Package com.azure.resourcemanager.authorization.models

Class BuiltInRole

java.lang.Object
com.azure.core.util.ExpandableStringEnum<BuiltInRole>
com.azure.resourcemanager.authorization.models.BuiltInRole
public final class BuiltInRole extends com.azure.core.util.ExpandableStringEnum<BuiltInRole>
Defines values for roles.

It is not the complete list of roles. See RoleDefinitions.listByScope(String) for all viable roles, and RoleDefinition.roleName() as BuiltInRole.

  • Field Details

    • API_MANAGEMENT_SERVICE_CONTRIBUTOR

      public static final BuiltInRole API_MANAGEMENT_SERVICE_CONTRIBUTOR
      A role that can manage API Management service and the APIs.

    • API_MANAGEMENT_SERVICE_OPERATOR_ROLE

      public static final BuiltInRole API_MANAGEMENT_SERVICE_OPERATOR_ROLE
      A role that can manage API Management service, but not the APIs themselves.

    • API_MANAGEMENT_SERVICE_READER_ROLE

      public static final BuiltInRole API_MANAGEMENT_SERVICE_READER_ROLE
      A role that has read-only access to API Management service and APIs.

    • APPLICATION_INSIGHTS_COMPONENT_CONTRIBUTOR

      public static final BuiltInRole APPLICATION_INSIGHTS_COMPONENT_CONTRIBUTOR
      A role that can manage Application Insights components.

    • AUTOMATION_OPERATOR

      public static final BuiltInRole AUTOMATION_OPERATOR
      A role that is able to start, stop, suspend, and resume jobs.

    • BACKUP_CONTRIBUTOR

      public static final BuiltInRole BACKUP_CONTRIBUTOR
      A role that can manage backup in Recovery Services vault.

    • BACKUP_OPERATOR

      public static final BuiltInRole BACKUP_OPERATOR
      A role that can manage backup except removing backup, in Recovery Services vault.

    • BACKUP_READER

      public static final BuiltInRole BACKUP_READER
      A role that can view all backup management services.

    • BILLING_READER

      public static final BuiltInRole BILLING_READER
      A role that can view all billing information.

    • BIZTALK_CONTRIBUTOR

      public static final BuiltInRole BIZTALK_CONTRIBUTOR
      A role that can manage BizTalk services.

    • CLEARDB_MYSQL_DB_CONTRIBUTOR

      public static final BuiltInRole CLEARDB_MYSQL_DB_CONTRIBUTOR
      A role that can manage ClearDB MySQL databases.

    • CONTRIBUTOR

      public static final BuiltInRole CONTRIBUTOR
      A role that can manage everything except access..

    • DATA_FACTORY_CONTRIBUTOR

      public static final BuiltInRole DATA_FACTORY_CONTRIBUTOR
      A role that can create and manage data factories, and child resources within them..

    • DEVTEST_LABS_USER

      public static final BuiltInRole DEVTEST_LABS_USER
      A role that can view everything and connect, start, restart, and shutdown virtual machines.

    • DNS_ZONE_CONTRIBUTOR

      public static final BuiltInRole DNS_ZONE_CONTRIBUTOR
      A role that can manage DNS zones and records.

    • AZURE_COSMOS_DB_ACCOUNT_CONTRIBUTOR

      public static final BuiltInRole AZURE_COSMOS_DB_ACCOUNT_CONTRIBUTOR
      A role that can manage Azure Cosmos DB accounts.

    • INTELLIGENT_SYSTEMS_ACCOUNT_CONTRIBUTOR

      public static final BuiltInRole INTELLIGENT_SYSTEMS_ACCOUNT_CONTRIBUTOR
      A role that can manage Intelligent Systems accounts.

    • MANAGED_IDENTITY_CONTRIBUTOR

      public static final BuiltInRole MANAGED_IDENTITY_CONTRIBUTOR
      A role that can manage user assigned identities.

    • MANAGED_IDENTITY_OPERATOR

      public static final BuiltInRole MANAGED_IDENTITY_OPERATOR
      A role that can read and assign user assigned identities.

    • MONITORING_READER

      public static final BuiltInRole MONITORING_READER
      A role that can read all monitoring data.

    • MONITORING_CONTRIBUTOR

      public static final BuiltInRole MONITORING_CONTRIBUTOR
      A role that can read monitoring data and edit monitoring settings.

