AzRoleAdvertizer

last sync: 2024-Jul-26 18:17:46 UTC

Azure Kubernetes Service Policy Add-on Deployment

Azure BuiltIn RBAC Role definition

Name

Azure Kubernetes Service Policy Add-on Deployment

18ed5180-3e48-46fd-8541-4ea054d57064

Description

Deploy the Azure Policy add-on on Azure Kubernetes Service clusters

CreatedOn

2022-02-07 20:51:48 UTC

UpdatedOn

2022-03-15 23:34:13 UTC

History

Date/Time (UTC ymd) (i)	Change	Change detail
2022-03-16 17:58:57	change: Actions	Actions: 'add Microsoft.Compute/diskEncryptionSets/read; add Microsoft.Compute/proximityPlacementGroups/write'
2022-02-10 17:19:06	change: Actions	Actions: 'add Microsoft.Network/virtualNetworks/subnets/join/action; add Microsoft.Network/publicIPPrefixes/join/action; add Microsoft.Network/publicIPAddresses/join/action'
2022-02-08 18:24:32	add: Role	18ed5180-3e48-46fd-8541-4ea054d57064

Permissions summary

Effective control plane and data plane operations: 14 (unique operations)
•action: 7
•delete: 1
•read: 4
•write: 2

Actions: 6
Resolved control plane operations from Actions: 14
Effective control plane operations: 14
•action: 7
•delete: 1
•read: 4
•write: 2

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 15614

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3219

Actions

Operation	Description
Microsoft.Compute/diskEncryptionSets/read	Get the properties of a disk encryption set
Microsoft.Compute/proximityPlacementGroups/write	Creates a new Proximity Placement Group or updates an existing one
Microsoft.Network/publicIPAddresses/join/action	Joins a public ip address. Not Alertable.
Microsoft.Network/publicIPPrefixes/join/action	Joins a PublicIPPrefix. Not alertable.
Microsoft.Network/virtualNetworks/subnets/join/action	Joins a virtual network. Not Alertable.
Microsoft.Resources/deployments/*	wildcarded / no description

NotActions

n/a

DataActions

n/a

NotDataActions

n/a

Used in
BuiltIn Policy

Policy DisplayName	Policy Id	Category	State
[Preview]: Deploy Image Integrity on Azure Kubernetes Service	5dc99dae-cfb2-42cc-8762-9aae02b74e27	Kubernetes	GA
Configure Microsoft Entra ID integrated Azure Kubernetes Service Clusters with required Admin Group Access	36a27de4-199b-40fb-b336-945a8475d6c5	Kubernetes	GA
Configure Node OS Auto upgrade on Azure Kubernetes Cluster	40f1aee2-4db4-4b74-acb1-c6972e24cca8	Kubernetes	GA
Deploy Azure Policy Add-on to Azure Kubernetes Service clusters	a8eff44f-8c92-45c3-a3fb-9880802d67a7	Kubernetes	GA
Deploy Image Cleaner on Azure Kubernetes Service	7e49285c-4bed-4564-b26a-5225ccc311f3	Kubernetes	GA
Disable Command Invoke on Azure Kubernetes Service clusters	1b708b0a-3380-40e9-8b79-821f9fa224cc	Kubernetes	GA

JSON

api-version=2023-07-01-preview

Condition

none