AzRoleAdvertizer

last sync: 2025-Oct-23 17:22:49 UTC

VM Restore Operator

Azure BuiltIn RBAC Role definition

Name

VM Restore Operator
Microsoft Learn

dfce8971-25e3-42e3-ba33-6055438e3080

Description

Create and Delete resources during VM Restore. This role is in preview and subject to change.

Category

Compute
Microsoft Learn

CreatedOn

2024-07-03 15:20:29 UTC

UpdatedOn

2024-07-03 15:20:29 UTC

Permissions summary

Effective control plane and data plane operations: 90 (unique operations)
•: 1
•action: 14
•delete: 9
•read: 56
•write: 10

Actions: 41
Resolved control plane operations from Actions: 86
Effective control plane operations: 86
•: 1
•action: 13
•delete: 8
•read: 55
•write: 9

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 17290

DataActions: 4
Resolved data plane operations: 4
Effective data plane operations: 4
•action: 1
•delete: 1
•read: 1
•write: 1

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 4077

Actions

Operation	Description
Microsoft.Authorization/*/read	wildcarded / no description
Microsoft.Compute/disks/beginGetAccess/action	Get the SAS URI of the Disk for blob access
Microsoft.Compute/disks/delete	Deletes the Disk
Microsoft.Compute/disks/endGetAccess/action	Revoke the SAS URI of the Disk
Microsoft.Compute/disks/read	Get the properties of a Disk
Microsoft.Compute/disks/write	Creates a new Disk or updates an existing one
Microsoft.Compute/locations/diskOperations/read	Gets the status of an asynchronous Disk operation
Microsoft.Compute/virtualMachines/delete	Deletes the virtual machine
Microsoft.Compute/virtualMachines/extensions/delete	Deletes the virtual machine extension
Microsoft.Compute/virtualMachines/extensions/read	Get the properties of a virtual machine extension
Microsoft.Compute/virtualMachines/extensions/write	Creates a new virtual machine extension or updates an existing one
Microsoft.Compute/virtualMachines/instanceView/read	Gets the detailed runtime status of the virtual machine and its resources
Microsoft.Compute/virtualMachines/read	Get the properties of a virtual machine
Microsoft.Compute/virtualMachines/write	Creates a new virtual machine or updates an existing virtual machine
Microsoft.Insights/alertRules/*	wildcarded / no description
Microsoft.Network/locations/operationResults/read	Gets operation result of an async POST or DELETE operation
Microsoft.Network/locations/operations/read	Gets operation resource that represents status of an asynchronous operation
Microsoft.Network/locations/usages/read	Gets the resources usage metrics
Microsoft.Network/networkInterfaces/delete	Deletes a network interface
Microsoft.Network/networkInterfaces/ipconfigurations/read	Gets a network interface ip configuration definition.
Microsoft.Network/networkInterfaces/join/action	Joins a Virtual Machine to a network interface. Not Alertable.
Microsoft.Network/networkInterfaces/read	Gets a network interface definition.
Microsoft.Network/networkInterfaces/write	Creates a network interface or updates an existing network interface.
Microsoft.Network/networkSecurityGroups/read	Gets a network security group definition
Microsoft.Network/networkSecurityGroups/securityRules/read	Gets a security rule definition
Microsoft.Network/publicIPAddresses/delete	Deletes a public Ip address.
Microsoft.Network/publicIPAddresses/join/action	Joins a public ip address. Not Alertable.
Microsoft.Network/publicIPAddresses/read	Gets a public ip address definition.
Microsoft.Network/publicIPAddresses/write	Creates a public Ip address or updates an existing public Ip address.
Microsoft.Network/virtualNetworks/read	Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/join/action	Joins a virtual network. Not Alertable.
Microsoft.Network/virtualNetworks/subnets/read	Gets a virtual network subnet definition
Microsoft.Resources/deployments/*	wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/read	Gets or lists resource groups.
Microsoft.Storage/checkNameAvailability/read	Checks that account name is valid and is not in use.
Microsoft.Storage/storageAccounts/blobServices/containers/delete	Returns the result of deleting a container
Microsoft.Storage/storageAccounts/blobServices/containers/read	Returns list of containers
Microsoft.Storage/storageAccounts/blobServices/containers/write	Returns the result of put blob container
Microsoft.Storage/storageAccounts/listKeys/action	Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/read	Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Storage/storageAccounts/write	Creates a storage account with the specified parameters or update the properties or tags or adds custom domain for the specified storage account.

NotActions

n/a

DataActions

Operation	Description
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action	Returns the result of adding blob content
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete	Returns the result of deleting a blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read	Returns a blob or a list of blobs
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write	Returns the result of writing a blob

NotDataActions

n/a

Used in
BuiltIn Policy

none

History

Date/Time (UTC ymd) (i)	Change	Change detail
2024-07-03 18:20:57	add: Role	dfce8971-25e3-42e3-ba33-6055438e3080

JSON

api-version=2023-07-01-preview

Condition

none