    • NETWORK_CONTRIBUTOR

      public static final BuiltInRole NETWORK_CONTRIBUTOR
      A role that can manage all network resources.

    • NEW_RELIC_APM_ACCOUNT_CONTRIBUTOR

      public static final BuiltInRole NEW_RELIC_APM_ACCOUNT_CONTRIBUTOR
      A role that can manage New Relic Application Performance Management accounts and applications.

    • OWNER

      public static final BuiltInRole OWNER
      A role that can manage everything, including access.

    • READER

      public static final BuiltInRole READER
      A role that can view everything, but can't make changes.

    • REDIS_CACHE_CONTRIBUTOR

      public static final BuiltInRole REDIS_CACHE_CONTRIBUTOR
      A role that can manage Redis caches.

    • SCHEDULER_JOB_COLLECTIONS_CONTRIBUTOR

      public static final BuiltInRole SCHEDULER_JOB_COLLECTIONS_CONTRIBUTOR
      A role that can manage scheduler job collections.

    • SEARCH_SERVICE_CONTRIBUTOR

      public static final BuiltInRole SEARCH_SERVICE_CONTRIBUTOR
      A role that can manage search services.

    • SECURITY_MANAGER

      public static final BuiltInRole SECURITY_MANAGER
      A role that can manage security components, security policies, and virtual machines.

    • SQL_DB_CONTRIBUTOR

      public static final BuiltInRole SQL_DB_CONTRIBUTOR
      A role that can manage SQL databases, but not their security-related policies.

    • SQL_SECURITY_MANAGER

      public static final BuiltInRole SQL_SECURITY_MANAGER
      A role that can manage the security-related policies of SQL servers and databases.

    • SQL_SERVER_CONTRIBUTOR

      public static final BuiltInRole SQL_SERVER_CONTRIBUTOR
      A role that can manage SQL servers and databases, but not their security-related policies.

    • CLASSIC_STORAGE_ACCOUNT_CONTRIBUTOR

      public static final BuiltInRole CLASSIC_STORAGE_ACCOUNT_CONTRIBUTOR
      A role that can manage classic storage accounts.

    • STORAGE_ACCOUNT_CONTRIBUTOR

      public static final BuiltInRole STORAGE_ACCOUNT_CONTRIBUTOR
      A role that can manage storage accounts.

    • USER_ACCESS_ADMINISTRATOR

      public static final BuiltInRole USER_ACCESS_ADMINISTRATOR
      A role that can manage user access to Azure resources.

    • CLASSIC_VIRTUAL_MACHINE_CONTRIBUTOR

      public static final BuiltInRole CLASSIC_VIRTUAL_MACHINE_CONTRIBUTOR
      A role that can manage classic virtual machines, but not the virtual network or storage account to which they are connected.

    • VIRTUAL_MACHINE_CONTRIBUTOR

      public static final BuiltInRole VIRTUAL_MACHINE_CONTRIBUTOR
      A role that can manage virtual machines, but not the virtual network or storage account to which they are connected.

    • CLASSIC_NETWORK_CONTRIBUTOR

      public static final BuiltInRole CLASSIC_NETWORK_CONTRIBUTOR
      A role that can manage classic virtual networks and reserved IPs.

    • WEB_PLAN_CONTRIBUTOR

      public static final BuiltInRole WEB_PLAN_CONTRIBUTOR
      A role that can manage web plans.

    • WEBSITE_CONTRIBUTOR

      public static final BuiltInRole WEBSITE_CONTRIBUTOR
      A role that can manage websites, but not the web plans to which they are connected.

    • KEY_VAULT_CONTRIBUTOR

      public static final BuiltInRole KEY_VAULT_CONTRIBUTOR
      A role that can manage key vaults, but not access to them.

    • STORAGE_ACCOUNT_KEY_OPERATOR_SERVICE_ROLE

      public static final BuiltInRole STORAGE_ACCOUNT_KEY_OPERATOR_SERVICE_ROLE
      Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts.

    • STORAGE_BLOB_DATA_CONTRIBUTOR

      public static final BuiltInRole STORAGE_BLOB_DATA_CONTRIBUTOR
      Allows for read, write and delete access to Azure Storage blob containers and data.

    • STORAGE_BLOB_DATA_OWNER

      public static final BuiltInRole STORAGE_BLOB_DATA_OWNER
      Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control.

