last sync: 2024-Jul-17 18:20:49 UTC

Key Vault Crypto Service Encryption User

Azure BuiltIn RBAC Role definition

NameKey Vault Crypto Service Encryption User
DescriptionRead metadata of keys and perform wrap/unwrap operations. Only works for key vaults that use the 'Azure role-based access control' permission model.
CreatedOn2020-05-20 20:55:19 UTC
UpdatedOn2021-11-11 20:14:31 UTC
Date/Time (UTC ymd) (i) Change Change detail
2020-12-18 16:05:51 change: DisplayName, Actions New DisplayName: 'Key Vault Crypto Service Encryption User (preview)'
Old DisplayName: 'Key Vault Crypto Service Encryption (preview)',
Actions: 'add Microsoft.EventGrid/eventSubscriptions/write; add Microsoft.EventGrid/eventSubscriptions/read; add Microsoft.EventGrid/eventSubscriptions/delete'
2020-05-21 16:07:05 add: Role e147488a-f6f5-4113-8e2d-b22465e65bf6
Permissions summary Effective control plane and data plane operations: 6 (unique operations)
•action: 2
•delete: 1
•read: 2
•write: 1

Actions: 3
Resolved control plane operations from Actions: 3
Effective control plane operations: 3
•delete: 1
•read: 1
•write: 1

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 15691

DataActions: 3
Resolved data plane operations: 3
Effective data plane operations: 3
•action: 2
•read: 1

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3214
Operation Description
Microsoft.EventGrid/eventSubscriptions/deleteDelete a eventSubscription
Microsoft.EventGrid/eventSubscriptions/readRead a eventSubscription
Microsoft.EventGrid/eventSubscriptions/writeCreate or update a eventSubscription
NotActions n/a
Operation Description
Microsoft.KeyVault/vaults/keys/readList keys in the specified vault, or read properties and public material of a key. For asymmetric keys, this operation exposes public key and includes ability to perform public key algorithms such as encrypt and verify signature. Private keys and symmetric keys are never exposed.
Microsoft.KeyVault/vaults/keys/unwrap/actionUnwraps a symmetric key with a Key Vault key.
Microsoft.KeyVault/vaults/keys/wrap/actionWraps a symmetric key with a Key Vault key. Note that if the Key Vault key is asymmetric, this operation can be performed by principals with read access.
NotDataActions n/a
Used in
BuiltIn Policy
Condition none