last sync: 2020-Aug-05 13:05:28 UTC

Azure Role

Log Analytics Contributor

Role Name Log Analytics Contributor
Role Id 92aaf0da-9dab-42b6-94a3-d43ce8d16293
Role Description Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources.
Role Changes no changes
Actions
Operation Description Used in other Role(s)
*/read Log Analytics Reader, Managed Application Operator Role, Managed Applications Reader , Monitoring Reader, Monitoring Contributor, Reader, Resource Policy Contributor, User Access Administrator, Managed Application Contributor Role
Microsoft.Automation/automationAccounts/*
Microsoft.ClassicCompute/virtualMachines/extensions/*
Microsoft.ClassicStorage/storageAccounts/listKeys/action Lists the access keys for the storage accounts. Classic Storage Account Key Operator Service Role, Classic Virtual Machine Contributor, Logic App Contributor
Microsoft.Compute/virtualMachines/extensions/*
Microsoft.HybridCompute/machines/extensions/write Installs or Updates an Azure Arc extensions Azure Connected Machine Resource Administrator
Microsoft.Insights/alertRules/* API Management Service Contributor, API Management Service Operator Role, API Management Service Reader Role , Application Insights Component Contributor, Application Insights Snapshot Debugger, Automation Job Operator, Automation Runbook Operator, Automation Operator, Avere Contributor, BizTalk Contributor, CDN Endpoint Contributor, CDN Endpoint Reader, CDN Profile Contributor, CDN Profile Reader, Classic Network Contributor, Classic Storage Account Contributor, ClearDB MySQL DB Contributor, Classic Virtual Machine Contributor, Cognitive Services Contributor, Data Factory Contributor, Data Lake Analytics Developer, DocumentDB Account Contributor, DNS Zone Contributor, EventGrid EventSubscription Contributor, Intelligent Systems Account Contributor, Key Vault Contributor, Logic App Contributor, Managed Identity Operator, Managed Identity Contributor, Network Contributor, Monitoring Contributor, New Relic APM Account Contributor, Redis Cache Contributor, Scheduler Job Collections Contributor, Search Service Contributor, Security Admin, Security Manager (Legacy), Site Recovery Contributor, Site Recovery Operator, SQL Managed Instance Contributor, SQL DB Contributor, SQL Security Manager, Storage Account Contributor, SQL Server Contributor, Traffic Manager Contributor, Virtual Machine Contributor, Web Plan Contributor, Website Contributor, HDInsight Cluster Operator, Cosmos DB Operator, Private DNS Zone Contributor, Azure Sentinel Contributor, Azure Sentinel Responder, Azure Sentinel Reader, SignalR Contributor, Kubernetes Cluster - Azure Arc Onboarding, Tag Contributor, Key Vault Administrator (preview), Key Vault Crypto Officer (preview), Key Vault Secrets Officer (preview), Key Vault Certificates Officer (preview), Key Vault Reader (preview), Azure Arc Kubernetes Viewer, Azure Arc Kubernetes Writer, Azure Arc Kubernetes Cluster Admin, Azure Arc Kubernetes Admin, Azure Kubernetes Service RBAC Cluster Admin, Azure Kubernetes Service RBAC Admin, Azure Kubernetes Service RBAC Reader, Azure Kubernetes Service RBAC Writer, Azure Arc Enabled Kubernetes Cluster User Role
Microsoft.Insights/diagnosticSettings/* Cognitive Services Contributor, Logic App Contributor, Monitoring Contributor , Storage Account Contributor
Microsoft.OperationalInsights/*
Microsoft.OperationsManagement/*
