BuiltInRole Class
- java.
lang. Object - com.
azure. core. util. ExpandableStringEnum<T> - com.
azure. resourcemanager. authorization. models. BuiltInRole
- com.
- com.
public final class BuiltInRole
extends ExpandableStringEnum<BuiltInRole>
Defines values for roles.
It is not the complete list of roles. See listByScope(String scope) for all viable roles, and roleName() as BuiltInRole.
Field Summary
| Modifier and Type | Field and Description |
|---|---|
|
static final
Built |
API_MANAGEMENT_SERVICE_CONTRIBUTOR
A role that can manage API Management service and the APIs. |
|
static final
Built |
API_MANAGEMENT_SERVICE_OPERATOR_ROLE
A role that can manage API Management service, but not the APIs themselves. |
|
static final
Built |
API_MANAGEMENT_SERVICE_READER_ROLE
A role that has read-only access to API Management service and APIs. |
|
static final
Built |
APPLICATION_INSIGHTS_COMPONENT_CONTRIBUTOR
A role that can manage Application Insights components. |
|
static final
Built |
AUTOMATION_OPERATOR
A role that is able to start, stop, suspend, and resume jobs. |
|
static final
Built |
AZURE_COSMOS_DB_ACCOUNT_CONTRIBUTOR
A role that can manage Azure Cosmos DB accounts. |
|
static final
Built |
AZURE_KUBERNETES_SERVICE_RBAC_ADMIN
Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. |
|
static final
Built |
AZURE_KUBERNETES_SERVICE_RBAC_CLUSTER_ADMIN
Lets you manage all resources in the cluster. |
|
static final
Built |
AZURE_KUBERNETES_SERVICE_RBAC_READER
Allows read-only access to see most objects in a namespace. |
|
static final
Built |
AZURE_KUBERNETES_SERVICE_RBAC_WRITER
Allows read/write access to most objects in a namespace. |
|
static final
Built |
BACKUP_CONTRIBUTOR
A role that can manage backup in Recovery Services vault. |
|
static final
Built |
BACKUP_OPERATOR
A role that can manage backup except removing backup, in Recovery Services vault. |
|
static final
Built |
BACKUP_READER
A role that can view all backup management services. |
|
static final
Built |
BILLING_READER
A role that can view all billing information. |
|
static final
Built |
BIZTALK_CONTRIBUTOR
A role that can manage Biz |
|
static final
Built |
CLASSIC_NETWORK_CONTRIBUTOR
A role that can manage classic virtual networks and reserved IPs. |
|
static final
Built |
CLASSIC_STORAGE_ACCOUNT_CONTRIBUTOR
A role that can manage classic storage accounts. |
|
static final
Built |
CLASSIC_VIRTUAL_MACHINE_CONTRIBUTOR
A role that can manage classic virtual machines, but not the virtual network or storage account to which they are connected. |
|
static final
Built |
CLEARDB_MYSQL_DB_CONTRIBUTOR
A role that can manage ClearDB MySQL databases. |
|
static final
Built |
CONTRIBUTOR
A role that can manage everything except access.. |
|
static final
Built |
DATA_FACTORY_CONTRIBUTOR
A role that can create and manage data factories, and child resources within them.. |
|
static final
Built |
DEVTEST_LABS_USER
A role that can view everything and connect, start, restart, and shutdown virtual machines. |
|
static final
Built |
DNS_ZONE_CONTRIBUTOR
A role that can manage DNS zones and records. |
|
static final
Built |
INTELLIGENT_SYSTEMS_ACCOUNT_CONTRIBUTOR
A role that can manage Intelligent Systems accounts. |
|
static final
Built |
KEY_VAULT_ADMINISTRATOR
Perform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets. |
|
static final
Built |
KEY_VAULT_CERTIFICATES_OFFICER
Perform any action on the certificates of a key vault, except manage permissions. |
|
static final
Built |
KEY_VAULT_CONTRIBUTOR
A role that can manage key vaults, but not access to them. |
|
static final
Built |
KEY_VAULT_CRYPTO_OFFICER
Perform any action on the keys of a key vault, except manage permissions. |
|
static final
Built |
KEY_VAULT_CRYPTO_SERVICE_ENCRYPTION_USER
Read metadata of keys and perform wrap/unwrap operations. |
|
static final
Built |
KEY_VAULT_CRYPTO_USER
Perform cryptographic operations using keys. |
|
static final
Built |
KEY_VAULT_READER
Read metadata of key vaults and its certificates, keys, and secrets. |
|
static final
Built |
KEY_VAULT_SECRETS_OFFICER
Perform any action on the secrets of a key vault, except manage permissions. |
