AzRoleAdvertizer

last sync: 2025-Jul-14 17:22:34 UTC

Network Contributor

Azure BuiltIn RBAC Role definition

NameNetwork Contributor
Microsoft Learn
Id4d97b98b-1d4f-4787-a291-c67834d212e7
DescriptionLets you manage networks, but not access to them.
CategoryNetworking
Microsoft Learn
CreatedOn2015-06-02 00:18:27 UTC
UpdatedOn2021-11-11 20:13:44 UTC
Permissions summary Effective control plane and data plane operations: 1091 (unique operations)
•Action: 289
•Delete: 186
•read: 407
•Write: 209

Actions: 7
Resolved control plane operations from Actions: 1091
Effective control plane operations: 1091
•Action: 289
•Delete: 186
•read: 407
•Write: 209

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 15725

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3571
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.Network/*wildcarded / no description
Microsoft.ResourceHealth/availabilityStatuses/readGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Support/*wildcarded / no description
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy
Policy DisplayName Policy Id Category State
[Deprecated]: Configure Azure Media Services to use private DNS zones b4a7f6c1-585e-4177-ad5b-c2c93f4bb991 Media Services Deprecated
[Deprecated]: Configure Azure Media Services with private endpoints c5632066-946d-4766-9544-cd79bcc1286e Media Services Deprecated
[Preview]: Configure Azure Key Vault Managed HSM with private endpoints d1d6d8bb-cc7c-420f-8c7d-6f6f5279a844 Key Vault Preview
[Preview]: Configure Azure Recovery Services vaults to use private DNS zones 942bd215-1a66-44be-af65-6a1c0318dbe2 Site Recovery Preview
[Preview]: Configure private endpoints on Azure Recovery Services vaults e95a8a5c-0987-421f-84ab-df4d88ebf7d1 Site Recovery Preview
[Preview]: Configure Recovery Services vaults to use private DNS zones for backup af783da1-4ad1-42be-800d-d19c70038820 Backup Preview
[Preview]: Configure Recovery Services vaults to use private endpoints for backup 8015d6ed-3641-4534-8d0b-5c67b67ff7de Backup Preview
Configure a private DNS Zone ID for blob groupID 75973700-529f-4de2-b794-fb9b6781b6b0 Storage GA
Configure a private DNS Zone ID for blob_secondary groupID d847d34b-9337-4e2d-99a5-767e5ac9c582 Storage GA
Configure a private DNS Zone ID for dfs groupID 83c6fe0f-2316-444a-99a1-1ecd8a7872ca Storage GA
Configure a private DNS Zone ID for dfs_secondary groupID 90bd4cb3-9f59-45f7-a6ca-f69db2726671 Storage GA
Configure a private DNS Zone ID for file groupID 6df98d03-368a-4438-8730-a93c4d7693d6 Storage GA
Configure a private DNS Zone ID for queue groupID bcff79fb-2b0d-47c9-97e5-3023479b00d1 Storage GA
Configure a private DNS Zone ID for queue_secondary groupID da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6 Storage GA
Configure a private DNS Zone ID for table groupID 028bbd88-e9b5-461f-9424-a1b63a7bee1a Storage GA
Configure a private DNS Zone ID for table_secondary groupID c1d634a5-f73d-4cdd-889f-2cc7006eb47f Storage GA
Configure a private DNS Zone ID for web groupID 9adab2a5-05ba-4fbd-831a-5bf958d04218 Storage GA
Configure a private DNS Zone ID for web_secondary groupID d19ae5f1-b303-4b82-9ca8-7682749faf0c Storage GA
Configure App Service app slots to disable public network access c6c3e00e-d414-4ca4-914f-406699bb8eee App Service GA
Configure App Service apps to disable public network access 2374605e-3e0b-492b-9046-229af202562c App Service GA
Configure App Service apps to use private DNS zones b318f84a-b872-429b-ac6d-a01b96814452 App Service GA
