AzRoleAdvertizer

last sync: 2021-Jun-15 14:06:27 UTC

Azure RBAC Role definition

Contributor

NameContributor
Microsoft docs
Idb24988ac-6180-42a0-ab88-20f7382dd24c
DescriptionGrants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.
CreatedOn2015-02-02 21:55:09 UTC
UpdatedOn2020-12-04 00:34:54 UTC
History
Date/Time (UTC ymd) (i) Change Change detail
2020-11-11 15:02:47 change: NotActions NotActions: 'add Microsoft.Compute/galleries/share/action'
Actions
Operation Description Used in other Roles
*no description given Owner
NotActions
Operation Description Used in other Roles
Microsoft.Authorization/*/Deleteno description given none
Microsoft.Authorization/*/Writeno description given none
Microsoft.Authorization/elevateAccess/ActionGrants the caller User Access Administrator access at the tenant scope none
Microsoft.Blueprint/blueprintAssignments/deleteDelete any blueprint artifacts none
Microsoft.Blueprint/blueprintAssignments/writeCreate or update any blueprint artifacts none
Microsoft.Compute/galleries/share/actionShares a Gallery to different scopes none
DataActions n/a
NotDataActions n/a
Used in Policy
Policy DisplayName Policy Id Category State
[Deprecated]: Deploy prerequisites to audit Linux VMs that allow remote connections from accounts without passwords ec49586f-4939-402d-a29e-6ff502b20592 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Linux VMs that do not have the passwd file permissions set to 0644 f19aa1c1-6b91-4c27-ae6a-970279f03db9 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Linux VMs that do not have the specified applications installed 4d1c04de-2172-403f-901b-90608c35c721 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Linux VMs that have accounts without passwords 3470477a-b35a-49db-aca5-1073d04524fe Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Linux VMs that have the specified applications installed 884b209a-963b-4520-8006-d20cb3c213e0 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows Server VMs on which Windows Serial Console is not enabled 7a031c68-d6ab-406e-a506-697a19c634b0 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - Control Panel' ec7ac234-2af5-4729-94d2-c557c071799d Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - MSS (Legacy)' f1f4825d-58fb-4257-8016-8c00e3c9ed9d Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - Network' 985285b7-b97a-419c-8d48-c88cc934c8d8 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - System' 40917425-69db-4018-8dae-2a0556cef899 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Accounts' e5b81f87-9185-4224-bf00-9f505e9f89f3 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Audit' 498b810c-59cd-4222-9338-352ba146ccf3 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Devices' 6481cc21-ed6e-4480-99dd-ea7c5222e897 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Interactive Logon' 3750712b-43d0-478e-9966-d2c26f6141b9 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Microsoft Network Client' bbcdd8fa-b600-4ee3-85b8-d184e3339652 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Microsoft Network Server' 86880e5c-df35-43c5-95ad-7e120635775e Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Network Access' f56a3ab2-89d1-44de-ac0d-2ada5962e22a Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Network Security' 36e17963-7202-494a-80c3-f508211c826b Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Recovery console' ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Shutdown' 1f8c20ce-3414-4496-8b26-0e902a1541da Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - System objects' 12ae2d24-3805-4b37-9fa9-465968bfbcfa Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - System settings' 437a1f8f-8552-47a8-8b12-a2fee3269dd5 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - User Account Control' e425e402-a050-45e5-b010-bd3f934589fc Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Settings - Account Policies' e3d95ab7-f47a-49d8-a347-784177b6c94c Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Account Logon' c1e289c0-ffad-475d-a924-adc058765d65 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Account Management' 0a9991e6-21be-49f9-8916-a06d934bcf29 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Detailed Tracking' 42a07bbf-ffcf-459a-b4b1-30ecd118a505 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Logon-Logoff' c04255ee-1b9f-42c1-abaa-bf1553f79930 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Object Access' 8e170edb-e0f5-497a-bb36-48b3280cec6a Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Policy Change' 