|
static final
Built |
KEY_VAULT_SECRETS_USER
Read secret contents. |
|
static final
Built |
MANAGED_IDENTITY_CONTRIBUTOR
A role that can manage user assigned identities. |
|
static final
Built |
MANAGED_IDENTITY_OPERATOR
A role that can read and assign user assigned identities. |
|
static final
Built |
MONITORING_CONTRIBUTOR
A role that can read monitoring data and edit monitoring settings. |
|
static final
Built |
MONITORING_READER
A role that can read all monitoring data. |
|
static final
Built |
NETWORK_CONTRIBUTOR
A role that can manage all network resources. |
|
static final
Built |
NEW_RELIC_APM_ACCOUNT_CONTRIBUTOR
A role that can manage New Relic Application Performance Management accounts and applications. |
|
static final
Built |
OWNER
A role that can manage everything, including access. |
|
static final
Built |
READER
A role that can view everything, but can't make changes. |
|
static final
Built |
REDIS_CACHE_CONTRIBUTOR
A role that can manage Redis caches. |
|
static final
Built |
SCHEDULER_JOB_COLLECTIONS_CONTRIBUTOR
A role that can manage scheduler job collections. |
|
static final
Built |
SEARCH_SERVICE_CONTRIBUTOR
A role that can manage search services. |
|
static final
Built |
SECURITY_MANAGER
A role that can manage security components, security policies, and virtual machines. |
|
static final
Built |
SQL_DB_CONTRIBUTOR
A role that can manage SQL databases, but not their security-related policies. |
|
static final
Built |
SQL_SECURITY_MANAGER
A role that can manage the security-related policies of SQL servers and databases. |
|
static final
Built |
SQL_SERVER_CONTRIBUTOR
A role that can manage SQL servers and databases, but not their security-related policies. |
|
static final
Built |
STORAGE_ACCOUNT_CONTRIBUTOR
A role that can manage storage accounts. |
|
static final
Built |
STORAGE_ACCOUNT_KEY_OPERATOR_SERVICE_ROLE
Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts. |
|
static final
Built |
STORAGE_BLOB_DATA_CONTRIBUTOR
Allows for read, write and delete access to Azure Storage blob containers and data. |
|
static final
Built |
STORAGE_BLOB_DATA_OWNER
Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control. |
|
static final
Built |
STORAGE_BLOB_DATA_READER
Allows for read access to Azure Storage blob containers and data. |
|
static final
Built |
STORAGE_FILE_DATA_SMB_SHARE_CONTRIBUTOR
Allows for read, write, and delete access in Azure Storage file shares over SMB. |
|
static final
Built |
STORAGE_FILE_DATA_SMB_SHARE_READER
Allows for read access to Azure File Share over SMB. |
|
static final
Built |
STORAGE_QUEUE_DATA_CONTRIBUTOR
Allows for read, write, and delete access to Azure Storage queues and queue messages. |
|
static final
Built |
STORAGE_QUEUE_DATA_MESSAGE_PROCESSOR
Allows for peek, receive, and delete access to Azure Storage queue messages. |
|
static final
Built |
STORAGE_QUEUE_DATA_MESSAGE_SENDER
Allows for sending of Azure Storage queue messages. |
|
static final
Built |
STORAGE_QUEUE_DATA_READER
Allows for read access to Azure Storage queues and queue messages. |
|
static final
Built |
USER_ACCESS_ADMINISTRATOR
A role that can manage user access to Azure resources. |
|
static final
Built |
VIRTUAL_MACHINE_CONTRIBUTOR
A role that can manage virtual machines, but not the virtual network or storage account to which they are connected. |
|
static final
Built |
WEBSITE_CONTRIBUTOR
A role that can manage websites, but not the web plans to which they are connected. |
|
static final
Built |
WEB_PLAN_CONTRIBUTOR
A role that can manage web plans. |
Constructor Summary
| Constructor | Description | |
|---|---|---|
| BuiltInRole() | ||
Method Summary
| Modifier and Type | Method and Description |
|---|---|
|
static
Built |
fromString(String name)
Finds or creates a role instance based on the specified name. |
|
static
Collection<Built |
values() |
Methods inherited from ExpandableStringEnum
Methods inherited from java.lang.Object
Field Details
API_MANAGEMENT_SERVICE_CONTRIBUTOR
public static final BuiltInRole API_MANAGEMENT_SERVICE_CONTRIBUTOR
A role that can manage API Management service and the APIs.
