AzRoleAdvertizer

last sync: 2025-Aug-01 17:22:47 UTC

Azure Red Hat OpenShift Image Registry Operator

Azure BuiltIn RBAC Role definition

NameAzure Red Hat OpenShift Image Registry Operator
Microsoft Learn
Id8b32b316-c2f5-4ddf-b05b-83dacd2d08b5
DescriptionEnables permissions for the operator to manage a singleton instance of the OpenShift image registry. It manages all configuration of the registry, including creating storage.
CategoryContainers
Microsoft Learn
CreatedOn2024-01-31 16:20:01 UTC
UpdatedOn2025-07-28 15:04:34 UTC
Permissions summary Effective control plane and data plane operations: 30 (unique operations)
•action: 8
•delete: 3
•read: 10
•write: 9

Actions: 25
Resolved control plane operations from Actions: 25
Effective control plane operations: 25
•action: 6
•delete: 2
•read: 9
•write: 8

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16869

DataActions: 5
Resolved data plane operations: 5
Effective data plane operations: 5
•action: 2
•delete: 1
•read: 1
•write: 1

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3582
Actions
Operation Description
Microsoft.Network/networkInterfaces/readGets a network interface definition.
Microsoft.Network/privateDnsZones/A/writeCreate or update a record set of type ‘A’ within a Private DNS zone. The records specified will replace the current records in the record set.
Microsoft.Network/privateDnsZones/join/actionJoins a Private DNS Zone
Microsoft.Network/privateDnsZones/readGet the Private DNS zone properties, in JSON format. Note that this command does not retrieve the virtual networks to which the Private DNS zone is linked or the record sets contained within the zone.
Microsoft.Network/privateDnsZones/virtualNetworkLinks/readGet the Private DNS zone link to virtual network properties, in JSON format.
Microsoft.Network/privateDnsZones/virtualNetworkLinks/writeCreate or update a Private DNS zone link to virtual network.
Microsoft.Network/privateDnsZones/writeCreate or update a Private DNS zone within a resource group. Note that this command cannot be used to create or update virtual network links or record sets within the zone.
Microsoft.Network/privateEndpoints/privateDnsZoneGroups/readGets a Private DNS Zone Group
Microsoft.Network/privateEndpoints/privateDnsZoneGroups/writePuts a Private DNS Zone Group
Microsoft.Network/privateEndpoints/readGets an private endpoint resource.
Microsoft.Network/privateEndpoints/writeCreates a new private endpoint, or updates an existing private endpoint.
Microsoft.Network/virtualNetworks/join/actionJoins a virtual network. Not Alertable.
Microsoft.Network/virtualNetworks/subnets/join/actionJoins a virtual network. Not Alertable.
Microsoft.Network/virtualNetworks/subnets/readGets a virtual network subnet definition
Microsoft.Resources/tags/writeUpdates the tags on a resource by replacing or merging existing tags with a new set of tags, or removing existing tags.
Microsoft.Storage/storageAccounts/blobServices/containers/deleteReturns the result of deleting a container
Microsoft.Storage/storageAccounts/blobServices/containers/readReturns list of containers
Microsoft.Storage/storageAccounts/blobServices/containers/writeReturns the result of put blob container
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionReturns a user delegation key for the blob service
Microsoft.Storage/storageAccounts/blobServices/readReturns blob service properties or statistics
Microsoft.Storage/storageAccounts/deleteDeletes an existing storage account.
Microsoft.Storage/storageAccounts/listKeys/actionReturns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/PrivateEndpointConnectionsApproval/actionApprove Private Endpoint Connections
Microsoft.Storage/storageAccounts/readReturns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Storage/storageAccounts/writeCreates a storage account with the specified parameters or update the properties or tags or adds custom domain for the specified storage account.
NotActions n/a
DataActions
Operation Description
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/actionReturns the result of adding blob content
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteReturns the result of deleting a blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/actionMoves the blob from one path to another
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readReturns a blob or a list of blobs
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeReturns the result of writing a blob
NotDataActions n/a
Used in
BuiltIn Policy		 none
History
Date/Time (UTC ymd) (i) Change Change detail
2025-07-28 17:33:19 change: Actions Actions: 'add Microsoft.Storage/storageAccounts/PrivateEndpointConnectionsApproval/action; add Microsoft.Network/privateEndpoints/write; add Microsoft.Network/privateEndpoints/read; add Microsoft.Network/privateEndpoints/privateDnsZoneGroups/write; add Microsoft.Network/privateEndpoints/privateDnsZoneGroups/read; add Microsoft.Network/privateDnsZones/read; add Microsoft.Network/privateDnsZones/write; add Microsoft.Network/privateDnsZones/join/action; add Microsoft.Network/privateDnsZones/A/write; add Microsoft.Network/privateDnsZones/virtualNetworkLinks/write; add Microsoft.Network/privateDnsZones/virtualNetworkLinks/read; add Microsoft.Network/networkInterfaces/read; add Microsoft.Network/virtualNetworks/subnets/read; add Microsoft.Network/virtualNetworks/subnets/join/action; add Microsoft.Network/virtualNetworks/join/action'
2025-03-21 20:19:24 change: DisplayName, Actions New DisplayName: 'Azure Red Hat OpenShift Image Registry Operator'
Old DisplayName: 'Azure RedHat OpenShift Image Registry Operator Role',
Actions: 'add Microsoft.Storage/storageAccounts/blobServices/containers/delete'
2024-04-15 17:47:24 change: Actions, DataActions Actions: 'add Microsoft.Storage/storageAccounts/blobServices/read; add Microsoft.Storage/storageAccounts/blobServices/containers/read; add Microsoft.Storage/storageAccounts/blobServices/containers/write; add Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action; add Microsoft.Storage/storageAccounts/read; add Microsoft.Storage/storageAccounts/write; add Microsoft.Storage/storageAccounts/delete; add Microsoft.Storage/storageAccounts/listKeys/action; add Microsoft.Resources/tags/write',
DataActions: 'add Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete; add Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write; add Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read; add Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action; add Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action'
2024-01-31 19:57:40 add: Role 8b32b316-c2f5-4ddf-b05b-83dacd2d08b5
JSON
api-version=2023-07-01-preview
Condition none