Back to Operation

Secrets Store Extension Owner

Azure Built-in Role

Role Information

Details and metadata

Role ID
5c227a58-cff3-4b51-9fa3-51bdafb6ca55
Type
BuiltInRole
Last Updated (Azure)
2025-05-05 15:00:32

Change History

Track all modifications to this role

2025-05-05 15:00:32 Created
View details
+ {
+ "properties": {
+ "roleName": "Secrets Store Extension Owner",
+ "type": "BuiltInRole",
+ "description": "Read, create and modify secretsync and secretproviderclass objects. Register and deregister the provider from the subscription.",
+ "assignableScopes": [
+ "/"
+ ],
+ "permissions": [
+ {
+ "actions": [
+ "Microsoft.SecretSyncController/register/action",
+ "Microsoft.SecretSyncController/unregister/action",
+ "Microsoft.SecretSyncController/azureKeyVaultSecretProviderClasses/read",
+ "Microsoft.SecretSyncController/azureKeyVaultSecretProviderClasses/write",
+ "Microsoft.SecretSyncController/azureKeyVaultSecretProviderClasses/delete",
+ "Microsoft.SecretSyncController/locations/operationStatuses/read",
+ "Microsoft.SecretSyncController/locations/operationStatuses/write",
+ "Microsoft.SecretSyncController/operations/read",
+ "Microsoft.SecretSyncController/secretSyncs/read",
+ "Microsoft.SecretSyncController/secretSyncs/write",
+ "Microsoft.SecretSyncController/secretSyncs/delete",
+ "Microsoft.Authorization/*/read",
+ "Microsoft.Insights/alertRules/*",
+ "Microsoft.Resources/deployments/*",
+ "Microsoft.Resources/subscriptions/resourceGroups/read"
+ ],
+ "notActions": [],
+ "dataActions": [],
+ "notDataActions": []
+ }
+ ],
+ "createdOn": "2025-05-05T15:00:32.766Z",
+ "updatedOn": "2025-05-05T15:00:32.766Z",
+ "createdBy": null,
+ "updatedBy": null
+ },
+ "id": "/providers/Microsoft.Authorization/roleDefinitions/5c227a58-cff3-4b51-9fa3-51bdafb6ca55",
+ "type": "Microsoft.Authorization/roleDefinitions",
+ "name": "5c227a58-cff3-4b51-9fa3-51bdafb6ca55"
+ }

Latest Role JSON

Raw definition from Azure

{
  "properties": {
    "roleName": "Secrets Store Extension Owner",
    "type": "BuiltInRole",
    "description": "Read, create and modify secretsync and secretproviderclass objects. Register and deregister the provider from the subscription.",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.SecretSyncController/register/action",
          "Microsoft.SecretSyncController/unregister/action",
          "Microsoft.SecretSyncController/azureKeyVaultSecretProviderClasses/read",
          "Microsoft.SecretSyncController/azureKeyVaultSecretProviderClasses/write",
          "Microsoft.SecretSyncController/azureKeyVaultSecretProviderClasses/delete",
          "Microsoft.SecretSyncController/locations/operationStatuses/read",
          "Microsoft.SecretSyncController/locations/operationStatuses/write",
          "Microsoft.SecretSyncController/operations/read",
          "Microsoft.SecretSyncController/secretSyncs/read",
          "Microsoft.SecretSyncController/secretSyncs/write",
          "Microsoft.SecretSyncController/secretSyncs/delete",
          "Microsoft.Authorization/*/read",
          "Microsoft.Insights/alertRules/*",
          "Microsoft.Resources/deployments/*",
          "Microsoft.Resources/subscriptions/resourceGroups/read"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      }
    ],
    "createdOn": "2025-05-05T15:00:32.766Z",
    "updatedOn": "2025-05-05T15:00:32.766Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/5c227a58-cff3-4b51-9fa3-51bdafb6ca55",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "5c227a58-cff3-4b51-9fa3-51bdafb6ca55"
}

Effective Permissions

Operations granted by this role (59 total)

Permission Patterns (from role definition)

Actions 15 patterns
Microsoft.SecretSyncController/register/action Microsoft.SecretSyncController/unregister/action Microsoft.SecretSyncController/azureKeyVaultSecretProviderClasses/read Microsoft.SecretSyncController/azureKeyVaultSecretProviderClasses/write Microsoft.SecretSyncController/azureKeyVaultSecretProviderClasses/delete Microsoft.SecretSyncController/locations/operationStatuses/read Microsoft.SecretSyncController/locations/operationStatuses/write Microsoft.SecretSyncController/operations/read Microsoft.SecretSyncController/secretSyncs/read Microsoft.SecretSyncController/secretSyncs/write Microsoft.SecretSyncController/secretSyncs/delete Microsoft.Authorization/*/read Microsoft.Insights/alertRules/* Microsoft.Resources/deployments/* Microsoft.Resources/subscriptions/resourceGroups/read

Control Plane Operations (59)

Data Plane Operations (0)

No data plane operations granted