Name | Key Vault Data Access Administrator | ||||||||||||||||||||||
Id | 8b54135c-b56d-4d72-a534-26097cfdc8d8 | ||||||||||||||||||||||
Description | Manage access to Azure Key Vault by adding or removing role assignments for the Key Vault Administrator, Key Vault Certificates Officer, Key Vault Crypto Officer, Key Vault Crypto Service Encryption User, Key Vault Crypto User, Key Vault Reader, Key Vault Secrets Officer, or Key Vault Secrets User roles. Includes an ABAC condition to constrain role assignments. | ||||||||||||||||||||||
CreatedOn | 2023-06-20 22:26:01 UTC | ||||||||||||||||||||||
UpdatedOn | 2023-12-07 01:33:05 UTC | ||||||||||||||||||||||
History |
|
||||||||||||||||||||||
Permissions summary | Effective control plane and data plane operations: 63 (unique operations) •action: 7 •delete: 2 •read: 51 •write: 3 Actions: 10 Resolved control plane operations from Actions: 63 Effective control plane operations: 63 •action: 7 •delete: 2 •read: 51 •write: 3 NotActions: 0 Resolved control plane operations from NotActions: 0 Effective denied control plane operations: 15767 DataActions: 0 Resolved data plane operations: 0 Effective data plane operations: 0 NotDataActions: 0 Resolved data plane operations from NotDataActions: 0 Effective denied data plane operations: 3188 |
||||||||||||||||||||||
Actions |
|
||||||||||||||||||||||
NotActions | n/a | ||||||||||||||||||||||
DataActions | n/a | ||||||||||||||||||||||
NotDataActions | n/a | ||||||||||||||||||||||
Used in BuiltIn Policy |
none | ||||||||||||||||||||||
JSON |
|
||||||||||||||||||||||
Condition |
( ( ! ( ActionMatches { 'Microsoft.Authorization/roleAssignments/write' } ) ) OR ( @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals { 00482a5a-887f-4fb3-b363-3b7fe8e74483 (Key Vault Administrator), a4417e6f-fecd-4de8-b567-7b0420556985 (Key Vault Certificates Officer), 14b46e9e-c2b7-41b4-b07b-48a6ebf60603 (Key Vault Crypto Officer), e147488a-f6f5-4113-8e2d-b22465e65bf6 (Key Vault Crypto Service Encryption User), 12338af0-0e69-4776-bea7-57ae8d297424 (Key Vault Crypto User), 21090545-7ca7-4776-b22c-e363652d74d2 (Key Vault Reader), b86a8fe4-44ce-4948-aee5-eccb2c155cd7 (Key Vault Secrets Officer), 4633458b-17de-408a-b874-0445c86b69e6 (Key Vault Secrets User) } ) ) AND ( ( ! ( ActionMatches { 'Microsoft.Authorization/roleAssignments/delete' } ) ) OR ( @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals { 00482a5a-887f-4fb3-b363-3b7fe8e74483 (Key Vault Administrator), a4417e6f-fecd-4de8-b567-7b0420556985 (Key Vault Certificates Officer), 14b46e9e-c2b7-41b4-b07b-48a6ebf60603 (Key Vault Crypto Officer), e147488a-f6f5-4113-8e2d-b22465e65bf6 (Key Vault Crypto Service Encryption User), 12338af0-0e69-4776-bea7-57ae8d297424 (Key Vault Crypto User), 21090545-7ca7-4776-b22c-e363652d74d2 (Key Vault Reader), b86a8fe4-44ce-4948-aee5-eccb2c155cd7 (Key Vault Secrets Officer), 4633458b-17de-408a-b874-0445c86b69e6 (Key Vault Secrets User) } ) ) |