last sync: 2021-Apr-09 14:03:34 UTC

Azure RBAC Role definition

Network Contributor

NameNetwork Contributor
Microsoft docs
Id4d97b98b-1d4f-4787-a291-c67834d212e7
DescriptionLets you manage networks, but not access to them.
CreatedOn2015-06-02 00:18:27 UTC
UpdatedOn2016-05-31 23:14:00 UTC
Historynone
Actions
Operation Description Used in other Roles
Microsoft.Authorization/*/readno description given API Management Service Contributor, API Management Service Operator Role, API Management Service Reader Role , Application Group Contributor, Application Insights Component Contributor, Application Insights Snapshot Debugger, Automation Job Operator, Automation Operator, Automation Runbook Operator, Autonomous Development Platform Data Contributor (Preview), Autonomous Development Platform Data Owner (Preview), Autonomous Development Platform Data Reader (Preview), Avere Contributor, Azure Arc Enabled Kubernetes Cluster User Role, Azure Arc Kubernetes Admin, Azure Arc Kubernetes Cluster Admin, Azure Arc Kubernetes Viewer, Azure Arc Kubernetes Writer, Azure Kubernetes Service RBAC Admin, Azure Kubernetes Service RBAC Cluster Admin, Azure Kubernetes Service RBAC Reader, Azure Kubernetes Service RBAC Writer, Azure Sentinel Automation Contributor, Azure Sentinel Contributor, Azure Sentinel Reader, Azure Sentinel Responder, Backup Contributor, Backup Operator, Backup Reader, Billing Reader, BizTalk Contributor, Blueprint Contributor, Blueprint Operator, CDN Endpoint Contributor, CDN Endpoint Reader, CDN Profile Contributor, CDN Profile Reader, Classic Network Contributor, Classic Storage Account Contributor, Classic Virtual Machine Contributor, ClearDB MySQL DB Contributor, Cognitive Services Contributor, Collaborative Data Contributor, Collaborative Runtime Operator, Cosmos DB Account Reader Role, Cosmos DB Operator, Data Box Contributor, Data Box Reader, Data Factory Contributor, Data Lake Analytics Developer, Desktop Virtualization Application Group Contributor, Desktop Virtualization Application Group Reader, Desktop Virtualization Contributor, Desktop Virtualization Host Pool Contributor, Desktop Virtualization Host Pool Reader, Desktop Virtualization Reader, Desktop Virtualization Session Host Operator, Desktop Virtualization User Session Operator, Desktop Virtualization Workspace Contributor, Desktop Virtualization Workspace Reader, Device Update Administrator, Device Update Content Administrator, Device Update Content Reader, Device Update Deployments Administrator, Device Update Deployments Reader, Device Update Reader, DevTest Labs User, Disk Backup Reader, Disk Restore Operator, Disk Snapshot Contributor, DNS Zone Contributor, DocumentDB Account Contributor, EventGrid Contributor, EventGrid EventSubscription Contributor, EventGrid EventSubscription Reader, HDInsight Cluster Operator, Integration Service Environment Contributor, Integration Service Environment Developer, Intelligent Systems Account Contributor, Key Vault Administrator, Key Vault Certificates Officer, Key Vault Contributor, Key Vault Crypto Officer, Key Vault Reader, Key Vault Secrets Officer, Kubernetes Cluster - Azure Arc Onboarding, Lab Creator, Logic App Contributor, Logic App Operator, Managed Identity Contributor, Managed Identity Operator, New Relic APM Account Contributor, Private DNS Zone Contributor, Quota Request Operator, Redis Cache Contributor, Scheduler Job Collections Contributor, Search Service Contributor, Security Admin, Security Manager (Legacy), Security Reader, Services Hub Operator, SignalR AccessKey Reader, SignalR Contributor, Site Recovery Contributor, Site Recovery Operator, Site Recovery Reader, SQL DB Contributor, SQL Managed Instance Contributor, SQL Security Manager, SQL Server Contributor, Storage Account Backup Contributor Role, Storage Account Contributor, Support Request Contributor, Tag Contributor, Traffic Manager Contributor, Virtual Machine Contributor, Web Plan Contributor, Website Contributor
