AzRoleAdvertizer

last sync: 2025-Sep-16 17:22:53 UTC

Storage Actions Task Assignment Contributor

Azure BuiltIn RBAC Role definition

NameStorage Actions Task Assignment Contributor
Id77789c21-1643-48a2-8f27-47f858540b51
DescriptionUsed by the Storage Actions assigner to create a Task Assignment on their target Storage Account, with RBAC privileges for Managed Identity
CategoryNone
CreatedOn2025-09-12 21:16:43 UTC
UpdatedOn2025-09-12 21:16:43 UTC
Permissions summary Effective control plane and data plane operations: 58 (unique operations)
•: 1
•Action: 7
•delete: 4
•read: 42
•write: 4

Actions: 13
Resolved control plane operations from Actions: 58
Effective control plane operations: 58
•: 1
•Action: 7
•delete: 4
•read: 42
•write: 4

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 17095

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3748
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Authorization/roleAssignments/delete conditionedDelete a role assignment at the specified scope.
Microsoft.Authorization/roleAssignments/write conditionedCreate a role assignment at the specified scope.
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Storage/storageAccounts/blobServices/readReturns blob service properties or statistics
Microsoft.Storage/storageAccounts/readReturns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Storage/storageAccounts/reports/readno description given
Microsoft.Storage/storageAccounts/storageTaskAssignments/deleteno description given
Microsoft.Storage/storageAccounts/storageTaskAssignments/readno description given
Microsoft.Storage/storageAccounts/storageTaskAssignments/reports/readno description given
Microsoft.Storage/storageAccounts/storageTaskAssignments/writeno description given
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy		 none
History
Date/Time (UTC ymd) (i) Change Change detail
2025-09-15 17:22:50 add: Role 77789c21-1643-48a2-8f27-47f858540b51
JSON
api-version=2023-07-01-preview
Condition
    
    (
        (
            !
            (
                ActionMatches {
                'Microsoft.Authorization/roleAssignments/write'
                }
            )
        )
        OR
        (
            @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
            4bad4d9e-2a13-4888-94bb-c8432f6f3040 (Storage Actions Blob Data Operator)
            }
        )
    )
    AND
    (
        (
            !
            (
                ActionMatches {
                'Microsoft.Authorization/roleAssignments/delete'
                }
            )
        )
        OR
        (
            @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
            4bad4d9e-2a13-4888-94bb-c8432f6f3040 (Storage Actions Blob Data Operator)
            }
        )
    )