AzRoleAdvertizer

last sync: 2025-Jun-20 17:23:26 UTC

Key Vault Secrets User

Azure BuiltIn RBAC Role definition

Name

Key Vault Secrets User
Microsoft Learn

4633458b-17de-408a-b874-0445c86b69e6

Description

Read secret contents. Only works for key vaults that use the 'Azure role-based access control' permission model.

Category

Security
Microsoft Learn

CreatedOn

2020-05-19 17:52:47 UTC

UpdatedOn

2021-11-11 20:14:30 UTC

Permissions summary

Effective control plane and data plane operations: 2 (unique operations)
•action: 2

Actions: 0
Resolved control plane operations from Actions: 0
Effective control plane operations: 0

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16697

DataActions: 2
Resolved data plane operations: 2
Effective data plane operations: 2
•action: 2

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3563

Actions

n/a

NotActions

n/a

DataActions

Operation	Description
Microsoft.KeyVault/vaults/secrets/getSecret/action	Gets the value of a secret.
Microsoft.KeyVault/vaults/secrets/readMetadata/action	List or view the properties of a secret, but not its value.

NotDataActions

n/a

Used in
BuiltIn Policy

none

History

Date/Time (UTC ymd) (i)	Change	Change detail
2020-05-19 20:42:36	add: Role	4633458b-17de-408a-b874-0445c86b69e6

JSON

api-version=2023-07-01-preview

Condition

none