Microsoft.Insights/alertRules/*no description given API Management Service Contributor, API Management Service Operator Role, API Management Service Reader Role , Application Group Contributor, Application Insights Component Contributor, Application Insights Snapshot Debugger, Automation Job Operator, Automation Operator, Automation Runbook Operator, Avere Contributor, Azure Arc Enabled Kubernetes Cluster User Role, Azure Arc Kubernetes Admin, Azure Arc Kubernetes Cluster Admin, Azure Arc Kubernetes Viewer, Azure Arc Kubernetes Writer, Azure Kubernetes Service RBAC Admin, Azure Kubernetes Service RBAC Cluster Admin, Azure Kubernetes Service RBAC Reader, Azure Kubernetes Service RBAC Writer, Azure Sentinel Contributor, Azure Sentinel Reader, Azure Sentinel Responder, BizTalk Contributor, CDN Endpoint Contributor, CDN Endpoint Reader, CDN Profile Contributor, CDN Profile Reader, Classic Network Contributor, Classic Storage Account Contributor, Classic Virtual Machine Contributor, ClearDB MySQL DB Contributor, Cognitive Services Contributor, Collaborative Data Contributor, Collaborative Runtime Operator, Cosmos DB Operator, Data Factory Contributor, Data Lake Analytics Developer, Desktop Virtualization Application Group Contributor, Desktop Virtualization Contributor, Desktop Virtualization Host Pool Contributor, Desktop Virtualization Session Host Operator, Desktop Virtualization User Session Operator, Desktop Virtualization Workspace Contributor, Device Update Administrator, Device Update Content Administrator, Device Update Content Reader, Device Update Deployments Administrator, Device Update Deployments Reader, Device Update Reader, DNS Zone Contributor, DocumentDB Account Contributor, EventGrid Contributor, EventGrid EventSubscription Contributor, HDInsight Cluster Operator, Intelligent Systems Account Contributor, Key Vault Administrator, Key Vault Certificates Officer, Key Vault Contributor, Key Vault Crypto Officer, Key Vault Reader, Key Vault Secrets Officer, Kubernetes Cluster - Azure Arc Onboarding, Log Analytics Contributor, Logic App Contributor, Managed Identity Contributor, Managed Identity Operator, Monitoring Contributor, New Relic APM Account Contributor, Private DNS Zone Contributor, Quota Request Operator, Redis Cache Contributor, Scheduler Job Collections Contributor, Search Service Contributor, Security Admin, Security Manager (Legacy), SignalR Contributor, Site Recovery Contributor, Site Recovery Operator, SQL DB Contributor, SQL Managed Instance Contributor, SQL Security Manager, SQL Server Contributor, Storage Account Contributor, Tag Contributor, Traffic Manager Contributor, Virtual Machine Contributor, Web Plan Contributor, Website Contributor
Microsoft.Network/*no description given none
Microsoft.ResourceHealth/availabilityStatuses/readGets the availability statuses for all resources in the specified scope API Management Service Contributor, API Management Service Operator Role, API Management Service Reader Role , Application Insights Component Contributor, Automation Operator, BizTalk Contributor, Classic Network Contributor, Classic Storage Account Contributor, Classic Virtual Machine Contributor, ClearDB MySQL DB Contributor, Cognitive Services Contributor, Cognitive Services User, Cosmos DB Operator, Data Box Contributor, Data Box Reader, Data Factory Contributor, Data Lake Analytics Developer, DNS Zone Contributor, DocumentDB Account Contributor, Intelligent Systems Account Contributor, New Relic APM Account Contributor, Redis Cache Contributor, Scheduler Job Collections Contributor, Search Service Contributor, Security Manager (Legacy), Site Recovery Contributor, Site Recovery Operator, SQL DB Contributor, SQL Managed Instance Contributor, SQL Security Manager, SQL Server Contributor, Storage Account Contributor, Traffic Manager Contributor, Virtual Machine Contributor, Web Plan Contributor, Website Contributor
Microsoft.Resources/deployments/*no description given API Management Service Contributor, API Management Service Operator Role, API Management Service Reader Role , Application Group Contributor, Application Insights Component Contributor, Application Insights Snapshot Debugger, Automation Job Operator, Automation Operator, Automation Runbook Operator, Avere Contributor, Azure Kubernetes Service Contributor Role, Azure Sentinel Contributor, Azure Sentinel Reader, Azure Sentinel Responder, Backup Contributor, Backup Operator, BizTalk Contributor, Blueprint Contributor, Blueprint Operator, CDN Endpoint Contributor, CDN Endpoint Reader, CDN Profile Contributor, CDN Profile Reader, Classic Network Contributor, Classic Storage Account Contributor, Classic Virtual Machine Contributor, ClearDB MySQL DB Contributor, Cognitive Services Contributor, Collaborative Data Contributor, Collaborative