AzRoleAdvertizer

last sync: 2025-Apr-29 17:15:48 UTC

Storage Account Contributor

Azure BuiltIn RBAC Role definition

NameStorage Account Contributor
Microsoft Learn
Id17d1049b-9a84-46fb-8f53-869881c3d3ab
DescriptionLets you manage storage accounts, including accessing storage account keys which provide full access to storage account data.
CategoryStorage
Microsoft Learn
CreatedOn2015-06-02 00:18:27 UTC
UpdatedOn2021-11-11 20:13:54 UTC
Permissions summary Effective control plane and data plane operations: 199 (unique operations)
•Action: 54
•Delete: 20
•read: 89
•Write: 36

Actions: 9
Resolved control plane operations from Actions: 199
Effective control plane operations: 199
•Action: 54
•Delete: 20
•read: 89
•Write: 36

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16291

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3371
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.Insights/diagnosticSettings/*wildcarded / no description
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionJoins resource such as storage account or SQL database to a subnet. Not alertable.
Microsoft.ResourceHealth/availabilityStatuses/readGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Storage/storageAccounts/*wildcarded / no description
Microsoft.Support/*wildcarded / no description
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy
Policy DisplayName Policy Id Category State
[Preview]: Configure backup for Azure Files Shares with a given tag to a new recovery services vault with a new policy f32ca068-2ada-4705-b5b5-84ce89422846 Backup Preview
[Preview]: Configure backup for Azure Files Shares with a given tag to an existing recovery services vault in the same location d8659d5a-a3bd-444d-98ea-570bceb568cf Backup Preview
[Preview]: Configure backup for Azure Files Shares without a given tag to a new recovery services vault with a new policy 9e47cad9-bcdb-42dd-8c9b-a81e15ca2842 Backup Preview
[Preview]: Configure backup for Azure Files Shares without a given tag to an existing recovery services vault in the same location e159e079-0ddd-4905-97c9-79a8fca6d880 Backup Preview
Configure secure transfer of data on a storage account f81e3117-0093-4b17-8a60-82363134f0eb Storage GA
Configure SQL servers to have auditing enabled f4c68484-132f-41f9-9b6d-3e4b1cb55036 SQL GA
Configure Storage account to use a private link connection 9f766f00-8d11-464e-80e1-4091d7874074 Storage GA
Configure storage accounts to disable public network access a06d0189-92e8-4dba-b0c4-08d7669fce7d Storage GA
Configure Storage Accounts to restrict network access through network ACL bypass configuration only. 41a72361-06e3-4e80-832a-690bd0708bc1 VirtualEnclaves GA
Configure Synapse workspaces to have auditing enabled ac7891a4-ac7a-4ba0-9ae9-c923e5a225ee Synapse GA
Configure your Storage account public access to be disallowed 13502221-8df0-4414-9937-de9c5c4e396b Storage GA
Deploy Advanced Data Security on SQL servers 6134c3db-786f-471e-87bc-8f479dc890f6 SQL GA
Deploy Diagnostic Settings for Network Security Groups c9c29499-c1d1-4195-99bd-2ec9e3a9dc89 Monitoring GA
Modify - Configure your Storage account to enable blob versioning 978deb5d-c9a7-41f8-b4b2-b76880d0de1f Storage GA
Historynone
JSON
api-version=2023-07-01-preview
Condition none