AzRoleAdvertizer

last sync: 2025-Oct-31 18:22:44 UTC

Azure Kubernetes Service Contributor Role

Azure BuiltIn RBAC Role definition

NameAzure Kubernetes Service Contributor Role
Microsoft Learn
Ided7f3fbd-7b88-4dd4-9017-9adb7ce333f8
DescriptionGrants access to read and write Azure Kubernetes Service clusters
CategoryContainers
Microsoft Learn
CreatedOn2020-02-27 19:27:15 UTC
UpdatedOn2025-07-22 15:11:45 UTC
Permissions summary Effective control plane and data plane operations: 139 (unique operations)
•: 1
•action: 25
•delete: 17
•read: 76
•write: 20

Actions: 9
Resolved control plane operations from Actions: 139
Effective control plane operations: 139
•: 1
•action: 25
•delete: 17
•read: 76
•write: 20

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 17294

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 4078
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.ContainerService/deploymentSafeguards/*wildcarded / no description
Microsoft.ContainerService/locations/*wildcarded / no description
Microsoft.ContainerService/managedClusters/*wildcarded / no description
Microsoft.ContainerService/managedclustersnapshots/*wildcarded / no description
Microsoft.ContainerService/snapshots/*wildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy
Policy DisplayName Policy Id Category State
[Preview]: Deploy Image Integrity on Azure Kubernetes Service 5dc99dae-cfb2-42cc-8762-9aae02b74e27 Kubernetes Preview
Azure Kubernetes Service clusters should be a member of an Azure Kubernetes Fleet Manager. c7f49635-e3f0-4986-b072-90d0c7c3d4cd Kubernetes GA
Configure AKS clusters to automatically join the specified Azure Kubernetes Fleet Manager cadd9445-aeb8-4ee4-b505-c279db2f737f Kubernetes GA
Configure Microsoft Entra ID integrated Azure Kubernetes Service Clusters with required Admin Group Access 36a27de4-199b-40fb-b336-945a8475d6c5 Kubernetes GA
Configure Node OS Auto upgrade on Azure Kubernetes Cluster 40f1aee2-4db4-4b74-acb1-c6972e24cca8 Kubernetes GA
Deploy Azure Policy Add-on to Azure Kubernetes Service clusters a8eff44f-8c92-45c3-a3fb-9880802d67a7 Kubernetes GA
Deploy Image Cleaner on Azure Kubernetes Service 7e49285c-4bed-4564-b26a-5225ccc311f3 Kubernetes GA
Disable Command Invoke on Azure Kubernetes Service clusters 1b708b0a-3380-40e9-8b79-821f9fa224cc Kubernetes GA
History
Date/Time (UTC ymd) (i) Change Change detail
2025-07-22 17:47:16 change: Actions Actions: 'add Microsoft.ContainerService/deploymentSafeguards/*'
2024-06-25 19:05:04 change: Actions Actions: 'remove Microsoft.ContainerService/managedClusters/read; remove Microsoft.ContainerService/managedClusters/write; add Microsoft.Authorization/*/read; add Microsoft.ContainerService/locations/*; add Microsoft.ContainerService/managedClusters/*; add Microsoft.ContainerService/managedclustersnapshots/*; add Microsoft.ContainerService/snapshots/*; add Microsoft.Insights/alertRules/*; add Microsoft.Resources/subscriptions/resourceGroups/read'
2020-02-28 09:58:27 add: Role ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8
JSON
api-version=2023-07-01-preview
Condition none