AzRoleAdvertizer

last sync: 2025-May-23 18:27:00 UTC

Domain Services Reader

Azure BuiltIn RBAC Role definition

NameDomain Services Reader
Microsoft Learn
Id361898ef-9ed1-48c2-849c-a832951106bb
DescriptionCan view Azure AD Domain Services and related network configurations
CategoryIdentity
Microsoft Learn
CreatedOn2022-02-15 19:38:46 UTC
UpdatedOn2022-06-27 17:28:30 UTC
Permissions summary Effective control plane and data plane operations: 74 (unique operations)
•read: 74

Actions: 28
Resolved control plane operations from Actions: 74
Effective control plane operations: 74
•read: 74

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16486

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3420
Actions
Operation Description
Microsoft.AAD/domainServices/*/readwildcarded / no description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Insights/AlertRules/Incidents/ReadRead a classic metric alert incident
Microsoft.Insights/AlertRules/ReadRead a classic metric alert
Microsoft.Insights/DiagnosticSettings/readRead a resource diagnostic setting
Microsoft.Insights/DiagnosticSettingsCategories/ReadRead diagnostic settings categories
Microsoft.Insights/Logs/ReadReading data from all your logs
Microsoft.Insights/Metrics/readRead metrics
Microsoft.Network/azureFirewalls/readGet Azure Firewall
Microsoft.Network/ddosProtectionPlans/readGets a DDoS Protection Plan
Microsoft.Network/loadBalancers/*/readwildcarded / no description
Microsoft.Network/loadBalancers/readGets a load balancer definition
Microsoft.Network/natGateways/readGets a Nat Gateway Definition
Microsoft.Network/networkInterfaces/readGets a network interface definition.
Microsoft.Network/networkSecurityGroups/defaultSecurityRules/readGets a default security rule definition
Microsoft.Network/networkSecurityGroups/readGets a network security group definition
Microsoft.Network/networkSecurityGroups/securityRules/readGets a security rule definition
Microsoft.Network/routeTables/readGets a route table definition
Microsoft.Network/routeTables/routes/readGets a route definition
Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/diagnosticSettings/readno description given
Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/readno description given
Microsoft.Network/virtualNetworks/readGet the virtual network definition
Microsoft.Network/virtualNetworks/subnets/readGets a virtual network subnet definition
Microsoft.Network/virtualNetworks/virtualNetworkPeerings/readGets a virtual network peering definition
Microsoft.Resources/deployments/operations/readGets or lists deployment operations.
Microsoft.Resources/deployments/operationstatuses/readGets or lists deployment operation statuses.
Microsoft.Resources/deployments/readGets or lists deployments.
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy		 none
History
Date/Time (UTC ymd) (i) Change Change detail
2022-06-27 16:32:39 change: Actions Actions: 'add Microsoft.Insights/Logs/Read; add Microsoft.Insights/Metrics/read; add Microsoft.Insights/DiagnosticSettings/read; add Microsoft.Insights/DiagnosticSettingsCategories/Read'
2022-06-22 16:32:37 change: Actions Actions: 'remove Microsoft.AAD/domainServices/read; remove Microsoft.AAD/domainServices/oucontainer/read; remove Microsoft.AAD/domainServices/OutboundNetworkDependenciesEndpoints/read; remove Microsoft.AAD/domainServices/providers/Microsoft.Insights/diagnosticSettings/read; remove Microsoft.AAD/domainServices/providers/Microsoft.Insights/logDefinitions/read; add Microsoft.AAD/domainServices/*/read'
2022-02-23 18:03:00 add: Role 361898ef-9ed1-48c2-849c-a832951106bb
JSON
api-version=2023-07-01-preview
Condition none