AzRoleAdvertizer

last sync: 2025-Apr-29 17:15:48 UTC

Azure Kubernetes Service Contributor Role

Azure BuiltIn RBAC Role definition

NameAzure Kubernetes Service Contributor Role
Microsoft Learn
Ided7f3fbd-7b88-4dd4-9017-9adb7ce333f8
DescriptionGrants access to read and write Azure Kubernetes Service clusters
CategoryContainers
Microsoft Learn
CreatedOn2020-02-27 19:27:15 UTC
UpdatedOn2024-06-25 15:20:19 UTC
Permissions summary Effective control plane and data plane operations: 126 (unique operations)
•action: 24
•delete: 14
•read: 71
•write: 17

Actions: 8
Resolved control plane operations from Actions: 126
Effective control plane operations: 126
•action: 24
•delete: 14
•read: 71
•write: 17

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16364

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3371
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.ContainerService/locations/*wildcarded / no description
Microsoft.ContainerService/managedClusters/*wildcarded / no description
Microsoft.ContainerService/managedclustersnapshots/*wildcarded / no description
Microsoft.ContainerService/snapshots/*wildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy
Policy DisplayName Policy Id Category State
[Preview]: Deploy Image Integrity on Azure Kubernetes Service 5dc99dae-cfb2-42cc-8762-9aae02b74e27 Kubernetes GA
Configure Microsoft Entra ID integrated Azure Kubernetes Service Clusters with required Admin Group Access 36a27de4-199b-40fb-b336-945a8475d6c5 Kubernetes GA
Configure Node OS Auto upgrade on Azure Kubernetes Cluster 40f1aee2-4db4-4b74-acb1-c6972e24cca8 Kubernetes GA
Deploy Azure Policy Add-on to Azure Kubernetes Service clusters a8eff44f-8c92-45c3-a3fb-9880802d67a7 Kubernetes GA
Deploy Image Cleaner on Azure Kubernetes Service 7e49285c-4bed-4564-b26a-5225ccc311f3 Kubernetes GA
Disable Command Invoke on Azure Kubernetes Service clusters 1b708b0a-3380-40e9-8b79-821f9fa224cc Kubernetes GA
History
Date/Time (UTC ymd) (i) Change Change detail
2024-06-25 19:05:04 change: Actions Actions: 'remove Microsoft.ContainerService/managedClusters/read; remove Microsoft.ContainerService/managedClusters/write; add Microsoft.Authorization/*/read; add Microsoft.ContainerService/locations/*; add Microsoft.ContainerService/managedClusters/*; add Microsoft.ContainerService/managedclustersnapshots/*; add Microsoft.ContainerService/snapshots/*; add Microsoft.Insights/alertRules/*; add Microsoft.Resources/subscriptions/resourceGroups/read'
2020-02-28 09:58:27 add: Role ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8
JSON
api-version=2023-07-01-preview
Condition none