last sync: 2024-Jul-17 18:20:49 UTC

Reader and Data Access

Azure BuiltIn RBAC Role definition

NameReader and Data Access
DescriptionLets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.
CreatedOn2018-03-27 23:20:46 UTC
UpdatedOn2021-11-11 20:13:48 UTC
Permissions summary Effective control plane and data plane operations: 3 (unique operations)
•action: 2
•read: 1

Actions: 3
Resolved control plane operations from Actions: 3
Effective control plane operations: 3
•action: 2
•read: 1

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 15691

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3217
Operation Description
Microsoft.Storage/storageAccounts/ListAccountSas/actionReturns the Account SAS token for the specified storage account.
Microsoft.Storage/storageAccounts/listKeys/actionReturns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/readReturns the list of storage accounts or gets the properties for the specified storage account.
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy
Condition none