Runtime Operator, Cosmos DB Operator, Data Box Contributor, Data Factory Contributor, Data Lake Analytics Developer, Desktop Virtualization Application Group Contributor, Desktop Virtualization Contributor, Desktop Virtualization Host Pool Contributor, Desktop Virtualization Session Host Operator, Desktop Virtualization User Session Operator, Desktop Virtualization Workspace Contributor, Device Update Administrator, Device Update Content Administrator, Device Update Content Reader, Device Update Deployments Administrator, Device Update Deployments Reader, Device Update Reader, DNS Zone Contributor, DocumentDB Account Contributor, EventGrid Contributor, EventGrid EventSubscription Contributor, Intelligent Systems Account Contributor, Key Vault Administrator, Key Vault Certificates Officer, Key Vault Contributor, Key Vault Crypto Officer, Key Vault Reader, Key Vault Secrets Officer, Log Analytics Contributor, Logic App Contributor, Managed Application Contributor Role, Managed Applications Reader, Managed Identity Contributor, Managed Identity Operator, New Relic APM Account Contributor, Private DNS Zone Contributor, Quota Request Operator, Redis Cache Contributor, Scheduler Job Collections Contributor, Search Service Contributor, Security Admin, Security Manager (Legacy), Services Hub Operator, SignalR Contributor, Site Recovery Contributor, Site Recovery Operator, SQL DB Contributor, SQL Managed Instance Contributor, SQL Security Manager, SQL Server Contributor, Storage Account Contributor, Tag Contributor, Traffic Manager Contributor, Virtual Machine Contributor, Web Plan Contributor, Website Contributor
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups. API Management Service Contributor, API Management Service Operator Role, API Management Service Reader Role , Application Group Contributor, Application Insights Component Contributor, Application Insights Snapshot Debugger, Automation Job Operator, Automation Operator, Automation Runbook Operator, Autonomous Development Platform Data Contributor (Preview), Autonomous Development Platform Data Owner (Preview), Autonomous Development Platform Data Reader (Preview), Avere Contributor, Avere Operator, Azure Arc Enabled Kubernetes Cluster User Role, Azure Arc Kubernetes Admin, Azure Arc Kubernetes Cluster Admin, Azure Arc Kubernetes Viewer, Azure Arc Kubernetes Writer, Azure Kubernetes Service RBAC Admin, Azure Kubernetes Service RBAC Cluster Admin, Azure Kubernetes Service RBAC Reader, Azure Kubernetes Service RBAC Writer, Azure Sentinel Contributor, Azure Sentinel Reader, Azure Sentinel Responder, Backup Contributor, Backup Operator, BizTalk Contributor, Blueprint Contributor, Blueprint Operator, CDN Endpoint Contributor, CDN Endpoint Reader, CDN Profile Contributor, CDN Profile Reader, Classic Network Contributor, Classic Storage Account Contributor, Classic Virtual Machine Contributor, ClearDB MySQL DB Contributor, Cognitive Services Contributor, Cognitive Services User, Collaborative Data Contributor, Collaborative Runtime Operator, Cosmos DB Account Reader Role, Cosmos DB Operator, Cost Management Contributor, Cost Management Reader, Data Box Contributor, Data Factory Contributor, Data Lake Analytics Developer, Desktop Virtualization Application Group Contributor, Desktop Virtualization Application Group Reader, Desktop Virtualization Contributor, Desktop Virtualization Host Pool Contributor, Desktop Virtualization Host Pool Reader, Desktop Virtualization Reader, Desktop Virtualization Session Host Operator, Desktop Virtualization User Session Operator, Desktop Virtualization Workspace Contributor, Desktop Virtualization Workspace Reader, Device Update Administrator, Device Update Content Administrator, Device Update Content Reader, Device Update Deployments Administrator, Device Update Deployments Reader, Device Update Reader, DevTest Labs User, Disk Restore Operator, Disk Snapshot Contributor, DNS Zone Contributor, DocumentDB Account Contributor, EventGrid Contributor, EventGrid EventSubscription Contributor, EventGrid EventSubscription Reader, Experimentation Administrator, Experimentation Contributor, HDInsight Cluster Operator, Intelligent Systems Account Contributor, Key Vault Administrator, Key Vault Certificates Officer, Key Vault Contributor, Key Vault Crypto Officer, Key Vault Reader, Key Vault Secrets Officer, Kubernetes Cluster - Azure Arc Onboarding, Lab Creator, Logic App Contributor, Logic App Operator, Managed Identity Contributor, Managed Identity Operator, Monitoring Metrics Publisher, New Relic APM Account Contributor, Private DNS Zone Contributor, Quota Request Operator, Redis Cache Contributor, Reservation Purchaser, Scheduler Job Collections Contributor, Search Service Contributor, Security Admin, Security Manager (Legacy), Security Reader, Services Hub Operator, SignalR AccessKey Reader, SignalR Contributor, Site Recovery Contributor, Site Recovery Operator, SQL DB Contributor, SQL Managed Instance Contributor, SQL Security Manager, SQL Server Contributor, Storage Account Backup Contributor Role, Storage Account Contributor, Support Request Contributor, Tag Contributor, Traffic Manager Contributor, Virtual Machine Contributor, Web Plan Contributor, Website Contributor
Microsoft.Support/*no description given API Management Service Contributor, API Management Service Operator Role, API Management Service Reader Role , Application Group Contributor, Application Insights Component Contributor, Application Insights Snapshot Debugger, Automation Job Operator, Automation Operator, Automation Runbook Operator, Avere Contributor, Azure Arc Enabled Kubernetes Cluster User Role, Azure Arc Kubernetes Admin, Azure Arc Kubernetes Cluster Admin, Azure Arc Kubernetes Viewer, Azure Arc Kubernetes Writer, Azure Kubernetes Service RBAC Admin, Azure Kubernetes Service RBAC Cluster Admin, Azure Kubernetes Service RBAC Reader, Azure Kubernetes Service RBAC Writer, Azure Sentinel Contributor, Azure Sentinel Reader, Azure Sentinel Responder, Backup Contributor, Backup Operator, Billing Reader, BizTalk Contributor, Blueprint Contributor, Blueprint Operator, CDN Endpoint Contributor, CDN Endpoint Reader, CDN Profile Contributor, CDN Profile Reader, Classic Network Contributor, Classic Storage Account Contributor, Classic Virtual Machine Contributor, ClearDB MySQL DB Contributor, Cognitive Services Contributor, Cognitive Services User, Collaborative Data Contributor, Collaborative Runtime Operator, Cosmos DB Account Reader Role, Cosmos DB Operator, Cost Management Contributor, Cost Management Reader, Data Box Contributor, Data Box Reader, Data Factory Contributor, Data Lake Analytics Developer, Desktop Virtualization Application Group Contributor, Desktop Virtualization Application Group Reader, Desktop Virtualization Contributor, Desktop Virtualization Host Pool Contributor, Desktop Virtualization Host Pool Reader, Desktop Virtualization Reader, Desktop Virtualization Session Host Operator, Desktop Virtualization User Session Operator, Desktop Virtualization Workspace Contributor, Desktop Virtualization Workspace Reader, Device Update Administrator, Device Update Content Administrator, Device Update Content Reader, Device Update Deployments Administrator, Device Update Deployments Reader, Device Update Reader, DNS Zone Contributor, DocumentDB Account Contributor, EventGrid Contributor, EventGrid EventSubscription Contributor, HDInsight Cluster Operator, Integration Service Environment Contributor, Integration Service Environment Developer, Intelligent Systems Account Contributor, Key Vault Administrator, Key Vault Certificates Officer, Key Vault Contributor, Key Vault Crypto Officer, Key Vault Reader, Key Vault Secrets Officer, Kubernetes Cluster - Azure Arc Onboarding, Lab Creator, Log Analytics Contributor, Log Analytics Reader, Logic App Contributor, Logic App Operator, Managed Identity Contributor, Managed Identity Operator, Monitoring Contributor, Monitoring Metrics Publisher, Monitoring Reader, New Relic APM Account Contributor, Private DNS Zone Contributor, Quota Request Operator, Redis Cache Contributor, Resource Policy Contributor, Scheduler Job Collections Contributor, Search Service Contributor, Security Admin, Security Manager (Legacy), SignalR AccessKey Reader, SignalR Contributor, Site Recovery Contributor, Site Recovery Operator, Site Recovery Reader, SQL DB Contributor, SQL Managed Instance Contributor, SQL Security Manager, SQL Server Contributor, Storage Account Contributor, Support Request Contributor, Tag Contributor, Traffic Manager Contributor, User Access Administrator, Virtual Machine Contributor, Web Plan Contributor, Website Contributor
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in Policy