97b595c8-fd10-400e-8543-28e2b9138b13 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Privilege Use' ce2370f6-0ac5-4d85-8ab4-10721cc640b0 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - System' f8b0158d-4766-490f-bea0-259e52dba473 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'User Rights Assignment' 815dcc9f-6662-43f2-9a03-1b83e9876f24 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Windows Components' 7040a231-fb65-4412-8c0a-b365f4866c24 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Windows Firewall Properties' 909c958d-1b99-4c74-b88f-46a5c5bc34f9 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group contains any of the specified members 144f1397-32f9-4598-8c88-118decc3ccba Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group doesn't contain all the specified members 93507a81-10a4-4af0-9ee2-34cf25a96e98 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group doesn't contain only specified members b821191b-3a12-44bc-9c38-212138a29ff3 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs on which the DSC configuration is not compliant d38b4c26-9d2e-47d7-aefe-18d859a8706a Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs on which the Log Analytics agent is not connected as expected 68511db2-bd02-41c4-ae6b-1900a012968a Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs on which the remote connection status does not match the specified one 5bb36dda-8a78-4df9-affd-4f05a8612a8a Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs on which the specified services are not installed and 'Running' 32b1e4d4-6cd5-47b4-a935-169da8a5c262 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs on which Windows Defender Exploit Guard is not enabled 6a7a2bcf-f9be-4e35-9734-4f9657a70f1d Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that allow re-use of the previous 24 passwords 726671ac-c4de-4908-8c7d-6043ae62e3b6 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that are not joined to the specified domain 315c850a-272d-4502-8935-b79010405970 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that are not set to the specified time zone c21f7060-c148-41cf-a68b-0ab3e14c764c Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that contain certificates expiring within the specified number of days c5fbc59e-fb6f-494f-81e2-d99a671bdaa8 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not contain the specified certificates in Trusted Root 106ccbe4-a791-4f33-a44a-06796944b8d5 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have a maximum password age of 70 days 356a906e-05e5-4625-8729-90771e0ee934 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have a minimum password age of 1 day 16390df4-2f73-4b42-af13-c801066763df Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the password complexity setting enabled 7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the specified applications installed 12f7e5d0-42a7-4630-80d8-54fb7cff9bd6 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the specified Windows PowerShell execution policy e0efc13a-122a-47c5-b817-2ccfe5d12615 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the specified Windows PowerShell modules installed 90ba2ee7-4ca8-4673-84d1-c851c50d3baf Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not restrict the minimum password length to 14 characters 23020aa6-1135-4be2-bae2-149982b06eca Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that do not store passwords using reversible encryption 8ff0b18b-262e-4512-857a-48ad0aeb9a78 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that have not restarted within the specified number of days f4b245d4-46c9-42be-9b1a-49e2b5b94194 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs that have the specified applications installed f0633351-c7b2-41ff-9981-508fc08553c2 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows VMs with a pending reboot c96f3246-4382-4264-bf6b-af0b35e23c3c Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to audit Windows web servers that are not using secure communication protocols b2fc8f91-866d-4434-9089-5ebfe38d6fd8 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to enable Guest Configuration Policy on Linux VMs. fb27e9e0-526e-4ae1-89f2-a2a0bf0f8a50 Guest Configuration Deprecated
[Deprecated]: Deploy prerequisites to enable Guest Configuration Policy on Windows VMs. 0ecd903d-91e7-4726-83d3-a229d7f2e293 Guest Configuration Deprecated
[Preview]: Configure Azure Arc enabled Kubernetes clusters to install Azure Defender's extension 708b60a6-d253-4fe0-9114-4be4c00f012c Kubernetes Preview
