compute/virtualMachines/write	Creates a new virtual machine or updates an existing virtual machine
Microsoft.ManagedIdentity/userAssignedIdentities/assign/action	RBAC action for assigning an existing user assigned identity to a resource
Microsoft.Network/applicationSecurityGroups/joinNetworkSecurityRule/action	Joins a Security Rule to Application Security Groups. Not alertable.
Microsoft.Network/applicationSecurityGroups/read	Gets an Application Security Group ID.
Microsoft.Network/loadBalancers/backendAddressPools/join/action	Joins a load balancer backend address pool. Not Alertable.
Microsoft.Network/loadBalancers/frontendIPConfigurations/join/action	Joins a Load Balancer Frontend IP Configuration. Not alertable.
Microsoft.Network/loadBalancers/inboundNATRules/join/action	Joins a load balancer inbound nat rule. Not Alertable.
Microsoft.Network/loadBalancers/read	Gets a load balancer definition
Microsoft.Network/loadBalancers/write	Creates a load balancer or updates an existing load balancer
Microsoft.Network/networkInterfaces/delete	Deletes a network interface
Microsoft.Network/networkInterfaces/join/action	Joins a Virtual Machine to a network interface. Not Alertable.
Microsoft.Network/networkInterfaces/loadBalancers/read	Gets all the load balancers that the network interface is part of
Microsoft.Network/networkInterfaces/read	Gets a network interface definition.
Microsoft.Network/networkInterfaces/write	Creates a network interface or updates an existing network interface.
Microsoft.Network/networkSecurityGroups/join/action	Joins a network security group. Not Alertable.
Microsoft.Network/networkSecurityGroups/read	Gets a network security group definition
Microsoft.Network/networkSecurityGroups/write	Creates a network security group or updates an existing network security group
Microsoft.Network/publicIPAddresses/delete	Deletes a public Ip address.
Microsoft.Network/publicIPAddresses/join/action	Joins a public ip address. Not Alertable.
Microsoft.Network/publicIPAddresses/read	Gets a public ip address definition.
Microsoft.Network/publicIPAddresses/write	Creates a public Ip address or updates an existing public Ip address.
Microsoft.Network/routeTables/read	Gets a route table definition
Microsoft.Network/virtualNetworks/subnets/join/action	Joins a virtual network. Not Alertable.
Microsoft.Network/virtualNetworks/subnets/read	Gets a virtual network subnet definition
Microsoft.Resources/subscriptions/resourceGroups/read	Gets or lists resource groups.

NotActions

n/a

DataActions

n/a

NotDataActions

n/a

Used in
BuiltIn Policy

none

History

Date/Time (UTC ymd) (i)	Change	Change detail
2025-03-20 19:17:46	change: Actions	Actions: 'remove Microsoft.Network/virtualNetworks/delete; remove Microsoft.Network/virtualNetworks/read'
2025-03-11 18:29:19	change: DisplayName, Actions	New DisplayName: 'Azure Red Hat OpenShift Machine API Operator' Old DisplayName: 'Azure Red Hat OpenShift Machine API Operator Role', Actions: 'add Microsoft.Network/applicationSecurityGroups/joinNetworkSecurityRule/action; add Microsoft.Network/loadBalancers/frontendIPConfigurations/join/action; add Microsoft.Network/loadBalancers/inboundNATRules/join/action; add Microsoft.Network/networkSecurityGroups/join/action'
2024-10-03 17:51:55	change: DisplayName, Actions	New DisplayName: 'Azure Red Hat OpenShift Machine API Operator Role' Old DisplayName: 'Azure RedHat OpenShift Machine API Operator Role', Actions: 'add Microsoft.Compute/capacityReservationGroups/deploy/action'
2024-04-15 17:47:24	change: Actions	Actions: 'add Microsoft.Compute/availabilitySets/delete; add Microsoft.Compute/availabilitySets/read; add Microsoft.Compute/availabilitySets/write; add Microsoft.Compute/diskEncryptionSets/read; add Microsoft.Compute/disks/delete; add Microsoft.Compute/galleries/images/versions/read; add Microsoft.Compute/skus/read; add Microsoft.Compute/virtualMachines/delete; add Microsoft.Compute/virtualMachines/read; add Microsoft.Compute/virtualMachines/write; add Microsoft.ManagedIdentity/userAssignedIdentities/assign/action; add Microsoft.Network/applicationSecurityGroups/read; add Microsoft.Network/loadBalancers/backendAddressPools/join/action; add Microsoft.Network/loadBalancers/read; add Microsoft.Network/loadBalancers/write; add Microsoft.Network/networkInterfaces/delete; add Microsoft.Network/networkInterfaces/join/action; add Microsoft.Network/networkInterfaces/loadBalancers/read; add Microsoft.Network/networkInterfaces/read; add Microsoft.Network/networkInterfaces/write; add Microsoft.Network/networkSecurityGroups/read; add Microsoft.Network/networkSecurityGroups/write; add Microsoft.Network/publicIPAddresses/delete; add Microsoft.Network/publicIPAddresses/join/action; add Microsoft.Network/publicIPAddresses/read; add Microsoft.Network/publicIPAddresses/write; add Microsoft.Network/routeTables/read; add Microsoft.Network/virtualNetworks/delete; add Microsoft.Network/virtualNetworks/read; add Microsoft.Network/virtualNetworks/subnets/join/action; add Microsoft.Network/virtualNetworks/subnets/read'
2024-01-31 19:57:40	add: Role	0358943c-7e01-48ba-8889-02cc51d78637

JSON

api-version=2023-07-01-preview

Condition

none