AzRoleAdvertizer

last sync: 2025-Jun-23 17:29:53 UTC

Key Vault Contributor

Azure BuiltIn RBAC Role definition

NameKey Vault Contributor
Microsoft Learn
Idf25e0fa2-a7c8-4377-a976-54943a77a395
DescriptionLets you manage key vaults, but not access to them.
CategorySecurity
Microsoft Learn
CreatedOn2016-02-25 17:08:28 UTC
UpdatedOn2021-11-11 20:13:36 UTC
Permissions summary Effective control plane and data plane operations: 103 (unique operations)
•Action: 20
•Delete: 8
•read: 63
•Write: 12

Actions: 6
Resolved control plane operations from Actions: 127
Effective control plane operations: 103
•Action: 20
•Delete: 8
•read: 63
•Write: 12

NotActions: 3
Resolved control plane operations from NotActions: 24
Effective denied control plane operations: 16592

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3568
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.KeyVault/*wildcarded / no description
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Support/*wildcarded / no description
NotActions
Operation Description
Microsoft.KeyVault/hsmPools/*wildcarded / no description
Microsoft.KeyVault/locations/deletedVaults/purge/actionPurge a soft deleted key vault
Microsoft.KeyVault/managedHsms/*wildcarded / no description
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy
Loading extensions...
Rows: 1-2 / 2
Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Page of 1
Policy DisplayName Policy Id Category State
Configure Azure Key Vaults with private endpoints 9d4fad1f-5189-4a42-b29e-cf7929c6b6df Key Vault GA
Configure key vaults to enable firewall ac673a9a-f77d-4846-b2d8-a57f8e1c01dc Key Vault GA
Historynone
JSON
api-version=2023-07-01-preview
 
{9 items
  • roleName: "Key Vault Contributor",
  • type: "BuiltInRole",
  • description: "Lets you manage key vaults, but not access to them.",
  • assignableScopes: [1 item
    • "/"
    ],
  • permissions: [1 item
    • {4 items
      • actions: [6 items
        • "Microsoft.Authorization/*/read",
        • "Microsoft.Insights/alertRules/*",
        • "Microsoft.KeyVault/*",
        • "Microsoft.Resources/deployments/*",
        • "Microsoft.Resources/subscriptions/resourceGroups/read",
        • "Microsoft.Support/*"
        ],
      • notActions: [3 items
        • "Microsoft.KeyVault/locations/deletedVaults/purge/action",
        • "Microsoft.KeyVault/hsmPools/*",
        • "Microsoft.KeyVault/managedHsms/*"
        ],
      • dataActions: [],
      • notDataActions: []
      }
    ],
  • createdOn: "2016-02-25T17:08:28.5184971Z",
  • updatedOn: "2021-11-11T20:13:36.1170988Z",
  • createdBy: null,
  • updatedBy: null
}
Condition none