AzRoleAdvertizer

last sync: 2025-May-30 17:23:17 UTC

Azure Kubernetes Fleet Manager RBAC Cluster Writer

Azure BuiltIn RBAC Role definition

Name

Azure Kubernetes Fleet Manager RBAC Cluster Writer

1dc4cd5a-de51-4ee4-bc8e-b40e9c17e320

Description

Grants read/write access to most Kubernetes cluster-scoped resources in the fleet-managed hub cluster.

Category

None

CreatedOn

2024-10-21 15:04:48 UTC

UpdatedOn

2024-10-21 15:04:48 UTC

Permissions summary

Effective control plane and data plane operations: 63 (unique operations)
•action: 1
•read: 37
•write: 25

Actions: 2
Resolved control plane operations from Actions: 2
Effective control plane operations: 2
•action: 1
•read: 1

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16581

DataActions: 61
Resolved data plane operations: 61
Effective data plane operations: 61
•read: 36
•write: 25

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3497

Actions

Operation	Description
Microsoft.ContainerService/fleets/listCredentials/action	List fleet credentials
Microsoft.ContainerService/fleets/read	Get fleet

NotActions

n/a

DataActions

Operation	Description
Microsoft.ContainerService/fleets/apiextensions.k8s.io/customresourcedefinitions/read	Reads customresourcedefinitions
Microsoft.ContainerService/fleets/apps/controllerrevisions/read	Reads controllerrevisions
Microsoft.ContainerService/fleets/apps/daemonsets/read	Reads daemonsets
Microsoft.ContainerService/fleets/apps/daemonsets/write	Writes daemonsets
Microsoft.ContainerService/fleets/apps/deployments/read	Reads deployments
Microsoft.ContainerService/fleets/apps/deployments/write	Writes deployments
Microsoft.ContainerService/fleets/apps/statefulsets/read	Reads statefulsets
Microsoft.ContainerService/fleets/apps/statefulsets/write	Writes statefulsets
Microsoft.ContainerService/fleets/autoscaling/horizontalpodautoscalers/read	Reads horizontalpodautoscalers
Microsoft.ContainerService/fleets/autoscaling/horizontalpodautoscalers/write	Writes horizontalpodautoscalers
Microsoft.ContainerService/fleets/batch/cronjobs/read	Reads cronjobs
Microsoft.ContainerService/fleets/batch/cronjobs/write	Writes cronjobs
Microsoft.ContainerService/fleets/batch/jobs/read	Reads jobs
Microsoft.ContainerService/fleets/batch/jobs/write	Writes jobs
Microsoft.ContainerService/fleets/cluster.kubernetes-fleet.io/memberclusters/read	Read fleet membercluster resource
Microsoft.ContainerService/fleets/cluster.kubernetes-fleet.io/memberclusters/write	Write fleet membercluster resource
Microsoft.ContainerService/fleets/configmaps/read	Reads configmaps
Microsoft.ContainerService/fleets/configmaps/write	Writes configmaps
Microsoft.ContainerService/fleets/endpoints/read	Reads endpoints
Microsoft.ContainerService/fleets/endpoints/write	Writes endpoints
Microsoft.ContainerService/fleets/events.k8s.io/events/read	Reads events
Microsoft.ContainerService/fleets/events/read	Reads events
Microsoft.ContainerService/fleets/extensions/daemonsets/read	Reads daemonsets
Microsoft.ContainerService/fleets/extensions/daemonsets/write	Writes daemonsets
Microsoft.ContainerService/fleets/extensions/deployments/read	Reads deployments