Configure Azure AI Search services to disable public network access 9cee519f-d9c1-4fd9-9f79-24ec3449ed30 Search GA
Configure Azure AI Search services to use private DNS zones fbc14a67-53e4-4932-abcc-2049c6706009 Search GA
Configure Azure AI Search services with private endpoints b698b005-b660-4837-b833-a7aaab26ddba Search GA
Configure Azure Arc Private Link Scopes to use private DNS zones 55c4db33-97b0-437b-8469-c4f4498f5df9 Azure Arc GA
Configure Azure Arc Private Link Scopes with private endpoints d6eeba80-df61-4de5-8772-bc1b7852ba6b Azure Arc GA
Configure Azure Automation accounts with private DNS zones 6dd01e4f-1be1-4e80-9d0b-d109e04cb064 Automation GA
Configure Azure Cache for Redis Enterprise to use private DNS zones 7473e756-98d9-4d10-9a22-8101ef32cd74 Cache GA
Configure Azure Cache for Redis to use private DNS zones e016b22b-e0eb-436d-8fd7-160c4eaed6e2 Cache GA
Configure Azure Data Explorer clusters with private endpoints a47272e1-1d5d-4b0b-b366-4873f1432fe0 Azure Data Explorer GA
Configure Azure Databricks workspace to use private DNS zones 0eddd7f3-3d9b-4927-a07a-806e8ac9486c Azure Databricks GA
Configure Azure Device Update for IoT Hub accounts to use private DNS zones a222b93a-e6c2-4c01-817f-21e092455b2a Internet of Things GA
Configure Azure Device Update for IoT Hub accounts with private endpoint 5b9d063f-c5fd-4750-a489-1258d1fefcbf Internet of Things GA
Configure Azure Event Grid namespace MQTT broker with private endpoints cddcbb7e-a7b1-4380-b4d8-45cf77b0d561 Event Grid GA
Configure Azure Event Grid namespaces with private endpoints 2b21ce34-9c45-4037-9c84-0ac0dbd0095f Event Grid GA
Configure Azure File Sync to use private DNS zones 06695360-db88-47f6-b976-7500d4297475 Storage GA
Configure Azure HDInsight clusters to use private DNS zones 43d6e3bd-fc6a-4b44-8b4d-2151d8736a11 HDInsight GA
Configure Azure Key Vaults to use private DNS zones ac673a9a-f77d-4846-b2d8-a57f8e1c01d4 Key Vault GA
Configure Azure Key Vaults with private endpoints 9d4fad1f-5189-4a42-b29e-cf7929c6b6df Key Vault GA
Configure Azure Machine Learning workspace to use private DNS zones ee40564d-486e-4f68-a5ca-7a621edae0fb Machine Learning GA
Configure Azure Machine Learning workspaces with private endpoints 7838fd83-5cbb-4b5d-888c-bfa240972597 Machine Learning GA
Configure Azure Managed Grafana workspaces to use private DNS zones 4c8537f8-cd1b-49ec-b704-18e82a42fd58 Managed Grafana GA
Configure Azure Migrate resources to use private DNS zones 7590a335-57cf-4c95-babd-ecbc8fafeb1f Migrate GA
Configure Azure Monitor Private Link Scope to use private DNS zones 437914ee-c176-4fff-8986-7e05eb971365 Monitoring GA
Configure Azure SQL Server to enable private endpoint connections 8e8ca470-d980-4831-99e6-dc70d9f6af87 SQL GA
Configure Azure Synapse workspaces to use private DNS zones 1e5ed725-f16c-478b-bd4b-7bfa2f7940b9 Synapse GA
Configure Azure Virtual Desktop hostpool resources to use private DNS zones 9427df23-0f42-4e1e-bf99-a6133d841c4a Desktop Virtualization GA
Configure Azure Virtual Desktop workspace resources to use private DNS zones 34804460-d88b-4922-a7ca-537165e060ed Desktop Virtualization GA
Configure Azure Web PubSub Service to use private DNS zones 0b026355-49cb-467b-8ac4-f777874e175a Web PubSub GA
Configure Azure Web PubSub Service with private endpoints 1b9c0b58-fc7b-42c8-8010-cdfa1d1b8544 Web PubSub GA
Configure BotService resources to use private DNS zones 6a4e6f44-f2af-4082-9702-033c9e88b9f8 Bot Service GA
Configure BotService resources with private endpoints 29261f8e-efdb-4255-95b8-8215414515d6 Bot Service GA
