AzRoleAdvertizer

last sync: 2025-Oct-28 18:22:45 UTC

Microsoft Sentinel Contributor

Azure BuiltIn RBAC Role definition

NameMicrosoft Sentinel Contributor
Microsoft Learn
Idab8e14d6-4a74-4a29-9ba8-549422addade
DescriptionMicrosoft Sentinel Contributor
CategorySecurity
Microsoft Learn
CreatedOn2019-08-28 16:39:03 UTC
UpdatedOn2022-08-01 18:55:21 UTC
Permissions summary Effective control plane and data plane operations: 1112 (unique operations)
•: 1
•Action: 41
•Delete: 44
•read: 979
•Write: 47

Actions: 16
Resolved control plane operations from Actions: 1116
Effective control plane operations: 1112
•: 1
•Action: 41
•Delete: 44
•read: 979
•Write: 47

NotActions: 2
Resolved control plane operations from NotActions: 4
Effective denied control plane operations: 16334

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 4081
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.Insights/myworkbooks/readno description given
Microsoft.Insights/workbooks/*wildcarded / no description
Microsoft.OperationalInsights/querypacks/*/readwildcarded / no description
Microsoft.OperationalInsights/workspaces/*/readwildcarded / no description
Microsoft.OperationalInsights/workspaces/analytics/query/actionSearch using new engine.
Microsoft.OperationalInsights/workspaces/dataSources/readGet data source under a workspace.
Microsoft.OperationalInsights/workspaces/query/*/readwildcarded / no description
Microsoft.OperationalInsights/workspaces/query/readRun queries over the data in the workspace
Microsoft.OperationalInsights/workspaces/savedSearches/*wildcarded / no description
Microsoft.OperationsManagement/solutions/readGet exiting OMS solution
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.SecurityInsights/*wildcarded / no description
Microsoft.Support/*wildcarded / no description
NotActions
Operation Description
Microsoft.OperationalInsights/workspaces/query/ConfidentialWatchlist/*wildcarded / no description
Microsoft.SecurityInsights/ConfidentialWatchlists/*wildcarded / no description
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy		 none
History
Date/Time (UTC ymd) (i) Change Change detail
2022-08-02 16:33:17 change: DisplayName, Description, NotActions New DisplayName: 'Microsoft Sentinel Contributor'
Old DisplayName: 'Azure Sentinel Contributor',
New Description: 'Microsoft Sentinel Contributor'
Old Description: 'Azure Sentinel Contributor',
NotActions: 'add Microsoft.SecurityInsights/ConfidentialWatchlists/*; add Microsoft.OperationalInsights/workspaces/query/ConfidentialWatchlist/*'
2021-08-05 14:48:34 change: Actions Actions: 'add Microsoft.OperationalInsights/querypacks/*/read'
2020-11-04 15:39:11 change: Actions Actions: 'add Microsoft.Insights/myworkbooks/read'
JSON
api-version=2023-07-01-preview
Condition none