AzRoleAdvertizer

last sync: 2025-Oct-23 17:22:49 UTC

AcrImageSigner

Azure BuiltIn RBAC Role definition

Name

6cef56e8-d556-48e5-a04f-b8e64114680f

Description

Planned DEPRECATION on March 31, 2028. Grant the signing permission for content trust. As content trust is being deprecated and will be completely removed on March 31, 2028, this role will also be removed. Refer to https://aka.ms/acr/dctdeprecation for details and transition guidance.

Category

Containers
Microsoft Learn

CreatedOn

2018-03-15 23:23:08 UTC

UpdatedOn

2025-10-03 10:06:29 UTC

Permissions summary

Effective control plane and data plane operations: 2 (unique operations)
•write: 2

Actions: 1
Resolved control plane operations from Actions: 1
Effective control plane operations: 1
•write: 1

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 17375

DataActions: 1
Resolved data plane operations: 1
Effective data plane operations: 1
•write: 1

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 4080

Actions

Operation	Description
Microsoft.ContainerRegistry/registries/sign/write	Push/Pull content trust metadata for a container registry.

NotActions

n/a

DataActions

Operation	Description
Microsoft.ContainerRegistry/registries/trustedCollections/write	Allows push or publish of trusted collections of container registry content. This is similar to Microsoft.ContainerRegistry/registries/sign/write action except that this is a data action

NotDataActions

n/a

Used in
BuiltIn Policy

none

History

Date/Time (UTC ymd) (i)	Change	Change detail
2021-06-24 14:29:36	change: DataActions	DataActions: 'add Microsoft.ContainerRegistry/registries/trustedCollections/write'

JSON

api-version=2023-07-01-preview

Condition

none