Role Information
Details and metadata
95de85bd-744d-4664-9dde-11430bc34793
Change History
Track all modifications to this role since 2025-12-15 01:08:16+00:00
Updated On
Event Type
Summary & Details
2024-04-01 15:29:21
Initial Scan
Show full JSON
{
"properties": {
"roleName": "Azure Container Storage Owner",
"type": "BuiltInRole",
"description": "Lets you install Azure Container Storage and grants access to its storage resources",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"Microsoft.ElasticSan/elasticSans/*",
"Microsoft.ElasticSan/locations/*",
"Microsoft.ElasticSan/elasticSans/volumeGroups/*",
"Microsoft.ElasticSan/elasticSans/volumeGroups/volumes/*",
"Microsoft.ElasticSan/locations/asyncoperations/read",
"Microsoft.KubernetesConfiguration/extensions/write",
"Microsoft.KubernetesConfiguration/extensions/read",
"Microsoft.KubernetesConfiguration/extensions/delete",
"Microsoft.KubernetesConfiguration/extensions/operations/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
},
{
"actions": [
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Authorization/roleAssignments/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"Condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{08d4c71acc634ce4a9c85dd251b4d619})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{08d4c71acc634ce4a9c85dd251b4d619}))",
"ConditionVersion": "2.0"
}
],
"createdOn": "2024-03-08T18:56:35.285Z",
"updatedOn": "2024-04-01T15:29:21.829Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/95de85bd-744d-4664-9dde-11430bc34793",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "95de85bd-744d-4664-9dde-11430bc34793"
}
2024-04-01 15:29:21
Initial Scan
View details
{
"properties": {
"roleName": "Azure Container Storage Owner",
"type": "BuiltInRole",
"description": "Lets you install Azure Container Storage and grants access to its storage resources",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"Microsoft.ElasticSan/elasticSans/*",
"Microsoft.ElasticSan/locations/*",
"Microsoft.ElasticSan/elasticSans/volumeGroups/*",
"Microsoft.ElasticSan/elasticSans/volumeGroups/volumes/*",
"Microsoft.ElasticSan/locations/asyncoperations/read",
"Microsoft.KubernetesConfiguration/extensions/write",
"Microsoft.KubernetesConfiguration/extensions/read",
"Microsoft.KubernetesConfiguration/extensions/delete",
"Microsoft.KubernetesConfiguration/extensions/operations/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
},
{
"actions": [
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Authorization/roleAssignments/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"Condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{08d4c71acc634ce4a9c85dd251b4d619})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{08d4c71acc634ce4a9c85dd251b4d619}))",
"ConditionVersion": "2.0"
}
],
"createdOn": "2024-03-08T18:56:35.285Z",
"updatedOn": "2024-04-01T15:29:21.829Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/95de85bd-744d-4664-9dde-11430bc34793",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "95de85bd-744d-4664-9dde-11430bc34793"
}
Latest Role JSON
Raw definition from Azure
{
"properties": {
"roleName": "Azure Container Storage Owner",
"type": "BuiltInRole",
"description": "Lets you install Azure Container Storage and grants access to its storage resources",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"Microsoft.ElasticSan/elasticSans/*",
"Microsoft.ElasticSan/locations/*",
"Microsoft.ElasticSan/elasticSans/volumeGroups/*",
"Microsoft.ElasticSan/elasticSans/volumeGroups/volumes/*",
"Microsoft.ElasticSan/locations/asyncoperations/read",
"Microsoft.KubernetesConfiguration/extensions/write",
"Microsoft.KubernetesConfiguration/extensions/read",
"Microsoft.KubernetesConfiguration/extensions/delete",
"Microsoft.KubernetesConfiguration/extensions/operations/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
},
{
"actions": [
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Authorization/roleAssignments/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"Condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{08d4c71acc634ce4a9c85dd251b4d619})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{08d4c71acc634ce4a9c85dd251b4d619}))",
"ConditionVersion": "2.0"
}
],
"createdOn": "2024-03-08T18:56:35.285Z",
"updatedOn": "2024-04-01T15:29:21.829Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/95de85bd-744d-4664-9dde-11430bc34793",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "95de85bd-744d-4664-9dde-11430bc34793"
}
Effective Permissions
Operations granted by this role (86 total)
Conditional Permissions
This role has conditions that may restrict effective permissions based on context (e.g., resource attributes, request properties).
Permission Patterns (from role definition)
Actions
17 patterns
Microsoft.ElasticSan/elasticSans/*
Microsoft.ElasticSan/locations/*
Microsoft.ElasticSan/elasticSans/volumeGroups/*
Microsoft.ElasticSan/elasticSans/volumeGroups/volumes/*
Microsoft.ElasticSan/locations/asyncoperations/read
Microsoft.KubernetesConfiguration/extensions/write
Microsoft.KubernetesConfiguration/extensions/read
Microsoft.KubernetesConfiguration/extensions/delete
Microsoft.KubernetesConfiguration/extensions/operations/read
Microsoft.Authorization/*/read
Microsoft.Resources/subscriptions/resourceGroups/read
Microsoft.Resources/subscriptions/read
Microsoft.Management/managementGroups/read
Microsoft.Resources/deployments/*
Microsoft.Support/*
Microsoft.Authorization/roleAssignments/write
Microsoft.Authorization/roleAssignments/delete