Permissions for @turbot/azure-keyvault
Taking a look at permissions and associated grant levels for each permission for Key Vault:
Permission | Grant Level | Help |
---|---|---|
microsoft.keyvault/checknameavailability/read | metadata | check name availability |
microsoft.keyvault/deletedvaults/read | metadata | view soft deleted vaults |
microsoft.keyvault/hsmpools/delete | admin | delete hsm pool |
microsoft.keyvault/hsmpools/joinvault/action | operator | join keyvault to hsm pool |
microsoft.keyvault/hsmpools/read | metadata | view hsm pool |
microsoft.keyvault/hsmpools/write | admin | create or update hsm pool |
microsoft.keyvault/locations/deletedvaults/purge/action | operator | purge soft deleted key vault |
microsoft.keyvault/locations/deletedvaults/read | metadata | view soft deleted key vault |
microsoft.keyvault/locations/deletevirtualnetworkorsubnets/action | admin | delete virtual network or subnets notification |
microsoft.keyvault/locations/operationresults/read | metadata | check operation result |
microsoft.keyvault/operations/read | metadata | available key vault operations |
microsoft.keyvault/register/action | operator | register subscription |
microsoft.keyvault/unregister/action | operator | unregister subscription |
microsoft.keyvault/vaults/accesspolicies/write | admin | update access policy |
microsoft.keyvault/vaults/write | admin | update key vault |
microsoft.keyvault/vaults/delete | admin | delete key vault |
microsoft.keyvault/vaults/deploy/action | operator | use vault for azure deployments |
microsoft.keyvault/vaults/eventgridfilters/delete | admin | delete eventgrid subscription for key vault notification |
microsoft.keyvault/vaults/eventgridfilters/read | metadata | view eventgrid subscription for key vault notification |
microsoft.keyvault/vaults/eventgridfilters/write | admin | create eventgrid subscription for key vault notification |
microsoft.keyvault/vaults/providers/microsoft.insights/diagnosticsettings/read | metadata | read diagnostic setting |
microsoft.keyvault/vaults/providers/microsoft.insights/diagnosticsettings/write | admin | write diagnostic setting |
microsoft.keyvault/vaults/providers/microsoft.insights/logdefinitions/read | metadata | read log definition |
microsoft.keyvault/vaults/providers/microsoft.insights/metricdefinitions/read | metadata | read metric definition |
microsoft.keyvault/vaults/read | metadata | view key vault |
microsoft.keyvault/vaults/secrets/read | metadata | read secret properties |
microsoft.keyvault/vaults/secrets/write | admin | write secret |
microsoft.resources/deployments/cancel/action | admin | |
microsoft.resources/deployments/delete | admin | |
microsoft.resources/deployments/operations/read | metadata | |
microsoft.resources/deployments/read | metadata | |
microsoft.resources/deployments/validate/action | admin | |
microsoft.resources/deployments/write | admin | |
microsoft.resources/subscriptions/resourcegroups/read | metadata |