last sync: 2024-Oct-11 17:51:49 UTC

Kubernetes Agent Operator

Azure BuiltIn RBAC Role definition

NameKubernetes Agent Operator
Id5e93ba01-8f92-4c7a-b12a-801e3df23824
DescriptionGrants Microsoft Defender for Cloud access to Azure Kubernetes Services
CreatedOn2024-03-20 15:36:16 UTC
UpdatedOn2024-08-09 00:54:34 UTC
History
Date/Time (UTC ymd) (i) Change Change detail
2024-08-09 18:18:05 change: Actions Actions: 'add Microsoft.OperationalInsights/workspaces/write; add Microsoft.OperationalInsights/workspaces/read; add Microsoft.OperationalInsights/workspaces/listKeys/action; add Microsoft.OperationalInsights/workspaces/sharedkeys/action; add Microsoft.OperationalInsights/workspaces/sharedkeys/read'
2024-06-03 17:40:03 change: Actions Actions: 'add Microsoft.ContainerService/managedClusters/write'
2024-03-21 18:46:18 add: Role 5e93ba01-8f92-4c7a-b12a-801e3df23824
Permissions summary Effective control plane and data plane operations: 11 (unique operations)
•action: 2
•delete: 1
•read: 5
•write: 3

Actions: 11
Resolved control plane operations from Actions: 11
Effective control plane operations: 11
•action: 2
•delete: 1
•read: 5
•write: 3

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 15789

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3183
Actions
Operation Description
Microsoft.ContainerService/managedClusters/readGet a managed cluster
Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings/deleteDelete trusted access role bindings for managed cluster
Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings/readGet trusted access role bindings for managed cluster
Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings/writeCreate or update trusted access role bindings for managed cluster
Microsoft.ContainerService/managedClusters/writeCreates a new managed cluster or updates an existing one
Microsoft.OperationalInsights/workspaces/listKeys/actionRetrieves the list keys for the workspace. These keys are used to connect Microsoft Operational Insights agents to the workspace.
Microsoft.OperationalInsights/workspaces/readGets an existing workspace
Microsoft.OperationalInsights/workspaces/sharedkeys/actionRetrieves the shared keys for the workspace. These keys are used to connect Microsoft Operational Insights agents to the workspace.
Microsoft.OperationalInsights/workspaces/sharedkeys/readRetrieves the shared keys for the workspace. These keys are used to connect Microsoft Operational Insights agents to the workspace.
Microsoft.OperationalInsights/workspaces/writeCreates a new workspace or links to an existing workspace by providing the customer id from the existing workspace.
Microsoft.Security/pricings/securityoperators/readGets the security operators for the scope
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy
Policy DisplayName Policy Id Category State
[Preview]: Configure Azure Arc enabled Kubernetes clusters to install Microsoft Defender for Cloud extension 708b60a6-d253-4fe0-9114-4be4c00f012c Kubernetes Preview
Configure Azure Kubernetes Service clusters to enable Defender profile 64def556-fbad-4622-930e-72d1d5589bf5 Kubernetes GA
JSON
api-version=2023-07-01-preview
Condition none