last sync: 2024-Oct-11 17:51:49 UTC

Defender Kubernetes Agent Operator

Azure BuiltIn RBAC Role definition

NameDefender Kubernetes Agent Operator
Id8bb6f106-b146-4ee6-a3f9-b9c5a96e0ae5
DescriptionGrants Microsoft Defender for Cloud permissions to provision the Kubernetes defender security agent
CreatedOn2024-01-29 16:00:38 UTC
UpdatedOn2024-04-08 15:07:46 UTC
History
Date/Time (UTC ymd) (i) Change Change detail
2024-04-09 17:48:20 change: Actions Actions: 'add Microsoft.Kubernetes/register/action; add Microsoft.KubernetesConfiguration/register/action'
2024-02-15 20:37:45 change: Actions Actions: 'add Microsoft.Authorization/*/read; add Microsoft.Insights/alertRules/*; add Microsoft.Resources/deployments/*; add Microsoft.Resources/subscriptions/resourceGroups/read; add Microsoft.Resources/subscriptions/resourceGroups/write; add Microsoft.Resources/subscriptions/operationresults/read; add Microsoft.Resources/subscriptions/read; add Microsoft.KubernetesConfiguration/extensions/write; add Microsoft.KubernetesConfiguration/extensions/read; add Microsoft.KubernetesConfiguration/extensions/delete; add Microsoft.KubernetesConfiguration/extensions/operations/read; add Microsoft.Kubernetes/connectedClusters/Write; add Microsoft.Kubernetes/connectedClusters/read; add Microsoft.OperationalInsights/workspaces/write; add Microsoft.OperationalInsights/workspaces/read; add Microsoft.OperationalInsights/workspaces/listKeys/action; add Microsoft.OperationalInsights/workspaces/sharedkeys/action'
2024-01-30 18:39:38 add: Role 8bb6f106-b146-4ee6-a3f9-b9c5a96e0ae5
Permissions summary Effective control plane and data plane operations: 60 (unique operations)
•: 1
•Action: 11
•Delete: 3
•read: 39
•Write: 6

Actions: 19
Resolved control plane operations from Actions: 60
Effective control plane operations: 60
•: 1
•Action: 11
•Delete: 3
•read: 39
•Write: 6

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 15740

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3183
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/readRead connectedClusters
Microsoft.Kubernetes/connectedClusters/WriteWrites connectedClusters
Microsoft.Kubernetes/register/actionRegisters Subscription with Microsoft.Kubernetes resource provider
Microsoft.KubernetesConfiguration/extensions/deleteDeletes extension instance resource.
Microsoft.KubernetesConfiguration/extensions/operations/readGets Async Operation status.
Microsoft.KubernetesConfiguration/extensions/readGets extension instance resource.
Microsoft.KubernetesConfiguration/extensions/writeCreates or updates extension resource.
Microsoft.KubernetesConfiguration/register/actionRegisters subscription to Microsoft.KubernetesConfiguration resource provider.
Microsoft.OperationalInsights/workspaces/listKeys/actionRetrieves the list keys for the workspace. These keys are used to connect Microsoft Operational Insights agents to the workspace.
Microsoft.OperationalInsights/workspaces/readGets an existing workspace
Microsoft.OperationalInsights/workspaces/sharedkeys/actionRetrieves the shared keys for the workspace. These keys are used to connect Microsoft Operational Insights agents to the workspace.
Microsoft.OperationalInsights/workspaces/writeCreates a new workspace or links to an existing workspace by providing the customer id from the existing workspace.
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/operationresults/readGet the subscription operation results.
Microsoft.Resources/subscriptions/readGets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Resources/subscriptions/resourceGroups/writeCreates or updates a resource group.
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy
Policy DisplayName Policy Id Category State
[Preview]: Configure Azure Arc enabled Kubernetes clusters to install Microsoft Defender for Cloud extension 708b60a6-d253-4fe0-9114-4be4c00f012c Kubernetes Preview
Configure Azure Kubernetes Service clusters to enable Defender profile 64def556-fbad-4622-930e-72d1d5589bf5 Kubernetes GA
JSON
api-version=2023-07-01-preview
Condition none