Microsoft.Resources/deployments/* API Management Service Contributor, API Management Service Operator Role, API Management Service Reader Role , Application Insights Component Contributor, Application Insights Snapshot Debugger, Automation Job Operator, Automation Runbook Operator, Automation Operator, Avere Contributor, Backup Contributor, Backup Operator, BizTalk Contributor, CDN Endpoint Contributor, CDN Endpoint Reader, CDN Profile Contributor, CDN Profile Reader, Classic Network Contributor, Classic Storage Account Contributor, ClearDB MySQL DB Contributor, Classic Virtual Machine Contributor, Cognitive Services Contributor, Data Box Contributor, Data Factory Contributor, Data Lake Analytics Developer, DocumentDB Account Contributor, DNS Zone Contributor, EventGrid EventSubscription Contributor, Intelligent Systems Account Contributor, Key Vault Contributor, Logic App Contributor, Managed Applications Reader, Managed Identity Operator, Managed Identity Contributor, Network Contributor, New Relic APM Account Contributor, Redis Cache Contributor, Scheduler Job Collections Contributor, Search Service Contributor, Security Admin, Security Manager (Legacy), Site Recovery Contributor, Site Recovery Operator, SQL Managed Instance Contributor, SQL DB Contributor, SQL Security Manager, Storage Account Contributor, SQL Server Contributor, Traffic Manager Contributor, Virtual Machine Contributor, Web Plan Contributor, Website Contributor, Cosmos DB Operator, Private DNS Zone Contributor, Blueprint Contributor, Blueprint Operator, Azure Sentinel Contributor, Azure Sentinel Responder, Azure Sentinel Reader, SignalR Contributor, Managed Application Contributor Role, Tag Contributor, Azure Kubernetes Service Contributor Role, Key Vault Administrator (preview), Key Vault Crypto Officer (preview), Key Vault Secrets Officer (preview), Key Vault Certificates Officer (preview), Key Vault Reader (preview)
Microsoft.Resources/subscriptions/resourcegroups/deployments/* Cognitive Services Contributor
Microsoft.Storage/storageAccounts/listKeys/action Returns the access keys for the specified storage account. DevTest Labs User, Logic App Contributor, Reader and Data Access , Storage Account Key Operator Service Role, Virtual Machine Contributor
Microsoft.Support/* API Management Service Contributor, API Management Service Operator Role, API Management Service Reader Role , Application Insights Component Contributor, Application Insights Snapshot Debugger, Automation Job Operator, Automation Runbook Operator, Automation Operator, Avere Contributor, Backup Contributor, Billing Reader, Backup Operator, BizTalk Contributor, CDN Endpoint Contributor, CDN Endpoint Reader, CDN Profile Contributor, CDN Profile Reader, Classic Network Contributor, Classic Storage Account Contributor, ClearDB MySQL DB Contributor, Classic Virtual Machine Contributor, Cognitive Services User, Cognitive Services Contributor, Cosmos DB Account Reader Role, Cost Management Contributor, Cost Management Reader, Data Box Contributor, Data Box Reader, Data Factory Contributor, Data Lake Analytics Developer, DocumentDB Account Contributor, DNS Zone Contributor, EventGrid EventSubscription Contributor, Intelligent Systems Account Contributor, Key Vault Contributor, Lab Creator, Log Analytics Reader, Logic App Operator, Logic App Contributor, Managed Identity Operator, Managed Identity Contributor, Monitoring Metrics Publisher, Monitoring Reader, Network Contributor, Monitoring Contributor, New Relic APM Account Contributor, Redis Cache Contributor, Resource Policy Contributor, Scheduler Job Collections Contributor, Search Service Contributor, Security Admin, Security Manager (Legacy), Site Recovery Contributor, Site Recovery Operator, Site Recovery Reader, SQL Managed Instance Contributor, SQL DB Contributor, SQL Security Manager, Storage Account Contributor, SQL Server Contributor, Support Request Contributor, Traffic Manager Contributor, User Access Administrator, Virtual Machine Contributor, Web Plan Contributor, Website Contributor, HDInsight Cluster Operator, Cosmos DB Operator, Private DNS Zone Contributor, Blueprint Contributor, Blueprint Operator, Azure Sentinel Contributor, Azure Sentinel Responder, Azure Sentinel Reader, SignalR AccessKey Reader, SignalR Contributor, Kubernetes Cluster - Azure Arc