AzRoleAdvertizer

last sync: 2024-Jul-26 18:17:46 UTC

Defender for Storage Data Scanner

Azure BuiltIn RBAC Role definition

Name

Defender for Storage Data Scanner

1e7ca9b1-60d1-4db8-a914-f2ca1ff27c40

Description

Grants access to read blobs and update index tags. This role is used by the data scanner of Defender for Storage.

CreatedOn

2023-06-21 15:30:31 UTC

UpdatedOn

2023-07-10 15:10:57 UTC

History

Date/Time (UTC ymd) (i)	Change	Change detail
2023-07-11 17:57:31	change: DisplayName, Description, Actions, DataActions	New DisplayName: 'Defender for Storage Data Scanner' Old DisplayName: 'Storage Data Scanner', New Description: 'Grants access to read blobs and update index tags. This role is used by the data scanner of Defender for Storage.' Old Description: 'Grants all permissions needed for a storage data scanner.', Actions: 'add Microsoft.Storage/storageAccounts/blobServices/containers/read', DataActions: 'add Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read; add Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/write; add Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/read'
2023-06-22 17:48:48	add: Role	1e7ca9b1-60d1-4db8-a914-f2ca1ff27c40

Permissions summary

Effective control plane and data plane operations: 4 (unique operations)
•read: 3
•write: 1

Actions: 1
Resolved control plane operations from Actions: 1
Effective control plane operations: 1
•read: 1

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 15627

DataActions: 3
Resolved data plane operations: 3
Effective data plane operations: 3
•read: 2
•write: 1

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3216

Actions

Operation	Description
Microsoft.Storage/storageAccounts/blobServices/containers/read	Returns list of containers

NotActions

n/a

DataActions

Operation	Description
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read	Returns a blob or a list of blobs
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/read	Returns the result of reading blob tags
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/write	Returns the result of writing blob tags

NotDataActions

n/a

Used in
BuiltIn Policy

none

JSON

api-version=2023-07-01-preview

Condition

none