SQL DB Contributor - Azure Built-in Role Definition (9b7fa17d-e63e-47b0-bb0a-15c516ac86ec)

Role Information

Details and metadata

Role ID

9b7fa17d-e63e-47b0-bb0a-15c516ac86ec

Type

BuiltInRole

Last Updated (Azure)

2021-11-11 20:13:53

Change History

Track all modifications to this role

Updated On

Event Type

Summary & Details

2021-11-11 20:13:53

Initial Scan

Show full JSON

{
  "properties": {
    "roleName": "SQL DB Contributor",
    "type": "BuiltInRole",
    "description": "Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers.",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Authorization/*/read",
          "Microsoft.Insights/alertRules/*",
          "Microsoft.ResourceHealth/availabilityStatuses/read",
          "Microsoft.Resources/deployments/*",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Sql/locations/*/read",
          "Microsoft.Sql/servers/databases/*",
          "Microsoft.Sql/servers/read",
          "Microsoft.Support/*",
          "Microsoft.Insights/metrics/read",
          "Microsoft.Insights/metricDefinitions/read"
        ],
        "notActions": [
          "Microsoft.Sql/servers/databases/ledgerDigestUploads/write",
          "Microsoft.Sql/servers/databases/ledgerDigestUploads/disable/action",
          "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
          "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
          "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
          "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
          "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
          "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
          "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
          "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
          "Microsoft.Sql/servers/databases/auditingSettings/*",
          "Microsoft.Sql/servers/databases/auditRecords/read",
          "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
          "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
          "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
          "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
          "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
          "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
          "Microsoft.Sql/servers/databases/securityMetrics/*",
          "Microsoft.Sql/servers/databases/sensitivityLabels/*",
          "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
          "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
          "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
          "Microsoft.Sql/servers/vulnerabilityAssessments/*"
        ],
        "dataActions": [],
        "notDataActions": []
      }
    ],
    "createdOn": "2015-02-02T21:55:09.88Z",
    "updatedOn": "2021-11-11T20:13:53.536Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "9b7fa17d-e63e-47b0-bb0a-15c516ac86ec"
}

2021-11-11 20:13:53 Initial Scan

View details

{
  "properties": {
    "roleName": "SQL DB Contributor",
    "type": "BuiltInRole",
    "description": "Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers.",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Authorization/*/read",
          "Microsoft.Insights/alertRules/*",
          "Microsoft.ResourceHealth/availabilityStatuses/read",
          "Microsoft.Resources/deployments/*",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Sql/locations/*/read",
          "Microsoft.Sql/servers/databases/*",
          "Microsoft.Sql/servers/read",
          "Microsoft.Support/*",
          "Microsoft.Insights/metrics/read",
          "Microsoft.Insights/metricDefinitions/read"
        ],
        "notActions": [
          "Microsoft.Sql/servers/databases/ledgerDigestUploads/write",
          "Microsoft.Sql/servers/databases/ledgerDigestUploads/disable/action",
          "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
          "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
          "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
          "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
          "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
          "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
          "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
          "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
          "Microsoft.Sql/servers/databases/auditingSettings/*",
          "Microsoft.Sql/servers/databases/auditRecords/read",
          "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
          "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
          "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
          "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
          "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
          "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
          "Microsoft.Sql/servers/databases/securityMetrics/*",
          "Microsoft.Sql/servers/databases/sensitivityLabels/*",
          "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
          "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
          "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
          "Microsoft.Sql/servers/vulnerabilityAssessments/*"
        ],
        "dataActions": [],
        "notDataActions": []
      }
    ],
    "createdOn": "2015-02-02T21:55:09.88Z",
    "updatedOn": "2021-11-11T20:13:53.536Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "9b7fa17d-e63e-47b0-bb0a-15c516ac86ec"
}

Latest Role JSON

Raw definition from Azure

{
  "properties": {
    "roleName": "SQL DB Contributor",
    "type": "BuiltInRole",
    "description": "Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers.",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Authorization/*/read",
          "Microsoft.Insights/alertRules/*",
          "Microsoft.ResourceHealth/availabilityStatuses/read",
          "Microsoft.Resources/deployments/*",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Sql/locations/*/read",
          "Microsoft.Sql/servers/databases/*",
          "Microsoft.Sql/servers/read",
          "Microsoft.Support/*",
          "Microsoft.Insights/metrics/read",
          "Microsoft.Insights/metricDefinitions/read"
        ],
        "notActions": [
          "Microsoft.Sql/servers/databases/ledgerDigestUploads/write",
          "Microsoft.Sql/servers/databases/ledgerDigestUploads/disable/action",
          "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
          "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
          "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
          "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
          "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
          "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
          "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
          "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
          "Microsoft.Sql/servers/databases/auditingSettings/*",
          "Microsoft.Sql/servers/databases/auditRecords/read",
          "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
          "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
          "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
          "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
          "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
          "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
          "Microsoft.Sql/servers/databases/securityMetrics/*",
          "Microsoft.Sql/servers/databases/sensitivityLabels/*",
          "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
          "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
          "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
          "Microsoft.Sql/servers/vulnerabilityAssessments/*"
        ],
        "dataActions": [],
        "notDataActions": []
      }
    ],
    "createdOn": "2015-02-02T21:55:09.88Z",
    "updatedOn": "2021-11-11T20:13:53.536Z",
    "createdBy": null,
    "updatedBy": null
  },
  "id": "/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "9b7fa17d-e63e-47b0-bb0a-15c516ac86ec"
}

Effective Permissions

Operations granted by this role (295 total)

Permission Patterns (from role definition)

Actions 11 patterns

Microsoft.Authorization/*/read Microsoft.Insights/alertRules/* Microsoft.ResourceHealth/availabilityStatuses/read Microsoft.Resources/deployments/* Microsoft.Resources/subscriptions/resourceGroups/read Microsoft.Sql/locations/*/read Microsoft.Sql/servers/databases/* Microsoft.Sql/servers/read Microsoft.Support/* Microsoft.Insights/metrics/read Microsoft.Insights/metricDefinitions/read

NotActions (excluded)

Microsoft.Sql/servers/databases/ledgerDigestUploads/write Microsoft.Sql/servers/databases/ledgerDigestUploads/disable/action Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/* Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/* Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/* Microsoft.Sql/managedInstances/databases/securityAlertPolicies/* Microsoft.Sql/managedInstances/databases/sensitivityLabels/* Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/* Microsoft.Sql/managedInstances/securityAlertPolicies/* Microsoft.Sql/managedInstances/vulnerabilityAssessments/* Microsoft.Sql/servers/databases/auditingSettings/* Microsoft.Sql/servers/databases/auditRecords/read Microsoft.Sql/servers/databases/currentSensitivityLabels/* Microsoft.Sql/servers/databases/dataMaskingPolicies/* Microsoft.Sql/servers/databases/extendedAuditingSettings/* Microsoft.Sql/servers/databases/recommendedSensitivityLabels/* Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/* Microsoft.Sql/servers/databases/securityAlertPolicies/* Microsoft.Sql/servers/databases/securityMetrics/* Microsoft.Sql/servers/databases/sensitivityLabels/* Microsoft.Sql/servers/databases/vulnerabilityAssessments/* Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/* Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/* Microsoft.Sql/servers/vulnerabilityAssessments/*

Control Plane Operations (295)

Data Plane Operations (0)

No data plane operations granted