last sync: 2020-Oct-28 15:04:35 UTC

Azure Role

Contributor

NameContributor
Idb24988ac-6180-42a0-ab88-20f7382dd24c
DescriptionGrants full access to manage all resources, but does not allow you to assign roles in Azure RBAC.
CreatedOn2015-02-02 21:55:09 UTC
UpdatedOn2020-08-14 20:15:12 UTC
Historynone
Actions
Operation Description Used in other Roles
*no description given Owner
NotActions
Operation Description Used in other Roles
Microsoft.Authorization/*/Deleteno description given none
Microsoft.Authorization/*/Writeno description given none
Microsoft.Authorization/elevateAccess/ActionGrants the caller User Access Administrator access at the tenant scope none
Microsoft.Blueprint/blueprintAssignments/deleteDelete any blueprint artifacts none
Microsoft.Blueprint/blueprintAssignments/writeCreate or update any blueprint artifacts none
DataActions n/a
NotDataActions n/a
Used in Policy
Policy DisplayName Policy Id Category
[Deprecated]: Deploy prerequisites to audit Linux VMs that allow remote connections from accounts without passwords ec49586f-4939-402d-a29e-6ff502b20592 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Linux VMs that do not have the passwd file permissions set to 0644 f19aa1c1-6b91-4c27-ae6a-970279f03db9 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Linux VMs that do not have the specified applications installed 4d1c04de-2172-403f-901b-90608c35c721 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Linux VMs that have accounts without passwords 3470477a-b35a-49db-aca5-1073d04524fe Guest Configuration
[Deprecated]: Deploy prerequisites to audit Linux VMs that have the specified applications installed 884b209a-963b-4520-8006-d20cb3c213e0 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows Server VMs on which Windows Serial Console is not enabled 7a031c68-d6ab-406e-a506-697a19c634b0 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - Control Panel' ec7ac234-2af5-4729-94d2-c557c071799d Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - MSS (Legacy)' f1f4825d-58fb-4257-8016-8c00e3c9ed9d Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - Network' 985285b7-b97a-419c-8d48-c88cc934c8d8 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - System' 40917425-69db-4018-8dae-2a0556cef899 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Accounts' e5b81f87-9185-4224-bf00-9f505e9f89f3 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Audit' 498b810c-59cd-4222-9338-352ba146ccf3 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Devices' 6481cc21-ed6e-4480-99dd-ea7c5222e897 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Interactive Logon' 3750712b-43d0-478e-9966-d2c26f6141b9 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Microsoft Network Client' bbcdd8fa-b600-4ee3-85b8-d184e3339652 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Microsoft Network Server' 86880e5c-df35-43c5-95ad-7e120635775e Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Network Access' f56a3ab2-89d1-44de-ac0d-2ada5962e22a Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Network Security' 36e17963-7202-494a-80c3-f508211c826b Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Recovery console' ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Shutdown' 1f8c20ce-3414-4496-8b26-0e902a1541da Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - System objects' 12ae2d24-3805-4b37-9fa9-465968bfbcfa Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - System settings' 437a1f8f-8552-47a8-8b12-a2fee3269dd5 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - User Account Control' e425e402-a050-45e5-b010-bd3f934589fc Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Settings - Account Policies' e3d95ab7-f47a-49d8-a347-784177b6c94c Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Account Logon' c1e289c0-ffad-475d-a924-adc058765d65 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Account Management' 0a9991e6-21be-49f9-8916-a06d934bcf29 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Detailed Tracking' 42a07bbf-ffcf-459a-b4b1-30ecd118a505 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Logon-Logoff' c04255ee-1b9f-42c1-abaa-bf1553f79930 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Object Access' 8e170edb-e0f5-497a-bb36-48b3280cec6a Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Policy