AzRoleAdvertizer

last sync: 2025-Oct-31 18:22:44 UTC

Defender For Container Registries Operator

Azure BuiltIn RBAC Role definition

NameDefender For Container Registries Operator
Idc5c82243-e78e-43f9-8428-793bba85b28e
DescriptionGrants Microsoft Defender for Cloud access to Azure Container Registries
CategoryNone
CreatedOn2025-08-13 15:27:47 UTC
UpdatedOn2025-09-11 12:56:35 UTC
Permissions summary Effective control plane and data plane operations: 6 (unique operations)
•read: 6

Actions: 3
Resolved control plane operations from Actions: 3
Effective control plane operations: 3
•read: 3

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 17430

DataActions: 3
Resolved data plane operations: 3
Effective data plane operations: 3
•read: 3

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 4075
Actions
Operation Description
Microsoft.ContainerRegistry/registries/metadata/readGets the metadata of a specific repository for a container registry
Microsoft.ContainerRegistry/registries/pull/readPull or Get images from a container registry.
Microsoft.ContainerRegistry/registries/readGets the properties of the specified container registry or lists all the container registries under the specified resource group or subscription.
NotActions n/a
DataActions
Operation Description
Microsoft.ContainerRegistry/registries/catalog/readList repositories in a container registry.
Microsoft.ContainerRegistry/registries/repositories/content/readPull or Get images from a container registry.
Microsoft.ContainerRegistry/registries/repositories/metadata/readGets the metadata of a specific repository for a container registry
NotDataActions n/a
Used in
BuiltIn Policy		 none
History
Date/Time (UTC ymd) (i) Change Change detail
2025-09-11 17:22:51 change: Actions, DataActions Actions: 'add Microsoft.ContainerRegistry/registries/pull/read; add Microsoft.ContainerRegistry/registries/metadata/read; add Microsoft.ContainerRegistry/registries/read',
DataActions: 'add Microsoft.ContainerRegistry/registries/repositories/content/read; add Microsoft.ContainerRegistry/registries/repositories/metadata/read; add Microsoft.ContainerRegistry/registries/catalog/read'
2025-08-13 17:22:30 add: Role c5c82243-e78e-43f9-8428-793bba85b28e
JSON
api-version=2023-07-01-preview
Condition none