API_MANAGEMENT_SERVICE_OPERATOR_ROLE
public static final BuiltInRole API_MANAGEMENT_SERVICE_OPERATOR_ROLE
A role that can manage API Management service, but not the APIs themselves.
API_MANAGEMENT_SERVICE_READER_ROLE
public static final BuiltInRole API_MANAGEMENT_SERVICE_READER_ROLE
A role that has read-only access to API Management service and APIs.
APPLICATION_INSIGHTS_COMPONENT_CONTRIBUTOR
public static final BuiltInRole APPLICATION_INSIGHTS_COMPONENT_CONTRIBUTOR
A role that can manage Application Insights components.
AUTOMATION_OPERATOR
public static final BuiltInRole AUTOMATION_OPERATOR
A role that is able to start, stop, suspend, and resume jobs.
AZURE_COSMOS_DB_ACCOUNT_CONTRIBUTOR
public static final BuiltInRole AZURE_COSMOS_DB_ACCOUNT_CONTRIBUTOR
A role that can manage Azure Cosmos DB accounts.
AZURE_KUBERNETES_SERVICE_RBAC_ADMIN
public static final BuiltInRole AZURE_KUBERNETES_SERVICE_RBAC_ADMIN
Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.
AZURE_KUBERNETES_SERVICE_RBAC_CLUSTER_ADMIN
public static final BuiltInRole AZURE_KUBERNETES_SERVICE_RBAC_CLUSTER_ADMIN
Lets you manage all resources in the cluster.
AZURE_KUBERNETES_SERVICE_RBAC_READER
public static final BuiltInRole AZURE_KUBERNETES_SERVICE_RBAC_READER
Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces.
AZURE_KUBERNETES_SERVICE_RBAC_WRITER
public static final BuiltInRole AZURE_KUBERNETES_SERVICE_RBAC_WRITER
Allows read/write access to most objects in a namespace. This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces.
BACKUP_CONTRIBUTOR
public static final BuiltInRole BACKUP_CONTRIBUTOR
A role that can manage backup in Recovery Services vault.
BACKUP_OPERATOR
public static final BuiltInRole BACKUP_OPERATOR
A role that can manage backup except removing backup, in Recovery Services vault.
BACKUP_READER
public static final BuiltInRole BACKUP_READER
A role that can view all backup management services.
BILLING_READER
public static final BuiltInRole BILLING_READER
A role that can view all billing information.
BIZTALK_CONTRIBUTOR
public static final BuiltInRole BIZTALK_CONTRIBUTOR
A role that can manage BizTalk services.
CLASSIC_NETWORK_CONTRIBUTOR
public static final BuiltInRole CLASSIC_NETWORK_CONTRIBUTOR
A role that can manage classic virtual networks and reserved IPs.
CLASSIC_STORAGE_ACCOUNT_CONTRIBUTOR
public static final BuiltInRole CLASSIC_STORAGE_ACCOUNT_CONTRIBUTOR
A role that can manage classic storage accounts.
CLASSIC_VIRTUAL_MACHINE_CONTRIBUTOR
public static final BuiltInRole CLASSIC_VIRTUAL_MACHINE_CONTRIBUTOR
A role that can manage classic virtual machines, but not the virtual network or storage account to which they are connected.
