last sync: 2020-Sep-30 14:32:33 UTC

Azure Role

Reader and Data Access

Role Name Reader and Data Access
Role Id c12c1c16-33a1-487b-954d-41c89c60f349
Role Description Lets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.
Role Changes no changes
Actions
Operation Description Used in other Role(s)
Microsoft.Storage/storageAccounts/listKeys/action Returns the access keys for the specified storage account. DevTest Labs User, Log Analytics Contributor, Logic App Contributor , Storage Account Key Operator Service Role, Virtual Machine Contributor
Microsoft.Storage/storageAccounts/ListAccountSas/action Returns the Account SAS token for the specified storage account.
Microsoft.Storage/storageAccounts/read Returns the list of storage accounts or gets the properties for the specified storage account. Backup Contributor, Backup Operator, Logic App Contributor , Site Recovery Contributor, Site Recovery Operator, Virtual Machine Contributor
NotActions
DataActions
NotDataActions
Used in Policy
Role Definition (Json)
{
  "Name": "Reader and Data Access",
  "Id": "c12c1c16-33a1-487b-954d-41c89c60f349",
  "IsCustom": false,
  "Description": "Lets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.",
  "Actions": [
    "Microsoft.Storage/storageAccounts/listKeys/action",
    "Microsoft.Storage/storageAccounts/ListAccountSas/action",
    "Microsoft.Storage/storageAccounts/read"
  ],
  "NotActions": [
    
  ],
  "DataActions": [
    
  ],
  "NotDataActions": [
    
  ],
  "AssignableScopes": [
    "/"
  ]
}