AzRoleAdvertizer

last sync: 2025-Apr-29 17:15:48 UTC

Azure Arc Kubernetes Admin

Azure BuiltIn RBAC Role definition

NameAzure Arc Kubernetes Admin
Microsoft Learn
Iddffb1e0c-446f-4dde-a09f-99eb5cc68b96
DescriptionLets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.
CategoryContainers
Microsoft Learn
CreatedOn2020-06-12 20:57:06 UTC
UpdatedOn2021-11-11 20:14:34 UTC
Permissions summary Effective control plane and data plane operations: 137 (unique operations)
•Action: 10
•Delete: 26
•read: 72
•Write: 29

Actions: 7
Resolved control plane operations from Actions: 51
Effective control plane operations: 51
•Action: 6
•Delete: 1
•read: 41
•Write: 3

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16439

DataActions: 33
Resolved data plane operations: 86
Effective data plane operations: 86
•action: 4
•delete: 25
•read: 31
•write: 26

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3285
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.Resources/deployments/writeCreates or updates an deployment.
Microsoft.Resources/subscriptions/operationresults/readGet the subscription operation results.
Microsoft.Resources/subscriptions/readGets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Support/*wildcarded / no description
NotActions n/a
DataActions
Operation Description
Microsoft.Kubernetes/connectedClusters/apps/controllerrevisions/readReads controllerrevisions
Microsoft.Kubernetes/connectedClusters/apps/daemonsets/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/apps/deployments/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/apps/replicasets/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/apps/statefulsets/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/authorization.k8s.io/localsubjectaccessreviews/writeWrites localsubjectaccessreviews
Microsoft.Kubernetes/connectedClusters/autoscaling/horizontalpodautoscalers/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/batch/cronjobs/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/batch/jobs/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/configmaps/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/endpoints/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/events.k8s.io/events/readReads events
Microsoft.Kubernetes/connectedClusters/events/readReads events
Microsoft.Kubernetes/connectedClusters/extensions/daemonsets/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/extensions/deployments/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/extensions/ingresses/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/extensions/networkpolicies/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/extensions/replicasets/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/limitranges/readReads limitranges
Microsoft.Kubernetes/connectedClusters/namespaces/readReads namespaces
Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingresses/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/networking.k8s.io/networkpolicies/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/persistentvolumeclaims/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/pods/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/policy/poddisruptionbudgets/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/rolebindings/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/roles/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/replicationcontrollers/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/replicationcontrollers/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/resourcequotas/readReads resourcequotas
Microsoft.Kubernetes/connectedClusters/secrets/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/serviceaccounts/*wildcarded / no description
Microsoft.Kubernetes/connectedClusters/services/*wildcarded / no description
NotDataActions n/a
Used in
BuiltIn Policy		 none
History
Date/Time (UTC ymd) (i) Change Change detail
2020-11-03 14:38:31 change: DataActions, NotDataActions DataActions: 'remove Microsoft.Kubernetes/connectedClusters/*; add Microsoft.Kubernetes/connectedClusters/apps/controllerrevisions/read; add Microsoft.Kubernetes/connectedClusters/apps/daemonsets/*; add Microsoft.Kubernetes/connectedClusters/apps/deployments/*; add Microsoft.Kubernetes/connectedClusters/apps/replicasets/*; add Microsoft.Kubernetes/connectedClusters/apps/statefulsets/*; add Microsoft.Kubernetes/connectedClusters/authorization.k8s.io/localsubjectaccessreviews/write; add Microsoft.Kubernetes/connectedClusters/autoscaling/horizontalpodautoscalers/*; add Microsoft.Kubernetes/connectedClusters/batch/cronjobs/*; add Microsoft.Kubernetes/connectedClusters/batch/jobs/*; add Microsoft.Kubernetes/connectedClusters/configmaps/*; add Microsoft.Kubernetes/connectedClusters/endpoints/*; add Microsoft.Kubernetes/connectedClusters/events.k8s.io/events/read; add Microsoft.Kubernetes/connectedClusters/events/read; add Microsoft.Kubernetes/connectedClusters/extensions/daemonsets/*; add Microsoft.Kubernetes/connectedClusters/extensions/deployments/*; add Microsoft.Kubernetes/connectedClusters/extensions/ingresses/*; add Microsoft.Kubernetes/connectedClusters/extensions/networkpolicies/*; add Microsoft.Kubernetes/connectedClusters/extensions/replicasets/*; add Microsoft.Kubernetes/connectedClusters/limitranges/read; add Microsoft.Kubernetes/connectedClusters/namespaces/read; add Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingresses/*; add Microsoft.Kubernetes/connectedClusters/networking.k8s.io/networkpolicies/*; add Microsoft.Kubernetes/connectedClusters/persistentvolumeclaims/*; add Microsoft.Kubernetes/connectedClusters/pods/*; add Microsoft.Kubernetes/connectedClusters/policy/poddisruptionbudgets/*; add Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/rolebindings/*; add Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/roles/*; add Microsoft.Kubernetes/connectedClusters/replicationcontrollers/*; add Microsoft.Kubernetes/connectedClusters/replicationcontrollers/*; add Microsoft.Kubernetes/connectedClusters/resourcequotas/read; add Microsoft.Kubernetes/connectedClusters/secrets/*; add Microsoft.Kubernetes/connectedClusters/serviceaccounts/*; add Microsoft.Kubernetes/connectedClusters/services/*',
NotDataActions: 'remove Microsoft.Kubernetes/connectedClusters/resourcequotas/write; remove Microsoft.Kubernetes/connectedClusters/resourcequotas/delete; remove Microsoft.Kubernetes/connectedClusters/namespaces/write; remove Microsoft.Kubernetes/connectedClusters/namespaces/delete'
2020-06-15 15:35:59 add: Role dffb1e0c-446f-4dde-a09f-99eb5cc68b96
JSON
api-version=2023-07-01-preview
Condition none