AzRoleAdvertizer

last sync: 2025-Sep-17 17:22:43 UTC

Managed Identity Contributor

Azure BuiltIn RBAC Role definition

NameManaged Identity Contributor
Microsoft Learn
Ide40ec5ca-96e0-45a2-b4ff-59039f2c2b59
DescriptionCreate, Read, Update, and Delete User Assigned Identity
CategoryIdentity
Microsoft Learn
CreatedOn2017-12-14 19:53:42 UTC
UpdatedOn2024-03-29 00:22:59 UTC
Permissions summary Effective control plane and data plane operations: 66 (unique operations)
•: 1
•Action: 11
•Delete: 4
•read: 45
•Write: 5

Actions: 12
Resolved control plane operations from Actions: 66
Effective control plane operations: 66
•: 1
•Action: 11
•Delete: 4
•read: 45
•Write: 5

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 17108

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3750
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.ManagedIdentity/userAssignedIdentities/deleteDeletes an existing user assigned identity
Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/deleteDelete a Federated Identity Credential
Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/readGet or list Federated Identity Credentials
Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/writeAdd or update a Federated Identity Credential
Microsoft.ManagedIdentity/userAssignedIdentities/readGets an existing user assigned identity
Microsoft.ManagedIdentity/userAssignedIdentities/revokeTokens/actionRevoked all the existing tokens on a user assigned identity
Microsoft.ManagedIdentity/userAssignedIdentities/writeCreates a new user assigned identity or updates the tags associated with an existing user assigned identity
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Support/*wildcarded / no description
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy
Policy DisplayName Policy Id Category State
[Preview]: Configure system-assigned managed identity to enable Azure Monitor assignments on VMs 17b3de92-f710-4cf4-aa55-0e7859f1ed7b Monitoring Preview
History
Date/Time (UTC ymd) (i) Change Change detail
2024-04-01 20:01:14 change: Actions Actions: 'add Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/read; add Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/write; add Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/delete; add Microsoft.ManagedIdentity/userAssignedIdentities/revokeTokens/action'
JSON
api-version=2023-07-01-preview
Condition none