last sync: 2023-Dec-05 19:46:52 UTC

Azure RBAC Role definition

Key Vault Data Access Administrator (preview)

NameKey Vault Data Access Administrator (preview)
Microsoft Learn
Id8b54135c-b56d-4d72-a534-26097cfdc8d8
DescriptionManage access to Azure Key Vault by adding or removing role assignments for the Key Vault Administrator, Key Vault Certificates Officer, Key Vault Crypto Officer, Key Vault Crypto Service Encryption User, Key Vault Crypto User, Key Vault Reader, Key Vault Secrets Officer, or Key Vault Secrets User roles. Includes an ABAC condition to constrain role assignments.
CreatedOn2023-06-20 22:41:17 UTC
UpdatedOn2023-10-06 00:59:02 UTC
History
Date/Time (UTC ymd) (i) Change Change detail
2023-10-09 18:04:57 change: Description, Actions New Description: 'Manage access to Azure Key Vault by adding or removing role assignments for the Key Vault Administrator, Key Vault Certificates Officer, Key Vault Crypto Officer, Key Vault Crypto Service Encryption User, Key Vault Crypto User, Key Vault Reader, Key Vault Secrets Officer, or Key Vault Secrets User roles. Includes an ABAC condition to constrain role assignments.'
Old Description: 'Add or remove key vault data plane role assignments and read resources of all types, except secrets. Includes an ABAC condition to constrain role assignments.',
Actions: 'add Microsoft.KeyVault/vaults/*/read'
2023-09-20 18:01:08 add: Role 8b54135c-b56d-4d72-a534-26097cfdc8d8
Permissions summary Effective control plane and data plane operations: 64 (unique operations)
•action: 8
•delete: 2
•read: 51
•write: 3

Actions: 10
Resolved control plane operations from Actions: 64
Effective control plane operations: 64
•action: 8
•delete: 2
•read: 51
•write: 3

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 14654

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3081
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Authorization/roleAssignments/deleteDelete a role assignment at the specified scope.
Microsoft.Authorization/roleAssignments/writeCreate a role assignment at the specified scope.
Microsoft.KeyVault/vaults/*/readwildcarded / no description
Microsoft.Management/managementGroups/readList management groups for the authenticated user.
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/readGets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Support/*wildcarded / no description
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy
none
JSON
api-version=2022-05-01-preview