| Name | Azure Kubernetes Fleet Manager RBAC Reader for Member Clusters | ||||||||||
| Id | 463ad26c-fcce-4469-9c7f-5653d8acbab5 | ||||||||||
| Description | Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces. | ||||||||||
| Category | None | ||||||||||
| CreatedOn | 2025-10-22 18:33:37 UTC | ||||||||||
| UpdatedOn | 2025-10-22 18:33:37 UTC | ||||||||||
| Permissions summary | Effective control plane and data plane operations: 65 (unique operations) •read: 65 Actions: 4 Resolved control plane operations from Actions: 34 Effective control plane operations: 34 •read: 34 NotActions: 0 Resolved control plane operations from NotActions: 0 Effective denied control plane operations: 17431 DataActions: 31 Resolved data plane operations: 31 Effective data plane operations: 31 •read: 31 NotDataActions: 0 Resolved data plane operations from NotDataActions: 0 Effective denied data plane operations: 4050 |
||||||||||
| Actions |
|
||||||||||
| NotActions | n/a | ||||||||||
| DataActions | |||||||||||
| NotDataActions | n/a | ||||||||||
| Used in BuiltIn Policy |
none | ||||||||||
| History |
|
||||||||||
| JSON |
|
||||||||||
| Condition | none |