AzRoleAdvertizer

last sync: 2025-Apr-29 17:15:48 UTC

App Compliance Automation Administrator

Azure BuiltIn RBAC Role definition

NameApp Compliance Automation Administrator
Microsoft Learn
Id0f37683f-2463-46b6-9ce7-9b788b988ba2
DescriptionAllows managing App Compliance Automation tool for Microsoft 365
CategorySecurity
Microsoft Learn
CreatedOn2023-04-13 05:31:14 UTC
UpdatedOn2025-04-18 16:21:59 UTC
Permissions summary Effective control plane and data plane operations: 7136 (unique operations)
•action: 22
•delete: 6
•read: 7096
•write: 12

Actions: 28
Resolved control plane operations from Actions: 7136
Effective control plane operations: 7136
•action: 22
•delete: 6
•read: 7096
•write: 12

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 9354

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3371
Actions
Operation Description
*/readwildcarded / no description
Microsoft.AppComplianceAutomation/*wildcarded / no description
Microsoft.PolicyInsights/policyStates/queryResults/actionQuery information about policy states.
Microsoft.PolicyInsights/policyStates/triggerEvaluation/actionTriggers a new compliance evaluation for the selected scope.
Microsoft.Resources/deployments/validate/actionValidates an deployment.
Microsoft.Resources/deployments/writeCreates or updates an deployment.
Microsoft.Resources/resources/readGet the list of resources based upon filters.
Microsoft.Resources/subscriptions/readGets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/deleteDeletes a resource group and all its resources.
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Resources/subscriptions/resourceGroups/resources/readGets the resources for the resource group.
Microsoft.Resources/subscriptions/resourceGroups/writeCreates or updates a resource group.
Microsoft.Resources/subscriptions/resources/readGets resources of a subscription.
Microsoft.Resources/tags/readGets all the tags on a resource.
Microsoft.Security/automations/deleteDeletes the automation for the scope
Microsoft.Security/automations/readGets the automations for the scope
Microsoft.Security/automations/writeCreates or updates the automation for the scope
Microsoft.Security/register/actionRegisters the subscription for Azure Security Center
Microsoft.Security/unregister/actionUnregisters the subscription from Azure Security Center
Microsoft.Storage/storageAccounts/blobServices/containers/readReturns list of containers
Microsoft.Storage/storageAccounts/blobServices/containers/writeReturns the result of put blob container
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionReturns a user delegation key for the blob service
Microsoft.Storage/storageAccounts/blobServices/readReturns blob service properties or statistics
Microsoft.Storage/storageAccounts/blobServices/writeReturns the result of put blob service properties
Microsoft.Storage/storageAccounts/fileservices/writePut file service properties
Microsoft.Storage/storageAccounts/listKeys/actionReturns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/readReturns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Storage/storageAccounts/writeCreates a storage account with the specified parameters or update the properties or tags or adds custom domain for the specified storage account.
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy		 none
History
Date/Time (UTC ymd) (i) Change Change detail
2023-05-26 17:43:10 change: Actions Actions: 'add Microsoft.Security/automations/read; add Microsoft.Security/automations/delete; add Microsoft.Security/automations/write; add Microsoft.Security/register/action; add Microsoft.Security/unregister/action'
2023-05-17 17:42:19 change: Description, Actions New Description: 'Create, read, download, modify and delete reports objects and related other resource objects.'
Old Description: 'App Compliance Automation Administrator Role',
Actions: 'add */read'
2023-05-09 17:44:18 change: Actions Actions: 'add Microsoft.PolicyInsights/policyStates/queryResults/action; add Microsoft.PolicyInsights/policyStates/triggerEvaluation/action; add Microsoft.Resources/resources/read; add Microsoft.Resources/subscriptions/read; add Microsoft.Resources/subscriptions/resourceGroups/read; add Microsoft.Resources/subscriptions/resourceGroups/resources/read; add Microsoft.Resources/subscriptions/resources/read; add Microsoft.Resources/subscriptions/resourceGroups/delete; add Microsoft.Resources/subscriptions/resourceGroups/write; add Microsoft.Resources/tags/read; add Microsoft.Resources/deployments/validate/action; add Microsoft.Resources/deployments/write'
2023-04-24 17:40:59 change: Actions Actions: 'add Microsoft.Storage/storageAccounts/blobServices/write; add Microsoft.Storage/storageAccounts/fileservices/write; add Microsoft.Storage/storageAccounts/listKeys/action; add Microsoft.Storage/storageAccounts/write; add Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action; add Microsoft.Storage/storageAccounts/read; add Microsoft.Storage/storageAccounts/blobServices/containers/read; add Microsoft.Storage/storageAccounts/blobServices/containers/write; add Microsoft.Storage/storageAccounts/blobServices/read'
2023-04-14 17:43:17 add: Role 0f37683f-2463-46b6-9ce7-9b788b988ba2
JSON
api-version=2023-07-01-preview
Condition none