CLEARDB_MYSQL_DB_CONTRIBUTOR
public static final BuiltInRole CLEARDB_MYSQL_DB_CONTRIBUTOR
A role that can manage ClearDB MySQL databases.
CONTRIBUTOR
public static final BuiltInRole CONTRIBUTOR
A role that can manage everything except access..
DATA_FACTORY_CONTRIBUTOR
public static final BuiltInRole DATA_FACTORY_CONTRIBUTOR
A role that can create and manage data factories, and child resources within them..
DEVTEST_LABS_USER
public static final BuiltInRole DEVTEST_LABS_USER
A role that can view everything and connect, start, restart, and shutdown virtual machines.
DNS_ZONE_CONTRIBUTOR
public static final BuiltInRole DNS_ZONE_CONTRIBUTOR
A role that can manage DNS zones and records.
INTELLIGENT_SYSTEMS_ACCOUNT_CONTRIBUTOR
public static final BuiltInRole INTELLIGENT_SYSTEMS_ACCOUNT_CONTRIBUTOR
A role that can manage Intelligent Systems accounts.
KEY_VAULT_ADMINISTRATOR
public static final BuiltInRole KEY_VAULT_ADMINISTRATOR
Perform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets.
KEY_VAULT_CERTIFICATES_OFFICER
public static final BuiltInRole KEY_VAULT_CERTIFICATES_OFFICER
Perform any action on the certificates of a key vault, except manage permissions.
KEY_VAULT_CONTRIBUTOR
public static final BuiltInRole KEY_VAULT_CONTRIBUTOR
A role that can manage key vaults, but not access to them.
KEY_VAULT_CRYPTO_OFFICER
public static final BuiltInRole KEY_VAULT_CRYPTO_OFFICER
Perform any action on the keys of a key vault, except manage permissions.
KEY_VAULT_CRYPTO_SERVICE_ENCRYPTION_USER
public static final BuiltInRole KEY_VAULT_CRYPTO_SERVICE_ENCRYPTION_USER
Read metadata of keys and perform wrap/unwrap operations.
KEY_VAULT_CRYPTO_USER
public static final BuiltInRole KEY_VAULT_CRYPTO_USER
Perform cryptographic operations using keys.
KEY_VAULT_READER
public static final BuiltInRole KEY_VAULT_READER
Read metadata of key vaults and its certificates, keys, and secrets.
KEY_VAULT_SECRETS_OFFICER
public static final BuiltInRole KEY_VAULT_SECRETS_OFFICER
Perform any action on the secrets of a key vault, except manage permissions.
KEY_VAULT_SECRETS_USER
public static final BuiltInRole KEY_VAULT_SECRETS_USER
Read secret contents.
MANAGED_IDENTITY_CONTRIBUTOR
public static final BuiltInRole MANAGED_IDENTITY_CONTRIBUTOR
A role that can manage user assigned identities.
MANAGED_IDENTITY_OPERATOR
public static final BuiltInRole MANAGED_IDENTITY_OPERATOR
A role that can read and assign user assigned identities.
MONITORING_CONTRIBUTOR
public static final BuiltInRole MONITORING_CONTRIBUTOR
A role that can read monitoring data and edit monitoring settings.
MONITORING_READER
public static final BuiltInRole MONITORING_READER
A role that can read all monitoring data.
NETWORK_CONTRIBUTOR
public static final BuiltInRole NETWORK_CONTRIBUTOR
A role that can manage all network resources.
NEW_RELIC_APM_ACCOUNT_CONTRIBUTOR
public static final BuiltInRole NEW_RELIC_APM_ACCOUNT_CONTRIBUTOR
A role that can manage New Relic Application Performance Management accounts and applications.
OWNER
public static final BuiltInRole OWNER
A role that can manage everything, including access.
READER
public static final BuiltInRole READER
A role that can view everything, but can't make changes.
REDIS_CACHE_CONTRIBUTOR
public static final BuiltInRole REDIS_CACHE_CONTRIBUTOR
A role that can manage Redis caches.
SCHEDULER_JOB_COLLECTIONS_CONTRIBUTOR
public static final BuiltInRole SCHEDULER_JOB_COLLECTIONS_CONTRIBUTOR
A role that can manage scheduler job collections.
