AzRoleAdvertizer

last sync: 2024-Jul-26 18:17:46 UTC

Azure Arc Kubernetes Writer

Azure BuiltIn RBAC Role definition

NameAzure Arc Kubernetes Writer
Id5b999177-9696-4545-85c7-50de3797e5a1
DescriptionLets you update everything in cluster/namespace, except (cluster)roles and (cluster)role bindings.
CreatedOn2020-06-12 20:53:50 UTC
UpdatedOn2021-11-11 20:14:34 UTC
History
Date/Time (UTC ymd) (i) Change Change detail
2020-11-03 14:38:31 change: DataActions, NotDataActions DataActions: 'remove Microsoft.Kubernetes/connectedClusters/*/read; remove Microsoft.Kubernetes/connectedClusters/*/write; add Microsoft.Kubernetes/connectedClusters/apps/controllerrevisions/read; add Microsoft.Kubernetes/connectedClusters/apps/daemonsets/*; add Microsoft.Kubernetes/connectedClusters/apps/deployments/*; add Microsoft.Kubernetes/connectedClusters/apps/replicasets/*; add Microsoft.Kubernetes/connectedClusters/apps/statefulsets/*; add Microsoft.Kubernetes/connectedClusters/autoscaling/horizontalpodautoscalers/*; add Microsoft.Kubernetes/connectedClusters/batch/cronjobs/*; add Microsoft.Kubernetes/connectedClusters/batch/jobs/*; add Microsoft.Kubernetes/connectedClusters/configmaps/*; add Microsoft.Kubernetes/connectedClusters/endpoints/*; add Microsoft.Kubernetes/connectedClusters/events.k8s.io/events/read; add Microsoft.Kubernetes/connectedClusters/events/read; add Microsoft.Kubernetes/connectedClusters/extensions/daemonsets/*; add Microsoft.Kubernetes/connectedClusters/extensions/deployments/*; add Microsoft.Kubernetes/connectedClusters/extensions/ingresses/*; add Microsoft.Kubernetes/connectedClusters/extensions/networkpolicies/*; add Microsoft.Kubernetes/connectedClusters/extensions/replicasets/*; add Microsoft.Kubernetes/connectedClusters/limitranges/read; add Microsoft.Kubernetes/connectedClusters/namespaces/read; add Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingresses/*; add Microsoft.Kubernetes/connectedClusters/networking.k8s.io/networkpolicies/*; add Microsoft.Kubernetes/connectedClusters/persistentvolumeclaims/*; add Microsoft.Kubernetes/connectedClusters/pods/*; add Microsoft.Kubernetes/connectedClusters/policy/poddisruptionbudgets/*; add Microsoft.Kubernetes/connectedClusters/replicationcontrollers/*; add Microsoft.Kubernetes/connectedClusters/replicationcontrollers/*; add Microsoft.Kubernetes/connectedClusters/resourcequotas/read; add Microsoft.Kubernetes/connectedClusters/secrets/*; add Microsoft.Kubernetes/connectedClusters/serviceaccounts/*; add Microsoft.Kubernetes/connectedClusters/services/*',
NotDataActions: 'remove Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/*/read; remove Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/*/write; remove Microsoft.Kubernetes/connectedClusters/namespaces/write; remove Microsoft.Kubernetes/connectedClusters/resourcequotas/write; remove Microsoft.Kubernetes/connectedClusters/certificates.k8s.io/certificatesigningrequests/write; remove Microsoft.Kubernetes/connectedClusters/policy/podsecuritypolicies/write'
2020-06-15 15:35:59 add: Role 5b999177-9696-4545-85c7-50de3797e5a1
Permissions summary Effective control plane and data plane operations: 126 (unique operations)
•: 1
•Action: 8
•Delete: 24
•read: 67
•Write: 26

Actions: 7
Resolved control plane operations from Actions: 49
Effective control plane operations: 49
•: 1
•Action: 6
•Delete: 1
•read: 38
•Write: 3

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 15579

DataActions: 30
Resolved data plane operations: 77
Effective data plane operations: 77
•action: 2
•delete: 23
•read: 29
•write: 23

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3142
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.Resources/deployments/writeCreates or updates an deployment.
Microsoft.Resources/subscriptions/operationresults/readGet the subscription operation results.
Microsoft.Resources/subscriptions/readGets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Support/*wildcarded / no description
NotActions n/a
DataActions
Operation Description
Microsoft.Kubernetes/connectedClusters/apps/controllerrevisions/readReads controllerrevisions
Microsoft.Kubernetes/connectedClusters/apps/daemonsets/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/apps/deployments/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/apps/replicasets/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/apps/statefulsets/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/autoscaling/horizontalpodautoscalers/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/batch/cronjobs/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/batch/jobs/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/configmaps/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/endpoints/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/events.k8s.io/events/readReads events
Microsoft.Kubernetes/connectedClusters/events/readReads events
Microsoft.Kubernetes/connectedClusters/extensions/daemonsets/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/extensions/deployments/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/extensions/ingresses/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/extensions/networkpolicies/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/extensions/replicasets/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/limitranges/readReads limitranges
Microsoft.Kubernetes/connectedClusters/namespaces/readReads namespaces
Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingresses/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/networking.k8s.io/networkpolicies/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/persistentvolumeclaims/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/pods/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/policy/poddisruptionbudgets/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/replicationcontrollers/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/replicationcontrollers/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/resourcequotas/readReads resourcequotas
Microsoft.Kubernetes/connectedClusters/secrets/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/serviceaccounts/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/services/*wildcarded / no description
NotDataActions n/a
Used in
BuiltIn Policy		 none
JSON
api-version=2023-07-01-preview
Condition none