Configure Cognitive Services accounts to use private DNS zones c4bc6f10-cb41-49eb-b000-d5ab82e2a091 Cognitive Services GA
Configure Cognitive Services accounts with private endpoints db630ad5-52e9-4f4d-9c44-53912fe40053 Cognitive Services GA
Configure Container registries to use private DNS zones e9585a95-5b8c-4d03-b193-dc7eb5ac4c32 Container Registry GA
Configure CosmosDB accounts to use private DNS zones a63cc0bd-cda4-4178-b705-37dc439d3e0f Cosmos DB GA
Configure disk access resources to use private DNS zones bc05b96c-0b36-4ca9-82f0-5c53f96ce05a Compute GA
Configure Event Hub namespaces to use private DNS zones ed66d4f5-8220-45dc-ab4a-20d1749c74e6 Event Hub GA
Configure Event Hub namespaces with private endpoints 91678b7c-d721-4fc5-b179-3cdf74e96b1c Event Hub GA
Configure Function app slots to disable public network access 242222f3-4985-4e99-b5ef-086d6a6cb01c App Service GA
Configure Function apps to disable public network access cd794351-e536-40f4-9750-503a463d8cad App Service GA
Configure private DNS zones for private endpoints connected to App Configuration 7a860e27-9ca2-4fc6-822d-c2d248c300df App Configuration GA
Configure private DNS zones for private endpoints that connect to Azure Data Factory 86cd96e1-1745-420d-94d4-d3f2fe415aa4 Data Factory GA
Configure private endpoint connections on Azure Automation accounts c0c3130e-7dda-4187-aed0-ee4a472eaa60 Automation GA
Configure private endpoints for Data factories 496ca26b-f669-4322-a1ad-06b7b5e41882 Data Factory GA
Configure private endpoints to Azure SignalR Service ef45854f-b33f-49a3-8041-9057e915d88f SignalR GA
Configure Private Link for Azure AD to use private DNS zones 7e4301f9-5f32-4738-ad9f-7ec2d15563ad Azure Active Directory GA
Configure Service Bus namespaces to use private DNS zones f0fcf93c-c063-4071-9668-c47474bd3564 Service Bus GA
Configure Service Bus namespaces with private endpoints 7d890f7f-100c-473d-baa1-2777e2266535 Service Bus GA
Configure Storage account to use a private link connection 9f766f00-8d11-464e-80e1-4091d7874074 Storage GA
Deploy - Configure Azure Event Grid domains to use private DNS zones d389df0a-e0d7-4607-833c-75a6fdac2c2d Event Grid GA
Deploy - Configure Azure Event Grid domains with private endpoints 36f4658a-848a-467b-881c-e6fa20cf75fc Event Grid GA
Deploy - Configure Azure Event Grid topics to use private DNS zones baf19753-7502-405f-8745-370519b20483 Event Grid GA
Deploy - Configure Azure Event Grid topics with private endpoints 6fcec95c-fbdf-45e8-91e1-e3175d9c9eca Event Grid GA
Deploy - Configure Azure IoT Hubs to use private DNS zones c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02 Internet of Things GA
Deploy - Configure Azure IoT Hubs with private endpoints bf684997-3909-404e-929c-d4a38ed23b2e Internet of Things GA
Deploy - Configure IoT Central to use private DNS zones d627d7c6-ded5-481a-8f2e-7e16b1e6faf6 Internet of Things GA
Deploy - Configure IoT Central with private endpoints c854b0f0-02d0-4f94-9b42-fd175fbd4d49 Internet of Things GA
Deploy - Configure private DNS zones for private endpoints connect to Azure SignalR Service b0e86710-7fb7-4a6c-a064-32e9b829509e SignalR GA
Deploy - Configure private DNS zones for private endpoints that connect to Batch accounts 4ec38ebc-381f-45ee-81a4-acbc4be878f8 Batch GA
Deploy network watcher when virtual networks are created a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Network GA
Virtual networks should be protected by Azure DDoS Protection 94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d Network GA
Historynone
JSON
api-version=2023-07-01-preview
Condition none