Microsoft.ContainerService/fleets/extensions/deployments/write	Writes deployments
Microsoft.ContainerService/fleets/extensions/ingresses/read	Reads ingresses
Microsoft.ContainerService/fleets/extensions/ingresses/write	Writes ingresses
Microsoft.ContainerService/fleets/extensions/networkpolicies/read	Reads networkpolicies
Microsoft.ContainerService/fleets/extensions/networkpolicies/write	Writes networkpolicies
Microsoft.ContainerService/fleets/limitranges/read	Reads limitranges
Microsoft.ContainerService/fleets/namespaces/read	Reads namespaces
Microsoft.ContainerService/fleets/networking.k8s.io/ingresses/read	Reads ingresses
Microsoft.ContainerService/fleets/networking.k8s.io/ingresses/write	Writes ingresses
Microsoft.ContainerService/fleets/networking.k8s.io/networkpolicies/read	Reads networkpolicies
Microsoft.ContainerService/fleets/networking.k8s.io/networkpolicies/write	Writes networkpolicies
Microsoft.ContainerService/fleets/nodes/read	Reads nodes
Microsoft.ContainerService/fleets/nodes/write	Writes nodes
Microsoft.ContainerService/fleets/persistentvolumeclaims/read	Reads persistentvolumeclaims
Microsoft.ContainerService/fleets/persistentvolumeclaims/write	Writes persistentvolumeclaims
Microsoft.ContainerService/fleets/persistentvolumes/read	Reads persistentvolumes
Microsoft.ContainerService/fleets/persistentvolumes/write	Writes persistentvolumes
Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourcebindings/read	Read fleet clusterresourcebinding resource
Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceoverrides/read	Read fleet clusterresourceoverride resource
Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceoverrides/write	Write fleet clusterresourceoverride resource
Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceoverridesnapshots/read	Read fleet clusterresourceoverridesnapshot resource
Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceplacements/read	Read fleet clusterresourceplacement resource
Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceplacements/write	Write fleet clusterresourceplacement resource
Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourcesnapshots/read	Read fleet clusterresourcesnapshot resource
Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterschedulingpolicysnapshots/read	Read fleet clusterschedulingpolicysnapshot resource
Microsoft.ContainerService/fleets/policy/poddisruptionbudgets/read	Reads poddisruptionbudgets
Microsoft.ContainerService/fleets/policy/poddisruptionbudgets/write	Writes poddisruptionbudgets
Microsoft.ContainerService/fleets/replicationcontrollers/read	Reads replicationcontrollers
Microsoft.ContainerService/fleets/replicationcontrollers/write	Writes replicationcontrollers
Microsoft.ContainerService/fleets/resourcequotas/read	Reads resourcequotas
Microsoft.ContainerService/fleets/secrets/read	Reads secrets
Microsoft.ContainerService/fleets/secrets/write	Writes secrets
Microsoft.ContainerService/fleets/serviceaccounts/read	Reads serviceaccounts
Microsoft.ContainerService/fleets/serviceaccounts/write	Writes serviceaccounts
Microsoft.ContainerService/fleets/services/read	Reads services
Microsoft.ContainerService/fleets/services/write	Writes services

