AzRoleAdvertizer

last sync: 2021-Jul-23 16:38:25 UTC

Azure RBAC Role definition

Key Vault Crypto User

Name Key Vault Crypto User
Microsoft docs

Id 12338af0-0e69-4776-bea7-57ae8d297424

Description Perform cryptographic operations using keys. Only works for key vaults that use the 'Azure role-based access control' permission model.

CreatedOn 2020-05-19 17:52:47 UTC

UpdatedOn 2021-01-27 23:18:47 UTC

History

Date/Time (UTC ymd) (i)	Change	Change detail
2020-05-19 20:42:36	add: Role	8af0-0e69-4776-bea7-57ae8d297424

Actions n/a

NotActions n/a

DataActions

Operation	Description	Used in other Roles
Microsoft.KeyVault/vaults/keys/backup/action	Creates the backup file of a key. The file can used to restore the key in a Key Vault of same subscription. Restrictions may apply.	none
Microsoft.KeyVault/vaults/keys/decrypt/action	Decrypts ciphertext with a key.	none
Microsoft.KeyVault/vaults/keys/encrypt/action	Encrypts plaintext with a key. Note that if the key is asymmetric, this operation can be performed by principals with read access.	none
Microsoft.KeyVault/vaults/keys/read	List keys in the specified vault, or read properties and public material of a key. For asymmetric keys, this operation exposes public key and includes ability to perform public key algorithms such as encrypt and verify signature. Private keys and symmetric keys are never exposed.	Key Vault Crypto Service Encryption User
Microsoft.KeyVault/vaults/keys/sign/action	Signs a message digest (hash) with a key.	none
Microsoft.KeyVault/vaults/keys/unwrap/action	Unwraps a symmetric key with a Key Vault key.	Key Vault Crypto Service Encryption User
Microsoft.KeyVault/vaults/keys/update/action	Updates the specified attributes associated with the given key.	none
Microsoft.KeyVault/vaults/keys/verify/action	Verifies the signature of a message digest (hash) with a key. Note that if the key is asymmetric, this operation can be performed by principals with read access.	none
Microsoft.KeyVault/vaults/keys/wrap/action	Wraps a symmetric key with a Key Vault key. Note that if the Key Vault key is asymmetric, this operation can be performed by principals with read access.	Key Vault Crypto Service Encryption User

NotDataActions n/a

Used in Policy none

JSON

{
  "Name": "Key Vault Crypto User",
  "Id": "12338af0-0e69-4776-bea7-57ae8d297424",
  "IsCustom": false,
  "Description": "Perform cryptographic operations using keys. Only works for key vaults that use the 'Azure role-based access control' permission model.",
  "Actions": [
    
  ],
  "NotActions": [
    
  ],
  "DataActions": [
    "Microsoft.KeyVault/vaults/keys/read",
    "Microsoft.KeyVault/vaults/keys/update/action",
    "Microsoft.KeyVault/vaults/keys/backup/action",
    "Microsoft.KeyVault/vaults/keys/encrypt/action",
    "Microsoft.KeyVault/vaults/keys/decrypt/action",
    "Microsoft.KeyVault/vaults/keys/wrap/action",
    "Microsoft.KeyVault/vaults/keys/unwrap/action",
    "Microsoft.KeyVault/vaults/keys/sign/action",
    "Microsoft.KeyVault/vaults/keys/verify/action"
  ],
  "NotDataActions": [
    
  ],
  "AssignableScopes": [
    "/"
  ]
}