last sync: 2024-Apr-24 17:47:22 UTC

Storage Account Contributor

Azure BuiltIn RBAC Role definition

NameStorage Account Contributor
Id17d1049b-9a84-46fb-8f53-869881c3d3ab
DescriptionLets you manage storage accounts, including accessing storage account keys which provide full access to storage account data.
CreatedOn2015-06-02 00:18:27 UTC
UpdatedOn2021-11-11 20:13:54 UTC
Historynone
Permissions summary Effective control plane and data plane operations: 182 (unique operations)
•: 1
•Action: 40
•Delete: 20
•read: 85
•Write: 36

Actions: 9
Resolved control plane operations from Actions: 182
Effective control plane operations: 182
•: 1
•Action: 40
•Delete: 20
•read: 85
•Write: 36

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 15203

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3121
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.Insights/diagnosticSettings/*wildcarded / no description
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionJoins resource such as storage account or SQL database to a subnet. Not alertable.
Microsoft.ResourceHealth/availabilityStatuses/readGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Storage/storageAccounts/*wildcarded / no description
Microsoft.Support/*wildcarded / no description
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy
Policy DisplayName Policy Id Category State
Configure secure transfer of data on a storage account f81e3117-0093-4b17-8a60-82363134f0eb Storage GA
Configure SQL servers to have auditing enabled f4c68484-132f-41f9-9b6d-3e4b1cb55036 SQL GA
Configure Storage account to use a private link connection 9f766f00-8d11-464e-80e1-4091d7874074 Storage GA
Configure storage accounts to disable public network access a06d0189-92e8-4dba-b0c4-08d7669fce7d Storage GA
Configure Storage Accounts to restrict network access through network ACL bypass configuration only. 41a72361-06e3-4e80-832a-690bd0708bc1 VirtualEnclaves GA
Configure Synapse workspaces to have auditing enabled ac7891a4-ac7a-4ba0-9ae9-c923e5a225ee Synapse GA
Configure your Storage account public access to be disallowed 13502221-8df0-4414-9937-de9c5c4e396b Storage GA
Deploy Advanced Data Security on SQL servers 6134c3db-786f-471e-87bc-8f479dc890f6 SQL GA
Deploy Diagnostic Settings for Network Security Groups c9c29499-c1d1-4195-99bd-2ec9e3a9dc89 Monitoring GA
Modify - Configure your Storage account to enable blob versioning 978deb5d-c9a7-41f8-b4b2-b76880d0de1f Storage GA
JSON
api-version=2022-05-01-preview
Condition none