[Preview]: Configure Azure Defender for SQL agent on virtual machine 2ada9901-073c-444a-9a9a-91865174f0aa Security Center Preview
[Preview]: Configure supported Linux virtual machines to automatically install the Azure Security agent 5f8eb305-9c9f-4abe-9bb0-df220d9faba2 Security Center Preview
[Preview]: Deploy - Configure Windows machines to automatically install the Azure Security agent 1537496a-b1e8-482b-a06a-1cc2415cdc7b Security Center Preview
Add a tag to resource groups 726aca4c-86e9-4b04-b0c5-073027359532 Tags GA
Add a tag to resources 4f9dc7db-30c1-420c-b61a-e1d640128d26 Tags GA
Add or replace a tag on resource groups d157c373-a6c4-483d-aaad-570756956268 Tags GA
Add or replace a tag on resources 5ffd78d9-436d-4b41-a421-5baa819e3008 Tags GA
Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities 3cf2ab00-13f1-4d0c-8971-2ac904541a7e Guest Configuration GA
Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity 497dff13-db2a-4c0f-8603-28fa3b331ab6 Guest Configuration GA
Configure Advanced Threat Protection to be enabled on Azure database for MariaDB servers a6cf7411-da9e-49e2-aec0-cba0250eaf8c SQL GA
Configure Advanced Threat Protection to be enabled on Azure database for MySQL servers 80ed5239-4122-41ed-b54a-6f1fa7552816 SQL GA
Configure Advanced Threat Protection to be enabled on Azure database for PostgreSQL servers db048e65-913c-49f9-bb5f-1084184671d3 SQL GA
Configure App Configuration stores to disable local authentication methods 72bc14af-4ab8-43af-b4e4-38e7983f9a1f App Configuration GA
Configure App Configuration to disable public network access 73290fa2-dfa7-4bbb-945d-a5e23b75df2c App Configuration GA
Configure Azure Automation accounts to disable public network access 23b36a7c-9d26-4288-a8fd-c1d2fa284d8c Automation GA
Configure Azure File Sync with private endpoints b35dddd9-daf7-423b-8375-5a5b86806d5a Storage GA
Configure Azure Synapse workspaces to disable public network access 5c8cad01-ef30-4891-b230-652dadb4876a Synapse GA
Configure Azure Synapse workspaces with private endpoints 3b3b0c27-08d2-4b32-879d-19930bee3266 Synapse GA
Configure Batch accounts with private endpoints 0ef5aac7-c064-427a-b87b-d47b3ddcaf73 Batch GA
Configure Cognitive Services accounts to disable local authentication methods 14de9e63-1b31-492e-a5a3-c3f7fd57f555 Cognitive Services GA
Configure Cognitive Services accounts to disable public network access 47ba1dd7-28d9-4b07-a8d5-9813bed64e0c Cognitive Services GA
Configure container registries to disable local authentication. 79fdfe03-ffcb-4e55-b4d0-b925b8241759 Container Registry GA
Configure Container registries to disable public network access a3701552-92ea-433e-9d17-33b7f1208fc9 Container Registry GA
Configure Container registries with private endpoints d85c6833-7d33-4cf5-a915-aaa2de84405f Container Registry GA
Configure CosmosDB accounts to disable public network access da69ba51-aaf1-41e5-8651-607cd0b37088 Cosmos DB GA
Configure CosmosDB accounts with private endpoints b609e813-3156-4079-91fa-a8494c1471c4 Cosmos DB GA
Configure disk access resources with private endpoints 582bd7a6-a5f6-4dc6-b9dc-9cb81fe0d4c5 Compute GA
Configure IoT Hub device provisioning instances to use private DNS zones aaa64d2d-2fa3-45e5-b332-0b031b9b30e8 Internet of Things GA
Configure IoT Hub device provisioning service instances to disable public network access 859dfc91-ea35-43a6-8256-31271c363794 Internet of Things GA
Configure IoT Hub device provisioning service instances with private endpoints 9b75ea5b-c796-4c99-aaaf-21c204daac43 Internet of Things GA
Configure Kubernetes clusters with specified GitOps configuration using HTTPS secrets a6f560f4-f582-4b67-b123-a37dcd1bf7ea Kubernetes GA
Configure Kubernetes clusters with specified GitOps configuration using no secrets 1d61c4d2-aef2-432b-87fc-7f96b019b7e1 Kubernetes GA
Configure Kubernetes clusters with specified GitOps configuration using SSH secrets c050047b-b21b-4822-8a2d-c1e37c3c0c6a Kubernetes GA
Configure Machine Learning computes to disable local authentication methods a6f9a2d0-cff7-4855-83ad-4cd750666512 Machine Learning GA
Configure managed disks to disable public network access 8426280e-b5be-43d9-979e-653d12a08638 Compute GA
Configure network security groups to enable traffic analytics e920df7f-9a64-4066-9b58-52684c02a091 Network GA
Configure network security groups to use specific workspace for traffic analytics 5e1cd26a-5090-4fdb-9d6a-84a90335e22d Network GA
Configure private endpoint connections on Azure Automation accounts c0c3130e-7dda-4187-aed0-ee4a472eaa60 Automation GA