Policy DisplayName Policy Id Category State
Configure Azure Automation accounts with private DNS zones 6dd01e4f-1be1-4e80-9d0b-d109e04cb064 Automation GA
Configure Azure Cache for Redis to use private DNS zones e016b22b-e0eb-436d-8fd7-160c4eaed6e2 Cache GA
Configure Azure Cognitive Search services to disable public network access 9cee519f-d9c1-4fd9-9f79-24ec3449ed30 Search GA
Configure Azure Cognitive Search services to use private DNS zones fbc14a67-53e4-4932-abcc-2049c6706009 Search GA
Configure Azure Cognitive Search services with private endpoints b698b005-b660-4837-b833-a7aaab26ddba Search GA
Configure Azure File Sync to use private DNS zones 06695360-db88-47f6-b976-7500d4297475 Storage GA
Configure Azure Machine Learning workspace to use private DNS zones ee40564d-486e-4f68-a5ca-7a621edae0fb Machine Learning GA
Configure Azure Machine Learning workspaces with private endpoints 7838fd83-5cbb-4b5d-888c-bfa240972597 Machine Learning GA
Configure Azure Migrate resources to use private DNS zones 7590a335-57cf-4c95-babd-ecbc8fafeb1f Migrate GA
Configure Azure SQL Server to enable private endpoint connections 8e8ca470-d980-4831-99e6-dc70d9f6af87 SQL GA
Configure Azure Synapse workspaces to use private DNS zones 1e5ed725-f16c-478b-bd4b-7bfa2f7940b9 Synapse GA
Configure Container registries to use private DNS zones e9585a95-5b8c-4d03-b193-dc7eb5ac4c32 Container Registry GA
Configure CosmosDB accounts to use private DNS zones a63cc0bd-cda4-4178-b705-37dc439d3e0f Cosmos DB GA
Configure Event Hub namespaces to use private DNS zones ed66d4f5-8220-45dc-ab4a-20d1749c74e6 Event Hub GA
Configure Event Hub namespaces with private endpoints 91678b7c-d721-4fc5-b179-3cdf74e96b1c Event Hub GA
Configure private DNS zones for private endpoints connected to App Configuration 7a860e27-9ca2-4fc6-822d-c2d248c300df App Configuration GA
Configure private DNS zones for private endpoints that connect to Azure Data Factory 86cd96e1-1745-420d-94d4-d3f2fe415aa4 Data Factory GA
Configure private endpoint connections on Azure Automation accounts c0c3130e-7dda-4187-aed0-ee4a472eaa60 Automation GA
Configure private endpoints to Azure SignalR Service ef45854f-b33f-49a3-8041-9057e915d88f SignalR GA
Configure Service Bus namespaces to use private DNS zones f0fcf93c-c063-4071-9668-c47474bd3564 Service Bus GA
Configure Service Bus namespaces with private endpoints 7d890f7f-100c-473d-baa1-2777e2266535 Service Bus GA
Configure Storage account to use a private link connection 9f766f00-8d11-464e-80e1-4091d7874074 Storage GA
Deploy - Configure Azure Event Grid domains to use private DNS zones d389df0a-e0d7-4607-833c-75a6fdac2c2d Event Grid GA
Deploy - Configure Azure Event Grid domains with private endpoints 36f4658a-848a-467b-881c-e6fa20cf75fc Event Grid GA
Deploy - Configure Azure Event Grid topics to use private DNS zones baf19753-7502-405f-8745-370519b20483 Event Grid GA
Deploy - Configure Azure Event Grid topics with private endpoints 6fcec95c-fbdf-45e8-91e1-e3175d9c9eca Event Grid GA
Deploy - Configure Azure IoT Hubs to use private DNS zones c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02 Internet of Things GA
Deploy - Configure Azure IoT Hubs with private endpoints bf684997-3909-404e-929c-d4a38ed23b2e Internet of Things GA
Deploy - Configure private DNS zones for private endpoints connect to Azure SignalR Service b0e86710-7fb7-4a6c-a064-32e9b829509e SignalR GA
Deploy - Configure private DNS zones for private endpoints that connect to Batch accounts 4ec38ebc-381f-45ee-81a4-acbc4be878f8 Batch GA
Deploy network watcher when virtual networks are created a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Network GA
Virtual networks should be protected by Azure DDoS Protection Standard 94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d Network GA
JSON
{
  "Name": "Network Contributor",
  "Id": "4d97b98b-1d4f-4787-a291-c67834d212e7",
  "IsCustom": false,
  "Description": "Lets you manage networks, but not access to them.",
  "Actions": [
    "Microsoft.Authorization/*/read",
    "Microsoft.Insights/alertRules/*",
    "Microsoft.Network/*",
    "Microsoft.ResourceHealth/availabilityStatuses/read",
    "Microsoft.Resources/deployments/*",
    "Microsoft.Resources/subscriptions/resourceGroups/read",
    "Microsoft.Support/*"
  ],
  "NotActions": [
    
  ],
  "DataActions": [
    
  ],
  "NotDataActions": [
    
  ],
  "AssignableScopes": [
    "/"
  ]
}