last sync: 2024-Jul-17 18:20:49 UTC

Key Vault Contributor

Azure BuiltIn RBAC Role definition

NameKey Vault Contributor
DescriptionLets you manage key vaults, but not access to them.
CreatedOn2016-02-25 17:08:28 UTC
UpdatedOn2021-11-11 20:13:36 UTC
Permissions summary Effective control plane and data plane operations: 101 (unique operations)
•: 1
•Action: 20
•Delete: 8
•read: 60
•Write: 12

Actions: 6
Resolved control plane operations from Actions: 125
Effective control plane operations: 101
•: 1
•Action: 20
•Delete: 8
•read: 60
•Write: 12

NotActions: 3
Resolved control plane operations from NotActions: 24
Effective denied control plane operations: 15593

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3217
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.KeyVault/*wildcarded / no description
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Support/*wildcarded / no description
Operation Description
Microsoft.KeyVault/hsmPools/*wildcarded / no description
Microsoft.KeyVault/locations/deletedVaults/purge/actionPurge a soft deleted key vault
Microsoft.KeyVault/managedHsms/*wildcarded / no description
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy
Policy DisplayName Policy Id Category State
Configure Azure Key Vaults with private endpoints 9d4fad1f-5189-4a42-b29e-cf7929c6b6df Key Vault GA
Configure key vaults to enable firewall ac673a9a-f77d-4846-b2d8-a57f8e1c01dc Key Vault GA
Condition none