AD Roles

Ace your homework & exams now with Quizwiz!

Azure Event Hubs Data Owner

Allows for full access to Azure Event Hubs resources.

Azure Kubernetes Service RBAC Reader

Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces.

Azure Kubernetes Service RBAC Writer

Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces.

Azure Event Hubs Data Reciever

Allows receive access to Azure Event Hubs resources.

Azure Event Hubs Data Sender

Allows send access to Azure Event Hubs resources.

Managed Identity Contributor

Create, Read, Update, and Delete User Assigned Identity

Global Administrator

Full access to identity protection

Azure Kubernetes Service Contributor Role

Grants access to read and write Azure Kubernetes Service clusters

Contributor

Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.

Owner

Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. in regards to acr - access resource manager, create/delete registry, push image, pull image, delete image data nd change policies

Authentication Administrator

Has access to view, set, and reset authentication method information for any non-admin

SQL Managed Instance Contributor

Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.

SQL DB Contributor

Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers.

SQL Server Contributor

Lets you manage SQL servers and databases, but not access to them, and not their security-related policies.

Azure Kubernetes Service RBAC Cluster Admin

Lets you manage all resources in the cluster.

Azure Kubernetes Service RBAC Admin

Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.

Classic Virtual Machine Contributor

Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.

SQL Security Manager

Lets you manage the security-related policies of SQL servers and databases, but not access to them.

User Access Administrator

Lets you manage user access to Azure resources.

Virtual Machine Contributor

Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.

Security Assessment Contributor

Lets you push assessments to Security Center

Azure Kubernetes Service Cluster Admin Role

List cluster admin credential action.

Azure Kubernetes Service Cluster User Role

List cluster user credential action.

Key Vault Contributor

Manage key vaults, but does not allow you to assign roles in Azure RBAC, and does not allow you to access secrets, keys, or certificates.

Key Vault Administrator

Perform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets. Cannot manage key vault resources or manage role assignments. Only works for key vaults that use the 'Azure role-based access control' permission model.

Key Vault Certificates Officer

Perform any action on the certificates of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model.

Key Vault Secrets Officer

Perform any action on the secrets of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model.

AcrQuarantineReader

Quarantine reader

AcrQuarantineWriter

Quarantine writer

Managed Identity Operator

Read and Assign User Assigned Identity

Key Vault Reader

Read metadata of key vaults and its certificates, keys, and secrets. Cannot read sensitive values such as secret contents or key material. Only works for key vaults that use the 'Azure role-based access control' permission model.

Key Vault Secrets User

Read secret contents. Only works for key vaults that use the 'Azure role-based access control' permission model.

Virtual Machine User Login

View Virtual Machines in the portal and login as a regular user.

Virtual Machine Administrator Login

View Virtual Machines in the portal and login as administrator

Reader

View all resources, but does not allow you to make any changes. reader in regaurds to acr - access resource manager and pull image.

Security Admin

View and update permissions for Security Center. Same permissions as the Security Reader role and can also update the security policy and dismiss alerts and recommendations. full access to identity protection. cannot reset a password for a user.

Security Reader

View permissions for Security Center. Can view recommendations, alerts, a security policy, and security states, but cannot make changes. view all identity protection reports and overview blade. cannot configure or change polices, reset a password for a user or configure alerts, and give feedback on detections.

Application Administrator

can create and manage all aspects of app registrations and enterprise apps. Users in this role can create application registrations when the "Users can register applications" setting is set to No. This role also grants permission to consent on one's own behalf when the "Users can consent to apps accessing company data on their behalf" setting is set to No. Users assigned to this role are added as owners when creating new application registrations or enterprise applications.

Application Developer

can create application registrations independent of the users can register applications setting.

Azure Sentinel Contributor

create and edit workbooks, analytic rules and other azure sentinel resources. manage incidents, view data, incidents, workbooks, and other azure sentinel resources.

Azure Sentinel contributor + login app contributor

create and run playbooks, plus create and edit workbooks, analytic rules and other azure sentinel resources. manage incidents, view data, incidents, workbooks, and other azure sentinel resources.

AcrDelete

delete image data

Azure Sentinel Responder

manage incidents, view data, incidents, workbooks, and other azure sentinel resources.

AcrPull

pull image

AcrPush

push and pull image using docker push

AcrImageSigner

sign images. typically combined with push image to allow pushing a trusted image to a registry

Security Operator

view all identity protection reports and overview blade. dismiss user risk, confirm safe sign in, confirm compromise. cannot configure or change polices, reset a password for a user or configure alerts.

Azure Sentinel Reader

view data, incidents, workbooks, and other azure sentinel resources.


Related study sets

CH 10 Security in network designs

View Set

History 17B "Howard Zinn A people's History of the United States"

View Set

Physics 1-II Final Practice (Atomic Nature of Matter)

View Set

Introduction To Python Midterm Exam Review: Practice questions

View Set