Azure Kubernetes Fleet Manager RBAC Admin

{
  "properties": {
    "roleName": "Azure Kubernetes Fleet Manager RBAC Admin",
    "type": "BuiltInRole",
    "description": "Grants read/write access to Kubernetes resources within a namespace in the fleet-managed hub cluster - provides write permissions on most objects within a a namespace, with the exception of ResourceQuota object and the namespace object itself. Applying this role at cluster scope will give access across all namespaces.",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Authorization/*/read",
          "Microsoft.Resources/subscriptions/operationresults/read",
          "Microsoft.Resources/subscriptions/read",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.ContainerService/fleets/read",
          "Microsoft.ContainerService/fleets/listCredentials/action"
        ],
        "notActions": [],
        "dataActions": [
          "Microsoft.ContainerService/fleets/apps/controllerrevisions/read",
          "Microsoft.ContainerService/fleets/apps/daemonsets/*",
          "Microsoft.ContainerService/fleets/apps/deployments/*",
          "Microsoft.ContainerService/fleets/apps/statefulsets/*",
          "Microsoft.ContainerService/fleets/authorization.k8s.io/localsubjectaccessreviews/write",
          "Microsoft.ContainerService/fleets/autoscaling/horizontalpodautoscalers/*",
          "Microsoft.ContainerService/fleets/batch/cronjobs/*",
          "Microsoft.ContainerService/fleets/batch/jobs/*",
          "Microsoft.ContainerService/fleets/configmaps/*",
          "Microsoft.ContainerService/fleets/endpoints/*",
          "Microsoft.ContainerService/fleets/events.k8s.io/events/read",
          "Microsoft.ContainerService/fleets/events/read",
          "Microsoft.ContainerService/fleets/extensions/daemonsets/*",
          "Microsoft.ContainerService/fleets/extensions/deployments/*",
          "Microsoft.ContainerService/fleets/extensions/ingresses/*",
          "Microsoft.ContainerService/fleets/extensions/networkpolicies/*",
          "Microsoft.ContainerService/fleets/limitranges/read",
          "Microsoft.ContainerService/fleets/namespaces/read",
          "Microsoft.ContainerService/fleets/networking.k8s.io/ingresses/*",
          "Microsoft.ContainerService/fleets/networking.k8s.io/networkpolicies/*",
          "Microsoft.ContainerService/fleets/persistentvolumeclaims/*",
          "Microsoft.ContainerService/fleets/policy/poddisruptionbudgets/*",
          "Microsoft.ContainerService/fleets/rbac.authorization.k8s.io/rolebindings/*",
          "Microsoft.ContainerService/fleets/rbac.authorization.k8s.io/roles/*",
          "Microsoft.ContainerService/fleets/replicationcontrollers/*",
          "Microsoft.ContainerService/fleets/replicationcontrollers/*",
          "Microsoft.ContainerService/fleets/resourcequotas/read",
          "Microsoft.ContainerService/fleets/secrets/*",
          "Microsoft.ContainerService/fleets/serviceaccounts/*",
          "Microsoft.ContainerService/fleets/services/*",
          "Microsoft.ContainerService/fleets/cluster.kubernetes-fleet.io/internalmemberclusters/read",
          "Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/resourceoverrides/*",
          "Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/resourceoverridesnapshots/read",
          "Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/works/read"
        ],
        "notDataActions": []
      }
    ],
    "createdOn": "2022-08-22T15:27:28.651Z",
    "updatedOn": "2024-10-23T15:16:15.504Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/434fb43a-c01c-447e-9f67-c3ad923cfaba",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "434fb43a-c01c-447e-9f67-c3ad923cfaba"
}