NotDataActions

n/a

Used in
BuiltIn Policy

none

History

Date/Time (UTC ymd) (i)	Change	Change detail
2024-10-21 17:52:38	add: Role	1dc4cd5a-de51-4ee4-bc8e-b40e9c17e320

JSON

api-version=2023-07-01-preview

{9 itemsroleName: "Azure Kubernetes Fleet Manager RBAC Cluster Writer",
type: "BuiltInRole",
description: "Grants read/write access to most Kubernetes cluster-scoped resources in the fleet-managed hub cluster.",
assignableScopes: [1 item"/"
],
permissions: [1 item{4 itemsactions: [2 items"Microsoft.ContainerService/fleets/read",
"Microsoft.ContainerService/fleets/listCredentials/action"
],
notActions: [],
dataActions: [61 items"Microsoft.ContainerService/fleets/apiextensions.k8s.io/customresourcedefinitions/read",
"Microsoft.ContainerService/fleets/apps/controllerrevisions/read",
"Microsoft.ContainerService/fleets/apps/daemonsets/read",
"Microsoft.ContainerService/fleets/apps/daemonsets/write",
"Microsoft.ContainerService/fleets/apps/deployments/read",
"Microsoft.ContainerService/fleets/apps/deployments/write",
"Microsoft.ContainerService/fleets/apps/statefulsets/read",
"Microsoft.ContainerService/fleets/apps/statefulsets/write",
"Microsoft.ContainerService/fleets/autoscaling/horizontalpodautoscalers/read",
"Microsoft.ContainerService/fleets/autoscaling/horizontalpodautoscalers/write",
"Microsoft.ContainerService/fleets/batch/cronjobs/read",
"Microsoft.ContainerService/fleets/batch/cronjobs/write",
"Microsoft.ContainerService/fleets/batch/jobs/read",
"Microsoft.ContainerService/fleets/batch/jobs/write",
"Microsoft.ContainerService/fleets/configmaps/read",
"Microsoft.ContainerService/fleets/configmaps/write",
"Microsoft.ContainerService/fleets/endpoints/read",
"Microsoft.ContainerService/fleets/endpoints/write",
"Microsoft.ContainerService/fleets/events.k8s.io/events/read",
"Microsoft.ContainerService/fleets/events/read",
"Microsoft.ContainerService/fleets/extensions/daemonsets/read",
"Microsoft.ContainerService/fleets/extensions/daemonsets/write",
"Microsoft.ContainerService/fleets/extensions/deployments/read",
"Microsoft.ContainerService/fleets/extensions/deployments/write",
"Microsoft.ContainerService/fleets/extensions/ingresses/read",
"Microsoft.ContainerService/fleets/extensions/ingresses/write",
"Microsoft.ContainerService/fleets/extensions/networkpolicies/read",
"Microsoft.ContainerService/fleets/extensions/networkpolicies/write",
"Microsoft.ContainerService/fleets/limitranges/read",
"Microsoft.ContainerService/fleets/namespaces/read",
"Microsoft.ContainerService/fleets/networking.k8s.io/ingresses/read",
"Microsoft.ContainerService/fleets/networking.k8s.io/ingresses/write",
"Microsoft.ContainerService/fleets/networking.k8s.io/networkpolicies/read",
"Microsoft.ContainerService/fleets/networking.k8s.io/networkpolicies/write",
"Microsoft.ContainerService/fleets/nodes/read",
"Microsoft.ContainerService/fleets/nodes/write",
"Microsoft.ContainerService/fleets/persistentvolumes/read",
"Microsoft.ContainerService/fleets/persistentvolumes/write",
"Microsoft.ContainerService/fleets/persistentvolumeclaims/read",
"Microsoft.ContainerService/fleets/persistentvolumeclaims/write",
"Microsoft.ContainerService/fleets/policy/poddisruptionbudgets/read",
"Microsoft.ContainerService/fleets/policy/poddisruptionbudgets/write",
"Microsoft.ContainerService/fleets/replicationcontrollers/read",
"Microsoft.ContainerService/fleets/replicationcontrollers/write",
"Microsoft.ContainerService/fleets/resourcequotas/read",
"Microsoft.ContainerService/fleets/secrets/read",
"Microsoft.ContainerService/fleets/secrets/write",
"Microsoft.ContainerService/fleets/serviceaccounts/read",
"Microsoft.ContainerService/fleets/serviceaccounts/write",
"Microsoft.ContainerService/fleets/services/read",
"Microsoft.ContainerService/fleets/services/write",
"Microsoft.ContainerService/fleets/cluster.kubernetes-fleet.io/memberclusters/read",
"Microsoft.ContainerService/fleets/cluster.kubernetes-fleet.io/memberclusters/write",
"Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceplacements/read",
"Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceplacements/write",
"Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourcebindings/read",
"Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourcesnapshots/read",
"Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterschedulingpolicysnapshots/read",
"Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceoverrides/read",
"Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceoverrides/write",
"Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceoverridesnapshots/read"
],
notDataActions: []
}
],
createdOn: "2024-10-21T15:04:48.6744253Z",
updatedOn: "2024-10-21T15:04:48.6744253Z",
createdBy: null,
updatedBy: null
}

Condition

none