    • STORAGE_BLOB_DATA_READER

      public static final BuiltInRole STORAGE_BLOB_DATA_READER
      Allows for read access to Azure Storage blob containers and data.

    • STORAGE_QUEUE_DATA_CONTRIBUTOR

      public static final BuiltInRole STORAGE_QUEUE_DATA_CONTRIBUTOR
      Allows for read, write, and delete access to Azure Storage queues and queue messages.

    • STORAGE_QUEUE_DATA_MESSAGE_PROCESSOR

      public static final BuiltInRole STORAGE_QUEUE_DATA_MESSAGE_PROCESSOR
      Allows for peek, receive, and delete access to Azure Storage queue messages.

    • STORAGE_QUEUE_DATA_MESSAGE_SENDER

      public static final BuiltInRole STORAGE_QUEUE_DATA_MESSAGE_SENDER
      Allows for sending of Azure Storage queue messages.

    • STORAGE_QUEUE_DATA_READER

      public static final BuiltInRole STORAGE_QUEUE_DATA_READER
      Allows for read access to Azure Storage queues and queue messages.

    • STORAGE_FILE_DATA_SMB_SHARE_READER

      public static final BuiltInRole STORAGE_FILE_DATA_SMB_SHARE_READER
      Allows for read access to Azure File Share over SMB.

    • STORAGE_FILE_DATA_SMB_SHARE_CONTRIBUTOR

      public static final BuiltInRole STORAGE_FILE_DATA_SMB_SHARE_CONTRIBUTOR
      Allows for read, write, and delete access in Azure Storage file shares over SMB.

    • KEY_VAULT_ADMINISTRATOR

      public static final BuiltInRole KEY_VAULT_ADMINISTRATOR
      Perform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets.

    • KEY_VAULT_CRYPTO_OFFICER

      public static final BuiltInRole KEY_VAULT_CRYPTO_OFFICER
      Perform any action on the keys of a key vault, except manage permissions.

    • KEY_VAULT_CRYPTO_USER

      public static final BuiltInRole KEY_VAULT_CRYPTO_USER
      Perform cryptographic operations using keys.

    • KEY_VAULT_SECRETS_OFFICER

      public static final BuiltInRole KEY_VAULT_SECRETS_OFFICER
      Perform any action on the secrets of a key vault, except manage permissions.

    • KEY_VAULT_SECRETS_USER

      public static final BuiltInRole KEY_VAULT_SECRETS_USER
      Read secret contents.

    • KEY_VAULT_CERTIFICATES_OFFICER

      public static final BuiltInRole KEY_VAULT_CERTIFICATES_OFFICER
      Perform any action on the certificates of a key vault, except manage permissions.

    • KEY_VAULT_READER

      public static final BuiltInRole KEY_VAULT_READER
      Read metadata of key vaults and its certificates, keys, and secrets.

    • KEY_VAULT_CRYPTO_SERVICE_ENCRYPTION_USER

      public static final BuiltInRole KEY_VAULT_CRYPTO_SERVICE_ENCRYPTION_USER
      Read metadata of keys and perform wrap/unwrap operations.

    • AZURE_KUBERNETES_SERVICE_RBAC_CLUSTER_ADMIN

      public static final BuiltInRole AZURE_KUBERNETES_SERVICE_RBAC_CLUSTER_ADMIN
      Lets you manage all resources in the cluster.

    • AZURE_KUBERNETES_SERVICE_RBAC_ADMIN

      public static final BuiltInRole AZURE_KUBERNETES_SERVICE_RBAC_ADMIN
      Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.

    • AZURE_KUBERNETES_SERVICE_RBAC_READER

      public static final BuiltInRole AZURE_KUBERNETES_SERVICE_RBAC_READER
      Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces.

    • AZURE_KUBERNETES_SERVICE_RBAC_WRITER

      public static final BuiltInRole AZURE_KUBERNETES_SERVICE_RBAC_WRITER
      Allows read/write access to most objects in a namespace. This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces.

  • Constructor Details

    • BuiltInRole

      public BuiltInRole()

  • Method Details

    • fromString

      public static BuiltInRole fromString(String name)
      Finds or creates a role instance based on the specified name.
      Parameters:
      name - a name
      Returns:
      a BuiltInRole instance

    • values

      public static Collection<BuiltInRole> values()
      Returns:
      known roles