AzRoleAdvertizer

last sync: 2025-Oct-23 17:22:49 UTC

Azure Kubernetes Fleet Manager RBAC Admin

Azure BuiltIn RBAC Role definition

NameAzure Kubernetes Fleet Manager RBAC Admin
Microsoft Learn
Id434fb43a-c01c-447e-9f67-c3ad923cfaba
DescriptionGrants read/write access to Kubernetes resources within a namespace in the fleet-managed hub cluster - provides write permissions on most objects within a a namespace, with the exception of ResourceQuota object and the namespace object itself. Applying this role at cluster scope will give access across all namespaces.
CategoryContainers
Microsoft Learn
CreatedOn2022-08-22 17:29:14 UTC
UpdatedOn2024-10-21 15:04:47 UTC
Permissions summary Effective control plane and data plane operations: 118 (unique operations)
•action: 4
•delete: 23
•read: 67
•write: 24

Actions: 6
Resolved control plane operations from Actions: 36
Effective control plane operations: 36
•action: 1
•read: 35

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 17340

DataActions: 34
Resolved data plane operations: 82
Effective data plane operations: 82
•action: 3
•delete: 23
•read: 32
•write: 24

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3999
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.ContainerService/fleets/listCredentials/actionList fleet credentials
Microsoft.ContainerService/fleets/readGet fleet
Microsoft.Resources/subscriptions/operationresults/readGet the subscription operation results.
Microsoft.Resources/subscriptions/readGets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
NotActions n/a
DataActions
Operation Description
Microsoft.ContainerService/fleets/apps/controllerrevisions/readReads controllerrevisions
Microsoft.ContainerService/fleets/apps/daemonsets/*wildcarded / no description
Microsoft.ContainerService/fleets/apps/deployments/*wildcarded / no description
Microsoft.ContainerService/fleets/apps/statefulsets/*wildcarded / no description
Microsoft.ContainerService/fleets/authorization.k8s.io/localsubjectaccessreviews/writeWrites localsubjectaccessreviews
Microsoft.ContainerService/fleets/autoscaling/horizontalpodautoscalers/*wildcarded / no description
Microsoft.ContainerService/fleets/batch/cronjobs/*wildcarded / no description
Microsoft.ContainerService/fleets/batch/jobs/*wildcarded / no description
Microsoft.ContainerService/fleets/cluster.kubernetes-fleet.io/internalmemberclusters/readRead fleet internalmembercluster resource
Microsoft.ContainerService/fleets/configmaps/*wildcarded / no description
Microsoft.ContainerService/fleets/endpoints/*wildcarded / no description
Microsoft.ContainerService/fleets/events.k8s.io/events/readReads events
Microsoft.ContainerService/fleets/events/readReads events
Microsoft.ContainerService/fleets/extensions/daemonsets/*wildcarded / no description
Microsoft.ContainerService/fleets/extensions/deployments/*wildcarded / no description
Microsoft.ContainerService/fleets/extensions/ingresses/*wildcarded / no description
Microsoft.ContainerService/fleets/extensions/networkpolicies/*wildcarded / no description
Microsoft.ContainerService/fleets/limitranges/readReads limitranges
Microsoft.ContainerService/fleets/namespaces/readReads namespaces
Microsoft.ContainerService/fleets/networking.k8s.io/ingresses/*wildcarded / no description
Microsoft.ContainerService/fleets/networking.k8s.io/networkpolicies/*wildcarded / no description
Microsoft.ContainerService/fleets/persistentvolumeclaims/*wildcarded / no description
Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/resourceoverrides/*wildcarded / no description
Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/resourceoverridesnapshots/readRead fleet resourceoverridesnapshot resource
Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/works/readRead fleet work resource
Microsoft.ContainerService/fleets/policy/poddisruptionbudgets/*wildcarded / no description
Microsoft.ContainerService/fleets/rbac.authorization.k8s.io/rolebindings/*wildcarded / no description
Microsoft.ContainerService/fleets/rbac.authorization.k8s.io/roles/*wildcarded / no description
Microsoft.ContainerService/fleets/replicationcontrollers/*wildcarded / no description
Microsoft.ContainerService/fleets/replicationcontrollers/*wildcarded / no description
Microsoft.ContainerService/fleets/resourcequotas/readReads resourcequotas
Microsoft.ContainerService/fleets/secrets/*wildcarded / no description
Microsoft.ContainerService/fleets/serviceaccounts/*wildcarded / no description
Microsoft.ContainerService/fleets/services/*wildcarded / no description
NotDataActions n/a
Used in
BuiltIn Policy		 none
History
Date/Time (UTC ymd) (i) Change Change detail
2024-10-21 17:52:38 change: DataActions DataActions: 'add Microsoft.ContainerService/fleets/cluster.kubernetes-fleet.io/internalmemberclusters/read; add Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/resourceoverrides/*; add Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/resourceoverridesnapshots/read; add Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/works/read'
2022-08-29 16:36:36 change: DataActions DataActions: 'remove Microsoft.ContainerService/fleets/apps/replicasets/*; remove Microsoft.ContainerService/fleets/extensions/replicasets/*; remove Microsoft.ContainerService/fleets/pods/*'
2022-08-22 16:34:26 add: Role 434fb43a-c01c-447e-9f67-c3ad923cfaba
JSON
api-version=2023-07-01-preview
Condition none