last sync: 2023-Dec-04 18:39:01 UTC

Azure RBAC Role definition

Microsoft Sentinel Contributor

NameMicrosoft Sentinel Contributor
Microsoft Learn
Idab8e14d6-4a74-4a29-9ba8-549422addade
DescriptionMicrosoft Sentinel Contributor
CreatedOn2019-08-28 16:39:03 UTC
UpdatedOn2022-08-02 00:12:09 UTC
History
Date/Time (UTC ymd) (i) Change Change detail
2022-08-02 16:33:17 change: DisplayName, Description, NotActions New DisplayName: 'Microsoft Sentinel Contributor'
Old DisplayName: 'Azure Sentinel Contributor',
New Description: 'Microsoft Sentinel Contributor'
Old Description: 'Azure Sentinel Contributor',
NotActions: 'add Microsoft.SecurityInsights/ConfidentialWatchlists/*; add Microsoft.OperationalInsights/workspaces/query/ConfidentialWatchlist/*'
2021-08-05 14:48:34 change: Actions Actions: 'add Microsoft.OperationalInsights/querypacks/*/read'
2020-11-04 15:39:11 change: Actions Actions: 'add Microsoft.Insights/myworkbooks/read'
Permissions summary Effective control plane and data plane operations: 908 (unique operations)
•Action: 34
•Delete: 41
•read: 789
•Write: 44

Actions: 16
Resolved control plane operations from Actions: 912
Effective control plane operations: 908
•Action: 34
•Delete: 41
•read: 789
•Write: 44

NotActions: 2
Resolved control plane operations from NotActions: 4
Effective denied control plane operations: 13844

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3081
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.Insights/myworkbooks/readRead a private Workbook
Microsoft.Insights/workbooks/*wildcarded / no description
Microsoft.OperationalInsights/querypacks/*/readwildcarded / no description
Microsoft.OperationalInsights/workspaces/*/readwildcarded / no description
Microsoft.OperationalInsights/workspaces/analytics/query/actionSearch using new engine.
Microsoft.OperationalInsights/workspaces/dataSources/readGet data source under a workspace.
Microsoft.OperationalInsights/workspaces/query/*/readwildcarded / no description
Microsoft.OperationalInsights/workspaces/query/readRun queries over the data in the workspace
Microsoft.OperationalInsights/workspaces/savedSearches/*wildcarded / no description
Microsoft.OperationsManagement/solutions/readGet exiting OMS solution
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.SecurityInsights/*wildcarded / no description
Microsoft.Support/*wildcarded / no description
NotActions
Operation Description
Microsoft.OperationalInsights/workspaces/query/ConfidentialWatchlist/*wildcarded / no description
Microsoft.SecurityInsights/ConfidentialWatchlists/*wildcarded / no description
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy
none
JSON
api-version=2022-05-01-preview