last sync: 2024-Mar-18 18:48:33 UTC

SQL Server Contributor

Azure BuiltIn RBAC Role definition

NameSQL Server Contributor
Id6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437
DescriptionLets you manage SQL servers and databases, but not access to them, and not their security -related policies.
CreatedOn2015-02-02 21:55:09 UTC
UpdatedOn2022-04-29 01:12:26 UTC
History
Date/Time (UTC ymd) (i) Change Change detail
2022-04-29 18:06:01 change: NotActions NotActions: 'add Microsoft.Sql/servers/externalPolicyBasedAuthorizations/delete; add Microsoft.Sql/servers/externalPolicyBasedAuthorizations/write'
2021-03-09 14:37:39 change: NotActions NotActions: 'add Microsoft.Sql/servers/devOpsAuditingSettings/*'
2020-10-20 13:29:34 change: NotActions NotActions: 'remove Microsoft.Sql/servers/auditingPolicies/*; remove Microsoft.Sql/servers/databases/auditingPolicies/*; remove Microsoft.Sql/servers/databases/connectionPolicies/*'
Permissions summary Effective control plane and data plane operations: 440 (unique operations)
•Action: 52
•Delete: 34
•read: 293
•Write: 61

Actions: 10
Resolved control plane operations from Actions: 492
Effective control plane operations: 440
•Action: 52
•Delete: 34
•read: 293
•Write: 61

NotActions: 30
Resolved control plane operations from NotActions: 78
Effective denied control plane operations: 14689

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3095
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.Insights/metricDefinitions/readRead metric definitions
Microsoft.Insights/metrics/readRead metrics
Microsoft.ResourceHealth/availabilityStatuses/readGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Sql/locations/*/readwildcarded / no description
Microsoft.Sql/servers/*wildcarded / no description
Microsoft.Support/*wildcarded / no description
NotActions
Operation Description
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*wildcarded / no description
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*wildcarded / no description
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*wildcarded / no description
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*wildcarded / no description
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*wildcarded / no description
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*wildcarded / no description
Microsoft.Sql/managedInstances/securityAlertPolicies/*wildcarded / no description
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*wildcarded / no description
Microsoft.Sql/servers/auditingSettings/*wildcarded / no description
Microsoft.Sql/servers/azureADOnlyAuthentications/deleteDeletes a specific server Azure Active Directory only authentication object
Microsoft.Sql/servers/azureADOnlyAuthentications/writeAdds or updates a specific server Azure Active Directory only authentication object
Microsoft.Sql/servers/databases/auditingSettings/*wildcarded / no description
Microsoft.Sql/servers/databases/auditRecords/readRetrieve the database blob audit records
Microsoft.Sql/servers/databases/currentSensitivityLabels/*wildcarded / no description
Microsoft.Sql/servers/databases/dataMaskingPolicies/*wildcarded / no description
Microsoft.Sql/servers/databases/extendedAuditingSettings/*wildcarded / no description
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*wildcarded / no description
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*wildcarded / no description
Microsoft.Sql/servers/databases/securityAlertPolicies/*wildcarded / no description
Microsoft.Sql/servers/databases/securityMetrics/*wildcarded / no description
Microsoft.Sql/servers/databases/sensitivityLabels/*wildcarded / no description
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*wildcarded / no description
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*wildcarded / no description
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*wildcarded / no description
Microsoft.Sql/servers/devOpsAuditingSettings/*wildcarded / no description
Microsoft.Sql/servers/extendedAuditingSettings/*wildcarded / no description
Microsoft.Sql/servers/externalPolicyBasedAuthorizations/deleteDeletes a specific server external policy based authorization property
Microsoft.Sql/servers/externalPolicyBasedAuthorizations/writeAdds or updates a specific server external policy based authorization property
Microsoft.Sql/servers/securityAlertPolicies/*wildcarded / no description
Microsoft.Sql/servers/vulnerabilityAssessments/*wildcarded / no description
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy
Policy DisplayName Policy Id Category State
Configure Azure Data Explorer clusters with private endpoints a47272e1-1d5d-4b0b-b366-4873f1432fe0 Azure Data Explorer GA
Configure Azure Data Explorer to disable public network access 7b32f193-cb28-4e15-9a98-b9556db0bafa Azure Data Explorer GA
Configure Azure SQL Server to disable public network access 28b0b1e5-17ba-4963-a7a4-5a1ab4400a0b SQL GA
Configure Azure SQL Server to enable private endpoint connections 8e8ca470-d980-4831-99e6-dc70d9f6af87 SQL GA
JSON
api-version=2022-05-01-preview
Condition none