Onboarding, Tag Contributor, Integration Service Environment Developer, Integration Service Environment Contributor, Key Vault Administrator (preview), Key Vault Crypto Officer (preview), Key Vault Secrets Officer (preview), Key Vault Certificates Officer (preview), Key Vault Reader (preview), Azure Arc Kubernetes Viewer, Azure Arc Kubernetes Writer, Azure Arc Kubernetes Cluster Admin, Azure Arc Kubernetes Admin, Azure Kubernetes Service RBAC Cluster Admin, Azure Kubernetes Service RBAC Admin, Azure Kubernetes Service RBAC Reader, Azure Kubernetes Service RBAC Writer, Azure Arc Enabled Kubernetes Cluster User Role
NotActions
DataActions
NotDataActions
Used in Policy
Policy DisplayName Policy Id
Deploy Diagnostic Settings for Service Bus to Log Analytics workspace 04d53d87-841c-4f23-8a5b-21564380b55e
Deploy Log Analytics agent for Linux VMs 053d3325-282c-4e5c-b944-24faffd30d77
Deploy Log Analytics agent for Windows VMs 0868462e-646c-4fe3-9ced-a733534b6a2c
Deploy Diagnostic Settings for Search Services to Log Analytics workspace 08ba64b8-738f-4918-9686-730d2ed79c7d
Deploy Dependency agent for Windows virtual machines 1c210e94-a481-4beb-95fa-1571b434fb04
Deploy Diagnostic Settings for Event Hub to Log Analytics workspace 1f6e93e8-6b31-41b1-83f6-36e449a42579
Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace 237e0f7e-b0e8-4ec4-ad46-8c12cb66d673
Deploy Diagnostic Settings for Data Lake Storage Gen1 to Log Analytics workspace 25763a0a-5783-4f14-969e-79d4933eb74b
Deploy Log Analytics agent for Windows virtual machine scale sets 3c1b3629-c8f8-4bf6-862c-037cb9094038
[Deprecated]: Deploy default Log Analytics Agent for Ubuntu VMs 3d8640fc-63f6-4734-8dcb-cfd3d8c78f38
Deploy Dependency agent for Linux virtual machines 4da21710-ce6f-4e06-8cdb-5cc4c93ffbee
Deploy Log Analytics agent for Linux virtual machine scale sets 5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069
[Preview]: Deploy Log Analytics agent to Windows Azure Arc machines 69af7d4a-7b18-4044-93a9-2651498ef203
[Preview]: Deploy Dependency agent to Windows Azure Arc machines 91cb9edd-cd92-4d2f-b2f2-bdd8d065a3d4
[Preview]: Deploy Log Analytics agent to Linux Azure Arc machines 9d2b61b4-1d14-4a63-be30-d4498e7ad2cf
Deploy Diagnostic Settings for Logic Apps to Log Analytics workspace b889a06c-ec72-4b03-910a-cb169ee18721
Deploy Diagnostic Settings for Key Vault to Log Analytics workspace bef3f64c-5290-43b7-85b0-9b254eef4c47
[Preview]: Deploy Diagnostic Settings for Recovery Services Vault to Log Analytics workspace for resource specific categories. c717fb0c-d118-4c43-ab3d-ece30ac81fb3
Deploy Diagnostic Settings for Batch Account to Log Analytics workspace c84e5349-db6d-4769-805e-e14037dab9b5
Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03
[Preview]: Deploy Dependency agent to hybrid Linux Azure Arc machines deacecc0-9f84-44d2-bb82-46f32d766d43
Role Definition (Json)
{
  "Name": "Log Analytics Contributor",
  "Id": "92aaf0da-9dab-42b6-94a3-d43ce8d16293",
  "IsCustom": false,
  "Description": "Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources.",
  "Actions": [
    "*/read",
    "Microsoft.Automation/automationAccounts/*",
    "Microsoft.ClassicCompute/virtualMachines/extensions/*",
    "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
    "Microsoft.Compute/virtualMachines/extensions/*",
    "Microsoft.HybridCompute/machines/extensions/write",
    "Microsoft.Insights/alertRules/*",
    "Microsoft.Insights/diagnosticSettings/*",
    "Microsoft.OperationalInsights/*",
    "Microsoft.OperationsManagement/*",
    "Microsoft.Resources/deployments/*",
    "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
    "Microsoft.Storage/storageAccounts/listKeys/action",
    "Microsoft.Support/*"
  ],
  "NotActions": [
    
  ],
  "DataActions": [
    
  ],
  "NotDataActions": [
    
  ],
  "AssignableScopes": [
    "/"
  ]
}