last sync: 2021-Oct-15 16:53:14 UTC

Azure RBAC Role definition

Reader and Data Access

NameReader and Data Access
Microsoft docs
Idc12c1c16-33a1-487b-954d-41c89c60f349
DescriptionLets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.
CreatedOn2018-03-27 23:20:46 UTC
UpdatedOn2019-04-04 23:41:26 UTC
Historynone
Actions
Operation Description Used in other Roles
Microsoft.Storage/storageAccounts/ListAccountSas/actionReturns the Account SAS token for the specified storage account. none
Microsoft.Storage/storageAccounts/listKeys/actionReturns the access keys for the specified storage account. DevTest Labs User, Disk Snapshot Contributor, Log Analytics Contributor , Logic App Contributor, Storage Account Key Operator Service Role, Virtual Machine Contributor
Microsoft.Storage/storageAccounts/readReturns the list of storage accounts or gets the properties for the specified storage account. Backup Contributor, Backup Operator, Disk Snapshot Contributor , Logic App Contributor, Site Recovery Contributor, Site Recovery Operator, Storage Account Backup Contributor Role, Virtual Machine Contributor
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in Policy none
JSON
{
  "Name": "Reader and Data Access",
  "Id": "c12c1c16-33a1-487b-954d-41c89c60f349",
  "IsCustom": false,
  "Description": "Lets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.",
  "Actions": [
    "Microsoft.Storage/storageAccounts/listKeys/action",
    "Microsoft.Storage/storageAccounts/ListAccountSas/action",
    "Microsoft.Storage/storageAccounts/read"
  ],
  "NotActions": [],
  "DataActions": [],
  "NotDataActions": [],
  "AssignableScopes": [
    "/"
  ]
}