last sync: 2024-Dec-05 18:53:40 UTC

Cosmos DB Operator

Azure BuiltIn RBAC Role definition

NameCosmos DB Operator
Id230815da-be43-4aae-9cb4-875f7bd000aa
DescriptionLets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings.
CreatedOn2019-04-26 17:01:17 UTC
UpdatedOn2024-01-10 16:28:04 UTC
History
Date/Time (UTC ymd) (i) Change Change detail
2024-01-11 18:35:40 change: NotActions NotActions: 'add Microsoft.DocumentDB/databaseAccounts/dataTransferJobs/*'
2023-01-16 18:05:52 change: NotActions NotActions: 'add Microsoft.DocumentDB/databaseAccounts/mongodbRoleDefinitions/write; add Microsoft.DocumentDB/databaseAccounts/mongodbRoleDefinitions/delete; add Microsoft.DocumentDB/databaseAccounts/mongodbUserDefinitions/write; add Microsoft.DocumentDB/databaseAccounts/mongodbUserDefinitions/delete'
2021-02-26 14:41:31 change: NotActions NotActions: 'add Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/write; add Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/delete; add Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/write; add Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/delete'
Permissions summary Effective control plane and data plane operations: 310 (unique operations)
•: 1
•action: 54
•delete: 28
•read: 179
•write: 48

Actions: 8
Resolved control plane operations from Actions: 329
Effective control plane operations: 310
•: 1
•action: 54
•delete: 28
•read: 179
•write: 48

NotActions: 13
Resolved control plane operations from NotActions: 19
Effective denied control plane operations: 15882

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3303
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.DocumentDb/databaseAccounts/*wildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionJoins resource such as storage account or SQL database to a subnet. Not alertable.
Microsoft.ResourceHealth/availabilityStatuses/readGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Support/*wildcarded / no description
NotActions
Operation Description
Microsoft.DocumentDB/databaseAccounts/dataTransferJobs/*wildcarded / no description
Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*wildcarded / no description
Microsoft.DocumentDB/databaseAccounts/listKeys/*wildcarded / no description
Microsoft.DocumentDB/databaseAccounts/mongodbRoleDefinitions/deleteDelete a MongoDB Role Definition
Microsoft.DocumentDB/databaseAccounts/mongodbRoleDefinitions/writeCreate or update a Mongo Role Definition
Microsoft.DocumentDB/databaseAccounts/mongodbUserDefinitions/deleteDelete a MongoDB User Definition
Microsoft.DocumentDB/databaseAccounts/mongodbUserDefinitions/writeCreate or update a MongoDB User Definition
Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*wildcarded / no description
Microsoft.DocumentDB/databaseAccounts/regenerateKey/*wildcarded / no description
Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/deleteDelete a SQL Role Assignment
Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/writeCreate or update a SQL Role Assignment
Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/deleteDelete a SQL Role Definition
Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/writeCreate or update a SQL Role Definition
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy
none
JSON
api-version=2023-07-01-preview
Condition none