AzRoleAdvertizer

last sync: 2025-Jun-20 17:23:26 UTC

Azure Kubernetes Service Namespace User

Azure BuiltIn RBAC Role definition

NameAzure Kubernetes Service Namespace User
Idc9f76ca8-b262-4b10-8ed2-09cf0948aa35
DescriptionAllows users to read Azure Kubernetes Service namespace resources. In-cluster namespace access further requires assignment of Azure Kubernetes Service RBAC roles to the namespace resource for an Entra ID enabled cluster.
CategoryNone
CreatedOn2025-06-12 17:55:19 UTC
UpdatedOn2025-06-12 17:55:19 UTC
Permissions summary Effective control plane and data plane operations: 2 (unique operations)
•action: 1
•read: 1

Actions: 2
Resolved control plane operations from Actions: 2
Effective control plane operations: 2
•action: 1
•read: 1

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16695

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3565
Actions
Operation Description
Microsoft.ContainerService/managedClusters/managedNamespaces/listCredential/actionList cluster credentials of a managed namespace
Microsoft.ContainerService/managedClusters/managedNamespaces/readGet a managed namespace of a managed cluster
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy		 none
History
Date/Time (UTC ymd) (i) Change Change detail
2025-06-13 17:22:48 add: Role c9f76ca8-b262-4b10-8ed2-09cf0948aa35
JSON
api-version=2023-07-01-preview
 
{9 items
  • roleName: "Azure Kubernetes Service Namespace User",
  • type: "BuiltInRole",
  • description: "Allows users to read Azure Kubernetes Service namespace resources. In-cluster namespace access further requires assignment of Azure Kubernetes Service RBAC roles to the namespace resource for an Entra ID enabled cluster.",
  • assignableScopes: [1 item
    • "/"
    ],
  • permissions: [1 item
    • {4 items
      • actions: [2 items
        • "Microsoft.ContainerService/managedClusters/managedNamespaces/read",
        • "Microsoft.ContainerService/managedClusters/managedNamespaces/listCredential/action"
        ],
      • notActions: [],
      • dataActions: [],
      • notDataActions: []
      }
    ],
  • createdOn: "2025-06-12T17:55:19.3885549Z",
  • updatedOn: "2025-06-12T17:55:19.3885549Z",
  • createdBy: null,
  • updatedBy: null
}
Condition none