last sync: 2021-Jan-22 16:07:26 UTC

Azure RBAC Role definition

Key Vault Crypto User (preview)

NameKey Vault Crypto User (preview)
Microsoft docs
Id12338af0-0e69-4776-bea7-57ae8d297424
DescriptionPerform cryptographic operations using keys. Only works for key vaults that use the 'Azure role-based access control' permission model.
CreatedOn2020-05-19 17:52:47 UTC
UpdatedOn2020-08-28 21:56:36 UTC
History
Date/Time (UTC ymd) (i) Change Change detail
2020-05-19 20:42:36 add: Role 8af0-0e69-4776-bea7-57ae8d297424
Actions n/a
NotActions n/a
DataActions
Operation Description Used in other Roles
Microsoft.KeyVault/vaults/keys/backup/actionCreates the backup file of a key. The file can used to restore the key in a Key Vault of same subscription. Restrictions may apply. none
Microsoft.KeyVault/vaults/keys/decrypt/actionDecrypts ciphertext with a key. none
Microsoft.KeyVault/vaults/keys/encrypt/actionEncrypts plaintext with a key. Note that if the key is asymmetric, this operation can be performed by principals with read access. none
Microsoft.KeyVault/vaults/keys/readList keys in the specified vault, or read properties and public material of a key. For asymmetric keys, this operation exposes public key and includes ability to perform public key algorithms such as encrypt and verify signature. Private keys and symmetric keys are never exposed. Key Vault Crypto Service Encryption User (preview)
Microsoft.KeyVault/vaults/keys/sign/actionSigns a message digest (hash) with a key. none
Microsoft.KeyVault/vaults/keys/unwrap/actionUnwraps a symmetric key with a Key Vault key. Key Vault Crypto Service Encryption User (preview)
Microsoft.KeyVault/vaults/keys/update/actionUpdates the specified attributes associated with the given key. none
Microsoft.KeyVault/vaults/keys/verify/actionVerifies the signature of a message digest (hash) with a key. Note that if the key is asymmetric, this operation can be performed by principals with read access. none
Microsoft.KeyVault/vaults/keys/wrap/actionWraps a symmetric key with a Key Vault key. Note that if the Key Vault key is asymmetric, this operation can be performed by principals with read access. Key Vault Crypto Service Encryption User (preview)
NotDataActions n/a
Used in Policy none
Json
{
  "Name": "Key Vault Crypto User (preview)",
  "Id": "12338af0-0e69-4776-bea7-57ae8d297424",
  "IsCustom": false,
  "Description": "Perform cryptographic operations using keys. Only works for key vaults that use the 'Azure role-based access control' permission model.",
  "Actions": [
    
  ],
  "NotActions": [
    
  ],
  "DataActions": [
    "Microsoft.KeyVault/vaults/keys/read",
    "Microsoft.KeyVault/vaults/keys/update/action",
    "Microsoft.KeyVault/vaults/keys/backup/action",
    "Microsoft.KeyVault/vaults/keys/encrypt/action",
    "Microsoft.KeyVault/vaults/keys/decrypt/action",
    "Microsoft.KeyVault/vaults/keys/wrap/action",
    "Microsoft.KeyVault/vaults/keys/unwrap/action",
    "Microsoft.KeyVault/vaults/keys/sign/action",
    "Microsoft.KeyVault/vaults/keys/verify/action"
  ],
  "NotDataActions": [
    
  ],
  "AssignableScopes": [
    "/"
  ]
}