AzRoleAdvertizer

last sync: 2025-Jun-13 17:22:48 UTC

Azure Kubernetes Service Contributor Role

Azure BuiltIn RBAC Role definition

Name

Azure Kubernetes Service Contributor Role
Microsoft Learn

ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8

Description

Grants access to read and write Azure Kubernetes Service clusters

Category

Containers
Microsoft Learn

CreatedOn

2020-02-27 19:27:15 UTC

UpdatedOn

2024-06-25 15:20:19 UTC

Permissions summary

Effective control plane and data plane operations: 127 (unique operations)
•action: 25
•delete: 14
•read: 71
•write: 17

Actions: 8
Resolved control plane operations from Actions: 127
Effective control plane operations: 127
•action: 25
•delete: 14
•read: 71
•write: 17

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16515

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3559

Actions

Operation	Description
Microsoft.Authorization/*/read	wildcarded / no description
Microsoft.ContainerService/locations/*	wildcarded / no description
Microsoft.ContainerService/managedClusters/*	wildcarded / no description
Microsoft.ContainerService/managedclustersnapshots/*	wildcarded / no description
Microsoft.ContainerService/snapshots/*	wildcarded / no description
Microsoft.Insights/alertRules/*	wildcarded / no description
Microsoft.Resources/deployments/*	wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/read	Gets or lists resource groups.

NotActions

n/a

DataActions

n/a

NotDataActions

n/a

Used in
BuiltIn Policy

Policy DisplayName	Policy Id	Category	State
[Preview]: Deploy Image Integrity on Azure Kubernetes Service	5dc99dae-cfb2-42cc-8762-9aae02b74e27	Kubernetes	Preview
Azure Kubernetes Service clusters should be a member of an Azure Kubernetes Fleet Manager.	c7f49635-e3f0-4986-b072-90d0c7c3d4cd	Kubernetes	GA
Configure AKS clusters to automatically join the specified Azure Kubernetes Fleet Manager	cadd9445-aeb8-4ee4-b505-c279db2f737f	Kubernetes	GA
Configure Microsoft Entra ID integrated Azure Kubernetes Service Clusters with required Admin Group Access	36a27de4-199b-40fb-b336-945a8475d6c5	Kubernetes	GA
Configure Node OS Auto upgrade on Azure Kubernetes Cluster	40f1aee2-4db4-4b74-acb1-c6972e24cca8	Kubernetes	GA
Deploy Azure Policy Add-on to Azure Kubernetes Service clusters	a8eff44f-8c92-45c3-a3fb-9880802d67a7	Kubernetes	GA
Deploy Image Cleaner on Azure Kubernetes Service	7e49285c-4bed-4564-b26a-5225ccc311f3	Kubernetes	GA
Disable Command Invoke on Azure Kubernetes Service clusters	1b708b0a-3380-40e9-8b79-821f9fa224cc	Kubernetes	GA

History

Date/Time (UTC ymd) (i)	Change	Change detail
2024-06-25 19:05:04	change: Actions	Actions: 'remove Microsoft.ContainerService/managedClusters/read; remove Microsoft.ContainerService/managedClusters/write; add Microsoft.Authorization//read; add Microsoft.ContainerService/locations/; add Microsoft.ContainerService/managedClusters/; add Microsoft.ContainerService/managedclustersnapshots/; add Microsoft.ContainerService/snapshots/; add Microsoft.Insights/alertRules/; add Microsoft.Resources/subscriptions/resourceGroups/read'
2020-02-28 09:58:27	add: Role	ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8

JSON

api-version=2023-07-01-preview

Condition

none