AzRoleAdvertizer

last sync: 2024-Jul-26 18:17:46 UTC

Azure Kubernetes Fleet Manager RBAC Admin

Azure BuiltIn RBAC Role definition

NameAzure Kubernetes Fleet Manager RBAC Admin
Id434fb43a-c01c-447e-9f67-c3ad923cfaba
DescriptionGrants read/write access to Kubernetes resources within a namespace in the fleet-managed hub cluster - provides write permissions on most objects within a a namespace, with the exception of ResourceQuota object and the namespace object itself. Applying this role at cluster scope will give access across all namespaces.
CreatedOn2022-08-22 17:29:14 UTC
UpdatedOn2024-03-27 21:09:44 UTC
History
Date/Time (UTC ymd) (i) Change Change detail
2022-08-29 16:36:36 change: DataActions DataActions: 'remove Microsoft.ContainerService/fleets/apps/replicasets/*; remove Microsoft.ContainerService/fleets/extensions/replicasets/*; remove Microsoft.ContainerService/fleets/pods/*'
2022-08-22 16:34:26 add: Role 434fb43a-c01c-447e-9f67-c3ad923cfaba
Permissions summary Effective control plane and data plane operations: 108 (unique operations)
•action: 4
•delete: 22
•read: 59
•write: 23

Actions: 6
Resolved control plane operations from Actions: 32
Effective control plane operations: 32
•action: 1
•read: 31

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 15596

DataActions: 30
Resolved data plane operations: 76
Effective data plane operations: 76
•action: 3
•delete: 22
•read: 28
•write: 23

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3143
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.ContainerService/fleets/listCredentials/actionList fleet credentials
Microsoft.ContainerService/fleets/readGet fleet
Microsoft.Resources/subscriptions/operationresults/readGet the subscription operation results.
Microsoft.Resources/subscriptions/readGets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
NotActions n/a
DataActions
Operation Description
Microsoft.ContainerService/fleets/apps/controllerrevisions/readReads controllerrevisions
Microsoft.ContainerService/fleets/apps/daemonsets/*wildcarded / no description
Microsoft.ContainerService/fleets/apps/deployments/*wildcarded / no description
Microsoft.ContainerService/fleets/apps/statefulsets/*wildcarded / no description
Microsoft.ContainerService/fleets/authorization.k8s.io/localsubjectaccessreviews/writeWrites localsubjectaccessreviews
Microsoft.ContainerService/fleets/autoscaling/horizontalpodautoscalers/*wildcarded / no description
Microsoft.ContainerService/fleets/batch/cronjobs/*wildcarded / no description
Microsoft.ContainerService/fleets/batch/jobs/*wildcarded / no description
Microsoft.ContainerService/fleets/configmaps/*wildcarded / no description
Microsoft.ContainerService/fleets/endpoints/*wildcarded / no description
Microsoft.ContainerService/fleets/events.k8s.io/events/readReads events
Microsoft.ContainerService/fleets/events/readReads events
Microsoft.ContainerService/fleets/extensions/daemonsets/*wildcarded / no description
Microsoft.ContainerService/fleets/extensions/deployments/*wildcarded / no description
Microsoft.ContainerService/fleets/extensions/ingresses/*wildcarded / no description
Microsoft.ContainerService/fleets/extensions/networkpolicies/*wildcarded / no description
Microsoft.ContainerService/fleets/limitranges/readReads limitranges
Microsoft.ContainerService/fleets/namespaces/readReads namespaces
Microsoft.ContainerService/fleets/networking.k8s.io/ingresses/*wildcarded / no description
Microsoft.ContainerService/fleets/networking.k8s.io/networkpolicies/*wildcarded / no description
Microsoft.ContainerService/fleets/persistentvolumeclaims/*wildcarded / no description
Microsoft.ContainerService/fleets/policy/poddisruptionbudgets/*wildcarded / no description
Microsoft.ContainerService/fleets/rbac.authorization.k8s.io/rolebindings/*wildcarded / no description
Microsoft.ContainerService/fleets/rbac.authorization.k8s.io/roles/*wildcarded / no description
Microsoft.ContainerService/fleets/replicationcontrollers/*wildcarded / no description
Microsoft.ContainerService/fleets/replicationcontrollers/*wildcarded / no description
Microsoft.ContainerService/fleets/resourcequotas/readReads resourcequotas
Microsoft.ContainerService/fleets/secrets/*wildcarded / no description
Microsoft.ContainerService/fleets/serviceaccounts/*wildcarded / no description
Microsoft.ContainerService/fleets/services/*wildcarded / no description
NotDataActions n/a
Used in
BuiltIn Policy		 none
JSON
api-version=2023-07-01-preview
Condition none