AzRoleAdvertizer

last sync: 2025-Sep-02 17:22:46 UTC

Defender Unified RBAC Reader

Azure BuiltIn RBAC Role definition

NameDefender Unified RBAC Reader
Id78b7345a-1e1b-483a-ac62-62228c6ea89d
DescriptionDefender Unified RBAC Reader. This role is managed and assigned automatically by the Defender Unified RBAC system. Manual assignment of this role is not recommended, as the Defender Unified RBAC system may modify or remove it at any time based on system requirements.
CategoryNone
CreatedOn2025-08-29 15:23:46 UTC
UpdatedOn2025-08-29 15:23:46 UTC
Permissions summary Effective control plane and data plane operations: 926 (unique operations)
•action: 4
•read: 922

Actions: 14
Resolved control plane operations from Actions: 927
Effective control plane operations: 925
•action: 4
•read: 921

NotActions: 2
Resolved control plane operations from NotActions: 4
Effective denied control plane operations: 16142

DataActions: 1
Resolved data plane operations: 1
Effective data plane operations: 1
•read: 1

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3724
Actions
Operation Description
Microsoft.OperationalInsights/querypacks/*/readwildcarded / no description
Microsoft.OperationalInsights/workspaces/*/readwildcarded / no description
Microsoft.OperationalInsights/workspaces/analytics/query/actionSearch using new engine.
Microsoft.OperationalInsights/workspaces/dataSources/readGet data source under a workspace.
Microsoft.OperationalInsights/workspaces/LinkedServices/readGet linked services under given workspace.
Microsoft.OperationalInsights/workspaces/query/*/readwildcarded / no description
Microsoft.OperationalInsights/workspaces/query/readRun queries over the data in the workspace
Microsoft.OperationalInsights/workspaces/readGets an existing workspace
Microsoft.OperationalInsights/workspaces/savedSearches/readGets a saved search query.
Microsoft.OperationsManagement/solutions/readGet exiting OMS solution
Microsoft.SecurityInsights/*/readwildcarded / no description
Microsoft.SecurityInsights/dataConnectorsCheckRequirements/actionCheck user authorization and license
Microsoft.SecurityInsights/threatIntelligence/indicators/query/actionQuery Threat Intelligence Indicators
Microsoft.SecurityInsights/threatIntelligence/queryIndicators/actionQuery Threat Intelligence Indicators
NotActions
Operation Description
Microsoft.OperationalInsights/workspaces/query/ConfidentialWatchlist/*wildcarded / no description
Microsoft.SecurityInsights/ConfidentialWatchlists/*wildcarded / no description
DataActions
Operation Description
Microsoft.OperationalInsights/workspaces/tables/data/readAllows you to provide read data access to workspaces, or more fine-grained data entities, such as specific tables or rows.
NotDataActions n/a
Used in
BuiltIn Policy		 none
History
Date/Time (UTC ymd) (i) Change Change detail
2025-08-29 17:22:35 add: Role 78b7345a-1e1b-483a-ac62-62228c6ea89d
JSON
api-version=2023-07-01-preview
Condition none