last sync: 2024-May-24 18:02:49 UTC

Defender for Storage Data Scanner

Azure BuiltIn RBAC Role definition

NameDefender for Storage Data Scanner
Id1e7ca9b1-60d1-4db8-a914-f2ca1ff27c40
DescriptionGrants access to read blobs and update index tags. This role is used by the data scanner of Defender for Storage.
CreatedOn2023-06-21 15:30:31 UTC
UpdatedOn2023-07-10 15:10:57 UTC
History
Date/Time (UTC ymd) (i) Change Change detail
2023-07-11 17:57:31 change: DisplayName, Description, Actions, DataActions New DisplayName: 'Defender for Storage Data Scanner'
Old DisplayName: 'Storage Data Scanner',
New Description: 'Grants access to read blobs and update index tags. This role is used by the data scanner of Defender for Storage.'
Old Description: 'Grants all permissions needed for a storage data scanner.',
Actions: 'add Microsoft.Storage/storageAccounts/blobServices/containers/read',
DataActions: 'add Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read; add Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/write; add Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/read'
2023-06-22 17:48:48 add: Role 1e7ca9b1-60d1-4db8-a914-f2ca1ff27c40
Permissions summary Effective control plane and data plane operations: 4 (unique operations)
•read: 3
•write: 1

Actions: 1
Resolved control plane operations from Actions: 1
Effective control plane operations: 1
•read: 1

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 15649

DataActions: 3
Resolved data plane operations: 3
Effective data plane operations: 3
•read: 2
•write: 1

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3157
Actions
Operation Description
Microsoft.Storage/storageAccounts/blobServices/containers/readReturns list of containers
NotActions n/a
DataActions
Operation Description
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readReturns a blob or a list of blobs
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/readReturns the result of reading blob tags
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/writeReturns the result of writing blob tags
NotDataActions n/a
Used in
BuiltIn Policy
none
JSON
api-version=2023-07-01-preview
Condition none