AzRoleAdvertizer

last sync: 2024-Jul-26 18:17:46 UTC

Managed Identity Contributor

Azure BuiltIn RBAC Role definition

NameManaged Identity Contributor
Ide40ec5ca-96e0-45a2-b4ff-59039f2c2b59
DescriptionCreate, Read, Update, and Delete User Assigned Identity
CreatedOn2017-12-14 19:53:42 UTC
UpdatedOn2024-03-29 00:22:59 UTC
History
Date/Time (UTC ymd) (i) Change Change detail
2024-04-01 20:01:14 change: Actions Actions: 'add Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/read; add Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/write; add Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/delete; add Microsoft.ManagedIdentity/userAssignedIdentities/revokeTokens/action'
Permissions summary Effective control plane and data plane operations: 62 (unique operations)
•: 1
•Action: 11
•Delete: 4
•read: 41
•Write: 5

Actions: 12
Resolved control plane operations from Actions: 62
Effective control plane operations: 62
•: 1
•Action: 11
•Delete: 4
•read: 41
•Write: 5

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 15566

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3219
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.ManagedIdentity/userAssignedIdentities/deleteDeletes an existing user assigned identity
Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/deleteDelete a Federated Identity Credential
Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/readGet or list Federated Identity Credentials
Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/writeAdd or update a Federated Identity Credential
Microsoft.ManagedIdentity/userAssignedIdentities/readGets an existing user assigned identity
Microsoft.ManagedIdentity/userAssignedIdentities/revokeTokens/actionRevoked all the existing tokens on a user assigned identity
Microsoft.ManagedIdentity/userAssignedIdentities/writeCreates a new user assigned identity or updates the tags associated with an existing user assigned identity
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Support/*wildcarded / no description
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy
Policy DisplayName Policy Id Category State
[Preview]: Configure system-assigned managed identity to enable Azure Monitor assignments on VMs 17b3de92-f710-4cf4-aa55-0e7859f1ed7b Monitoring Preview
JSON
api-version=2023-07-01-preview
Condition none