last sync: 2021-May-17 14:22:45 UTC

Azure RBAC Role definition

Key Vault Crypto Service Encryption User

NameKey Vault Crypto Service Encryption User
Microsoft docs
Ide147488a-f6f5-4113-8e2d-b22465e65bf6
DescriptionRead metadata of keys and perform wrap/unwrap operations. Only works for key vaults that use the 'Azure role-based access control' permission model.
CreatedOn2020-05-20 20:55:19 UTC
UpdatedOn2021-01-27 23:22:10 UTC
History
Date/Time (UTC ymd) (i) Change Change detail
2020-12-18 16:05:51 change: DisplayName, Actions New DisplayName: 'Key Vault Crypto Service Encryption User (preview)'
Old DisplayName: 'Key Vault Crypto Service Encryption (preview)',
Actions: 'add Microsoft.EventGrid/eventSubscriptions/write; add Microsoft.EventGrid/eventSubscriptions/read; add Microsoft.EventGrid/eventSubscriptions/delete'
2020-05-21 16:07:05 add: Role 488a-f6f5-4113-8e2d-b22465e65bf6
Actions
Operation Description Used in other Roles
Microsoft.EventGrid/eventSubscriptions/deleteDelete a eventSubscription none
Microsoft.EventGrid/eventSubscriptions/readRead a eventSubscription EventGrid EventSubscription Reader
Microsoft.EventGrid/eventSubscriptions/writeCreate or update a eventSubscription Data Factory Contributor
NotActions n/a
DataActions
Operation Description Used in other Roles
Microsoft.KeyVault/vaults/keys/readList keys in the specified vault, or read properties and public material of a key. For asymmetric keys, this operation exposes public key and includes ability to perform public key algorithms such as encrypt and verify signature. Private keys and symmetric keys are never exposed. Key Vault Crypto User
Microsoft.KeyVault/vaults/keys/unwrap/actionUnwraps a symmetric key with a Key Vault key. Key Vault Crypto User
Microsoft.KeyVault/vaults/keys/wrap/actionWraps a symmetric key with a Key Vault key. Note that if the Key Vault key is asymmetric, this operation can be performed by principals with read access. Key Vault Crypto User
NotDataActions n/a
Used in Policy none
JSON
{
  "Name": "Key Vault Crypto Service Encryption User",
  "Id": "e147488a-f6f5-4113-8e2d-b22465e65bf6",
  "IsCustom": false,
  "Description": "Read metadata of keys and perform wrap/unwrap operations. Only works for key vaults that use the 'Azure role-based access control' permission model.",
  "Actions": [
    "Microsoft.EventGrid/eventSubscriptions/write",
    "Microsoft.EventGrid/eventSubscriptions/read",
    "Microsoft.EventGrid/eventSubscriptions/delete"
  ],
  "NotActions": [
    
  ],
  "DataActions": [
    "Microsoft.KeyVault/vaults/keys/read",
    "Microsoft.KeyVault/vaults/keys/wrap/action",
    "Microsoft.KeyVault/vaults/keys/unwrap/action"
  ],
  "NotDataActions": [
    
  ],
  "AssignableScopes": [
    "/"
  ]
}