SEARCH_SERVICE_CONTRIBUTOR
public static final BuiltInRole SEARCH_SERVICE_CONTRIBUTOR
A role that can manage search services.
SECURITY_MANAGER
public static final BuiltInRole SECURITY_MANAGER
A role that can manage security components, security policies, and virtual machines.
SQL_DB_CONTRIBUTOR
public static final BuiltInRole SQL_DB_CONTRIBUTOR
A role that can manage SQL databases, but not their security-related policies.
SQL_SECURITY_MANAGER
public static final BuiltInRole SQL_SECURITY_MANAGER
A role that can manage the security-related policies of SQL servers and databases.
SQL_SERVER_CONTRIBUTOR
public static final BuiltInRole SQL_SERVER_CONTRIBUTOR
A role that can manage SQL servers and databases, but not their security-related policies.
STORAGE_ACCOUNT_CONTRIBUTOR
public static final BuiltInRole STORAGE_ACCOUNT_CONTRIBUTOR
A role that can manage storage accounts.
STORAGE_ACCOUNT_KEY_OPERATOR_SERVICE_ROLE
public static final BuiltInRole STORAGE_ACCOUNT_KEY_OPERATOR_SERVICE_ROLE
Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts.
STORAGE_BLOB_DATA_CONTRIBUTOR
public static final BuiltInRole STORAGE_BLOB_DATA_CONTRIBUTOR
Allows for read, write and delete access to Azure Storage blob containers and data.
STORAGE_BLOB_DATA_OWNER
public static final BuiltInRole STORAGE_BLOB_DATA_OWNER
Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control.
STORAGE_BLOB_DATA_READER
public static final BuiltInRole STORAGE_BLOB_DATA_READER
Allows for read access to Azure Storage blob containers and data.
STORAGE_FILE_DATA_SMB_SHARE_CONTRIBUTOR
public static final BuiltInRole STORAGE_FILE_DATA_SMB_SHARE_CONTRIBUTOR
Allows for read, write, and delete access in Azure Storage file shares over SMB.
STORAGE_FILE_DATA_SMB_SHARE_READER
public static final BuiltInRole STORAGE_FILE_DATA_SMB_SHARE_READER
Allows for read access to Azure File Share over SMB.
STORAGE_QUEUE_DATA_CONTRIBUTOR
public static final BuiltInRole STORAGE_QUEUE_DATA_CONTRIBUTOR
Allows for read, write, and delete access to Azure Storage queues and queue messages.
STORAGE_QUEUE_DATA_MESSAGE_PROCESSOR
public static final BuiltInRole STORAGE_QUEUE_DATA_MESSAGE_PROCESSOR
Allows for peek, receive, and delete access to Azure Storage queue messages.
STORAGE_QUEUE_DATA_MESSAGE_SENDER
public static final BuiltInRole STORAGE_QUEUE_DATA_MESSAGE_SENDER
Allows for sending of Azure Storage queue messages.
STORAGE_QUEUE_DATA_READER
public static final BuiltInRole STORAGE_QUEUE_DATA_READER
Allows for read access to Azure Storage queues and queue messages.
USER_ACCESS_ADMINISTRATOR
public static final BuiltInRole USER_ACCESS_ADMINISTRATOR
A role that can manage user access to Azure resources.
VIRTUAL_MACHINE_CONTRIBUTOR
public static final BuiltInRole VIRTUAL_MACHINE_CONTRIBUTOR
A role that can manage virtual machines, but not the virtual network or storage account to which they are connected.
WEBSITE_CONTRIBUTOR
public static final BuiltInRole WEBSITE_CONTRIBUTOR
A role that can manage websites, but not the web plans to which they are connected.
WEB_PLAN_CONTRIBUTOR
public static final BuiltInRole WEB_PLAN_CONTRIBUTOR
A role that can manage web plans.
Constructor Details
BuiltInRole
public BuiltInRole()
Method Details
fromString
public static BuiltInRole fromString(String name)
Finds or creates a role instance based on the specified name.
Parameters:
Returns:
values
public static Collection
Returns:
Applies to
Azure SDK for Java
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for