AzRoleAdvertizer

last sync: 2024-Apr-19 17:44:22 UTC

Key Vault Certificates Officer

Azure BuiltIn RBAC Role definition

Name

Key Vault Certificates Officer

a4417e6f-fecd-4de8-b567-7b0420556985

Description

Perform any action on the certificates of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model.

CreatedOn

2020-05-19 17:52:47 UTC

UpdatedOn

2023-06-12 15:03:21 UTC

History

Date/Time (UTC ymd) (i)	Change	Change detail
2023-06-12 17:45:13	change: DisplayName, DataActions	New DisplayName: 'Key Vault Certificates Officer' Old DisplayName: 'Key Vault Certificates Officer (preview)', DataActions: 'add Microsoft.KeyVault/vaults/certificatecontacts/write'
2020-05-19 20:42:36	add: Role	a4417e6f-fecd-4de8-b567-7b0420556985

Permissions summary

Effective control plane and data plane operations: 87 (unique operations)
•: 1
•Action: 17
•Delete: 4
•read: 60
•Write: 5

Actions: 10
Resolved control plane operations from Actions: 74
Effective control plane operations: 74
•: 1
•Action: 10
•Delete: 2
•read: 58
•Write: 3

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 15287

DataActions: 3
Resolved data plane operations: 13
Effective data plane operations: 13
•action: 7
•delete: 2
•read: 2
•write: 2

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3107

Actions

Operation	Description
Microsoft.Authorization/*/read	wildcarded / no description
Microsoft.Insights/alertRules/*	wildcarded / no description
Microsoft.KeyVault/checkNameAvailability/read	Checks that a key vault name is valid and is not in use
Microsoft.KeyVault/deletedVaults/read	View the properties of soft deleted key vaults
Microsoft.KeyVault/locations/*/read	wildcarded / no description
Microsoft.KeyVault/operations/read	Lists operations available on Microsoft.KeyVault resource provider
Microsoft.KeyVault/vaults/*/read	wildcarded / no description
Microsoft.Resources/deployments/*	wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/read	Gets or lists resource groups.
Microsoft.Support/*	wildcarded / no description

NotActions

n/a

DataActions

Operation	Description
Microsoft.KeyVault/vaults/certificatecas/*	wildcarded / no description
Microsoft.KeyVault/vaults/certificatecontacts/write	Manage Certificate Contact
Microsoft.KeyVault/vaults/certificates/*	wildcarded / no description

NotDataActions

n/a

Used in
BuiltIn Policy

none

JSON

api-version=2022-05-01-preview

Condition

none