last sync: 2024-Jul-16 18:17:52 UTC

Storage Account Contributor

Azure BuiltIn RBAC Role definition

NameStorage Account Contributor
DescriptionLets you manage storage accounts, including accessing storage account keys which provide full access to storage account data.
CreatedOn2015-06-02 00:18:27 UTC
UpdatedOn2021-11-11 20:13:54 UTC
Permissions summary Effective control plane and data plane operations: 182 (unique operations)
•: 1
•Action: 40
•Delete: 20
•read: 85
•Write: 36

Actions: 9
Resolved control plane operations from Actions: 182
Effective control plane operations: 182
•: 1
•Action: 40
•Delete: 20
•read: 85
•Write: 36

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 15408

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3217
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.Insights/diagnosticSettings/*wildcarded / no description
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionJoins resource such as storage account or SQL database to a subnet. Not alertable.
Microsoft.ResourceHealth/availabilityStatuses/readGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Storage/storageAccounts/*wildcarded / no description
Microsoft.Support/*wildcarded / no description
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy
Policy DisplayName Policy Id Category State
Configure secure transfer of data on a storage account f81e3117-0093-4b17-8a60-82363134f0eb Storage GA
Configure SQL servers to have auditing enabled f4c68484-132f-41f9-9b6d-3e4b1cb55036 SQL GA
Configure Storage account to use a private link connection 9f766f00-8d11-464e-80e1-4091d7874074 Storage GA
Configure storage accounts to disable public network access a06d0189-92e8-4dba-b0c4-08d7669fce7d Storage GA
Configure Storage Accounts to restrict network access through network ACL bypass configuration only. 41a72361-06e3-4e80-832a-690bd0708bc1 VirtualEnclaves GA
Configure Synapse workspaces to have auditing enabled ac7891a4-ac7a-4ba0-9ae9-c923e5a225ee Synapse GA
Configure your Storage account public access to be disallowed 13502221-8df0-4414-9937-de9c5c4e396b Storage GA
Deploy Advanced Data Security on SQL servers 6134c3db-786f-471e-87bc-8f479dc890f6 SQL GA
Deploy Diagnostic Settings for Network Security Groups c9c29499-c1d1-4195-99bd-2ec9e3a9dc89 Monitoring GA
Modify - Configure your Storage account to enable blob versioning 978deb5d-c9a7-41f8-b4b2-b76880d0de1f Storage GA
Condition none