Change' 97b595c8-fd10-400e-8543-28e2b9138b13 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Privilege Use' ce2370f6-0ac5-4d85-8ab4-10721cc640b0 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - System' f8b0158d-4766-490f-bea0-259e52dba473 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'User Rights Assignment' 815dcc9f-6662-43f2-9a03-1b83e9876f24 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Windows Components' 7040a231-fb65-4412-8c0a-b365f4866c24 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Windows Firewall Properties' 909c958d-1b99-4c74-b88f-46a5c5bc34f9 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group contains any of the specified members 144f1397-32f9-4598-8c88-118decc3ccba Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group doesn't contain all the specified members 93507a81-10a4-4af0-9ee2-34cf25a96e98 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group doesn't contain only specified members b821191b-3a12-44bc-9c38-212138a29ff3 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs on which the DSC configuration is not compliant d38b4c26-9d2e-47d7-aefe-18d859a8706a Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs on which the Log Analytics agent is not connected as expected 68511db2-bd02-41c4-ae6b-1900a012968a Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs on which the remote connection status does not match the specified one 5bb36dda-8a78-4df9-affd-4f05a8612a8a Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs on which the specified services are not installed and 'Running' 32b1e4d4-6cd5-47b4-a935-169da8a5c262 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs on which Windows Defender Exploit Guard is not enabled 6a7a2bcf-f9be-4e35-9734-4f9657a70f1d Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs that allow re-use of the previous 24 passwords 726671ac-c4de-4908-8c7d-6043ae62e3b6 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs that are not joined to the specified domain 315c850a-272d-4502-8935-b79010405970 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs that are not set to the specified time zone c21f7060-c148-41cf-a68b-0ab3e14c764c Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs that contain certificates expiring within the specified number of days c5fbc59e-fb6f-494f-81e2-d99a671bdaa8 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not contain the specified certificates in Trusted Root 106ccbe4-a791-4f33-a44a-06796944b8d5 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have a maximum password age of 70 days 356a906e-05e5-4625-8729-90771e0ee934 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have a minimum password age of 1 day 16390df4-2f73-4b42-af13-c801066763df Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the password complexity setting enabled 7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the specified applications installed 12f7e5d0-42a7-4630-80d8-54fb7cff9bd6 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the specified Windows PowerShell execution policy e0efc13a-122a-47c5-b817-2ccfe5d12615 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the specified Windows PowerShell modules installed 90ba2ee7-4ca8-4673-84d1-c851c50d3baf Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not restrict the minimum password length to 14 characters 23020aa6-1135-4be2-bae2-149982b06eca Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not store passwords using reversible encryption 8ff0b18b-262e-4512-857a-48ad0aeb9a78 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs that have not restarted within the specified number of days f4b245d4-46c9-42be-9b1a-49e2b5b94194 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs that have the specified applications installed f0633351-c7b2-41ff-9981-508fc08553c2 Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows VMs with a pending reboot c96f3246-4382-4264-bf6b-af0b35e23c3c Guest Configuration
[Deprecated]: Deploy prerequisites to audit Windows web servers that are not using secure communication protocols b2fc8f91-866d-4434-9089-5ebfe38d6fd8 Guest Configuration
[Deprecated]: Deploy prerequisites to enable Guest Configuration Policy on Linux VMs. fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50 Guest Configuration
