last sync: 2024-Feb-21 20:03:50 UTC

Reader and Data Access

Azure BuiltIn RBAC Role definition

NameReader and Data Access
Microsoft Learn
Idc12c1c16-33a1-487b-954d-41c89c60f349
DescriptionLets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.
CreatedOn2018-03-27 23:20:46 UTC
UpdatedOn2021-11-11 20:13:48 UTC
Historynone
Permissions summary Effective control plane and data plane operations: 3 (unique operations)
•action: 2
•read: 1

Actions: 3
Resolved control plane operations from Actions: 3
Effective control plane operations: 3
•action: 2
•read: 1

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 15060

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3118
Actions
Operation Description
Microsoft.Storage/storageAccounts/ListAccountSas/actionReturns the Account SAS token for the specified storage account.
Microsoft.Storage/storageAccounts/listKeys/actionReturns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/readReturns the list of storage accounts or gets the properties for the specified storage account.
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy
none
JSON
api-version=2022-05-01-preview
Condition none