last sync: 2020-Aug-05 13:05:28 UTC

Azure Role

Key Vault Crypto User (preview)

Role Name Key Vault Crypto User (preview)
Role Id 12338af0-0e69-4776-bea7-57ae8d297424
Role Description Can perform cryptographic operations on keys and certificates.
Role Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-05-19 20:42:36 add: Role 12338af0-0e69-4776-bea7-57ae8d297424
Actions
NotActions
DataActions
Operation Description Used in other Role(s)
Microsoft.KeyVault/vaults/keys/read List keys in the specified vault, or read properties and public material of a key. For asymmetric keys, this operation exposes public key and includes ability to perform public key algorithms such as encrypt and verify signature. Private keys and symmetric keys are never exposed. Key Vault Crypto Service Encryption (preview)
Microsoft.KeyVault/vaults/keys/update/action Updates the specified attributes associated with the given key.
Microsoft.KeyVault/vaults/keys/backup/action Create the backup file of a key. The file can used to restore the key in a Key Vault of same subscription. Restrictions may apply.
Microsoft.KeyVault/vaults/keys/encrypt/action Encrypt plaintext with a key. Note that if the key is asymmetric, this operation can be performed by principals with read access.
Microsoft.KeyVault/vaults/keys/decrypt/action Decrypt ciphertext with a key.
Microsoft.KeyVault/vaults/keys/wrap/action Wrap a symmetric key with a Key Vault key. Note that if the Key Vault key is asymmetric, this operation can be performed with read access. Key Vault Crypto Service Encryption (preview)
Microsoft.KeyVault/vaults/keys/unwrap/action Unwrap a symmetric key with a Key Vault key. Key Vault Crypto Service Encryption (preview)
Microsoft.KeyVault/vaults/keys/sign/action Sign a hash with a key.
Microsoft.KeyVault/vaults/keys/verify/action Verify a hash. Note that if the key is asymmetric, this operation can be performed by principals with read access.
NotDataActions
Used in Policy
Role Definition (Json)
{
  "Name": "Key Vault Crypto User (preview)",
  "Id": "12338af0-0e69-4776-bea7-57ae8d297424",
  "IsCustom": false,
  "Description": "Can perform cryptographic operations on keys and certificates.",
  "Actions": [
    
  ],
  "NotActions": [
    
  ],
  "DataActions": [
    "Microsoft.KeyVault/vaults/keys/read",
    "Microsoft.KeyVault/vaults/keys/update/action",
    "Microsoft.KeyVault/vaults/keys/backup/action",
    "Microsoft.KeyVault/vaults/keys/encrypt/action",
    "Microsoft.KeyVault/vaults/keys/decrypt/action",
    "Microsoft.KeyVault/vaults/keys/wrap/action",
    "Microsoft.KeyVault/vaults/keys/unwrap/action",
    "Microsoft.KeyVault/vaults/keys/sign/action",
    "Microsoft.KeyVault/vaults/keys/verify/action"
  ],
  "NotDataActions": [
    
  ],
  "AssignableScopes": [
    "/"
  ]
}