Configure private endpoints for App Configuration 614ffa75-862c-456e-ad8b-eaa1b0844b07 App Configuration GA
Configure time zone on Windows machines. 6141c932-9384-44c6-a395-59e4c057d7c9 Guest Configuration GA
Configure virtual machines to be onboarded to Azure Automanage 270610db-8c04-438a-a739-e8e6745b22d3 Automanage GA
Deploy - Configure Azure IoT Hubs to use private DNS zones c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02 Internet of Things GA
Deploy - Configure Azure IoT Hubs with private endpoints bf684997-3909-404e-929c-d4a38ed23b2e Internet of Things GA
Deploy - Configure diagnostic settings to an Event Hub to be enabled on Azure Key Vault Managed HSM a6d2c800-5230-4a40-bff3-8268b4987d42 Key Vault GA
Deploy a flow log resource with target network security group 0db34a60-64f4-4bf6-bd44-f95c16cf34b9 Network GA
Deploy associations for a custom provider c15c281f-ea5c-44cd-90b8-fc3c14d13f0c Custom Provider GA
Deploy associations for a managed application 17763ad9-70c0-4794-9397-53d765932634 Managed Application GA
Deploy Diagnostic Settings for Azure SQL Database to Event Hub 9a7c7a7d-49e5-4213-bea8-6a502b6272e0 SQL GA
Deploy Diagnostic Settings for Batch Account to Event Hub db51110f-0865-4a6e-b274-e2e07a5b2cd7 Monitoring GA
Deploy Diagnostic Settings for Data Lake Analytics to Event Hub 4daddf25-4823-43d4-88eb-2419eb6dcc08 Monitoring GA
Deploy Diagnostic Settings for Data Lake Storage Gen1 to Event Hub e8d096bc-85de-4c5f-8cfb-857bd1b9d62d Monitoring GA
Deploy Diagnostic Settings for Event Hub to Event Hub ef7b61ef-b8e4-4c91-8e78-6946c6b0023f Monitoring GA
Deploy Diagnostic Settings for Key Vault to Event Hub ed7c8c13-51e7-49d1-8a43-8490431a0da2 Key Vault GA
Deploy Diagnostic Settings for Logic Apps to Event Hub a1dae6c7-13f3-48ea-a149-ff8442661f60 Monitoring GA
Deploy Diagnostic Settings for Search Services to Event Hub 3d5da587-71bd-41f5-ac95-dd3330c2d58d Monitoring GA
Deploy Diagnostic Settings for Service Bus to Event Hub 6b51af03-9277-49a9-a3f8-1c69c9ff7403 Monitoring GA
Deploy Diagnostic Settings for Stream Analytics to Event Hub edf3780c-3d70-40fe-b17e-ab72013dafca Monitoring GA
Deploy export to Event Hub for Azure Security Center data cdfcce10-4578-4ecd-9703-530938e4abcb Security Center GA
Deploy export to Log Analytics workspace for Azure Security Center data ffb6f416-7bd2-4488-8828-56585fef2be9 Security Center GA
Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs 331e8ea8-378a-410f-a2e5-ae22f38bb0da Guest Configuration GA
Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs 385f5831-96d4-41db-9a3c-cd3af78aaae6 Guest Configuration GA
Deploy Workflow Automation for Azure Security Center alerts f1525828-9a90-4fcf-be48-268cdd02361e Security Center GA
Deploy Workflow Automation for Azure Security Center recommendations 73d6ab6c-2475-4850-afd6-43795f3492ef Security Center GA
Deploy Workflow Automation for Azure Security Center regulatory compliance 509122b9-ddd9-47ba-a5f1-d0dac20be63c Security Center GA
Enable Security Center's auto provisioning of the Log Analytics agent on your subscriptions with custom workspace. 8e7da0a5-0a0e-4bbc-bfc0-7773c018b616 Security Center GA
Enable Security Center's auto provisioning of the Log Analytics agent on your subscriptions with default workspace. 6df2fee6-a9ed-4fef-bced-e13be1b25f1c Security Center GA
Inherit a tag from the resource group cd3aa116-8754-49c9-a813-ad46512ece54 Tags GA
Inherit a tag from the resource group if missing ea3f2387-9b95-492a-a190-fcdc54f7b070 Tags GA
Inherit a tag from the subscription b27a0cbd-a167-4dfa-ae64-4337be671140 Tags GA
Inherit a tag from the subscription if missing 40df99da-1232-49b1-a39a-6da8d878f469 Tags GA
Modify - Configure Azure File Sync to disable public network access 0e07b2e9-6cd9-4c40-9ccb-52817b95133b Storage GA
Modify - Configure Azure IoT Hubs to disable public network access 114eec6e-5e59-4bad-999d-6eceeb39d582 Internet of Things GA
JSON 
{
  "Name": "Contributor",
  "Id": "b24988ac-6180-42a0-ab88-20f7382dd24c",
  "IsCustom": false,
  "Description": "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.",
  "Actions": [
    "*"
  ],
  "NotActions": [
    "Microsoft.Authorization/*/Delete",
    "Microsoft.Authorization/*/Write",
    "Microsoft.Authorization/elevateAccess/Action",
    "Microsoft.Blueprint/blueprintAssignments/write",
    "Microsoft.Blueprint/blueprintAssignments/delete",
    "Microsoft.Compute/galleries/share/action"
  ],
  "DataActions": [
    
  ],
  "NotDataActions": [
    
  ],
  "AssignableScopes": [
    "/"
  ]
}