[Deprecated]: Deploy prerequisites to enable Guest Configuration Policy on Windows VMs. 0ecd903d-91e7-4726-83d3-a229d7f2e293 Guest Configuration
[Preview]: Deploy GitOps to Kubernetes cluster 1d61c4d2-aef2-432b-87fc-7f96b019b7e1 Kubernetes
Add a tag to resource groups 726aca4c-86e9-4b04-b0c5-073027359532 Tags
Add a tag to resources 4f9dc7db-30c1-420c-b61a-e1d640128d26 Tags
Add or replace a tag on resource groups d157c373-a6c4-483d-aaad-570756956268 Tags
Add or replace a tag on resources 5ffd78d9-436d-4b41-a421-5baa819e3008 Tags
Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities 3cf2ab00-13f1-4d0c-8971-2ac904541a7e Guest Configuration
Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity 497dff13-db2a-4c0f-8603-28fa3b331ab6 Guest Configuration
Configure time zone on Windows machines. 6141c932-9384-44c6-a395-59e4c057d7c9 Guest Configuration
Deploy a flow log resource with target network security group 0db34a60-64f4-4bf6-bd44-f95c16cf34b9 Network
Deploy associations for a custom provider c15c281f-ea5c-44cd-90b8-fc3c14d13f0c Custom Provider
Deploy associations for a managed application 17763ad9-70c0-4794-9397-53d765932634 Managed Application
Deploy Diagnostic Settings for Azure SQL Database to Event Hub 9a7c7a7d-49e5-4213-bea8-6a502b6272e0 SQL
Deploy Diagnostic Settings for Batch Account to Event Hub db51110f-0865-4a6e-b274-e2e07a5b2cd7 Monitoring
Deploy Diagnostic Settings for Data Lake Analytics to Event Hub 4daddf25-4823-43d4-88eb-2419eb6dcc08 Monitoring
Deploy Diagnostic Settings for Data Lake Storage Gen1 to Event Hub e8d096bc-85de-4c5f-8cfb-857bd1b9d62d Monitoring
Deploy Diagnostic Settings for Event Hub to Event Hub ef7b61ef-b8e4-4c91-8e78-6946c6b0023f Monitoring
Deploy Diagnostic Settings for Key Vault to Event Hub ed7c8c13-51e7-49d1-8a43-8490431a0da2 Key Vault
Deploy Diagnostic Settings for Logic Apps to Event Hub a1dae6c7-13f3-48ea-a149-ff8442661f60 Monitoring
Deploy Diagnostic Settings for Search Services to Event Hub 3d5da587-71bd-41f5-ac95-dd3330c2d58d Monitoring
Deploy Diagnostic Settings for Service Bus to Event Hub 6b51af03-9277-49a9-a3f8-1c69c9ff7403 Monitoring
Deploy Diagnostic Settings for Stream Analytics to Event Hub edf3780c-3d70-40fe-b17e-ab72013dafca Monitoring
Deploy export to Event Hub for Azure Security Center alerts and recommendations cdfcce10-4578-4ecd-9703-530938e4abcb Security Center
Deploy export to Log Analytics workspace for Azure Security Center alerts and recommendations ffb6f416-7bd2-4488-8828-56585fef2be9 Security Center
Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs 331e8ea8-378a-410f-a2e5-ae22f38bb0da Guest Configuration
Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs 385f5831-96d4-41db-9a3c-cd3af78aaae6 Guest Configuration
Deploy Workflow Automation for Azure Security Center alerts f1525828-9a90-4fcf-be48-268cdd02361e Security Center
Deploy Workflow Automation for Azure Security Center recommendations 73d6ab6c-2475-4850-afd6-43795f3492ef Security Center
Enable Automanage - Azure virtual machine best practices 270610db-8c04-438a-a739-e8e6745b22d3 Automanage
Enable Security Center's auto provisioning of the Log Analytics agent on your subscriptions with custom workspace. 8e7da0a5-0a0e-4bbc-bfc0-7773c018b616 Security Center
Enable Security Center's auto provisioning of the Log Analytics agent on your subscriptions with default workspace. 6df2fee6-a9ed-4fef-bced-e13be1b25f1c Security Center
Inherit a tag from the resource group cd3aa116-8754-49c9-a813-ad46512ece54 Tags
Inherit a tag from the resource group if missing ea3f2387-9b95-492a-a190-fcdc54f7b070 Tags
Inherit a tag from the subscription b27a0cbd-a167-4dfa-ae64-4337be671140 Tags
Inherit a tag from the subscription if missing 40df99da-1232-49b1-a39a-6da8d878f469 Tags
Json
{
  "Name": "Contributor",
  "Id": "b24988ac-6180-42a0-ab88-20f7382dd24c",
  "IsCustom": false,
  "Description": "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC.",
  "Actions": [
    "*"
  ],
  "NotActions": [
    "Microsoft.Authorization/*/Delete",
    "Microsoft.Authorization/*/Write",
    "Microsoft.Authorization/elevateAccess/Action",
    "Microsoft.Blueprint/blueprintAssignments/write",
    "Microsoft.Blueprint/blueprintAssignments/delete"
  ],
  "DataActions": [
    
  ],
  "NotDataActions": [
    
  ],
  "AssignableScopes": [
    "/"
  ]
}