KeyVaultBuiltInRole Struct
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Built-in KeyVault roles that you can assign to users, groups, service principals, and managed identities.
public readonly struct KeyVaultBuiltInRole : IEquatable<Azure.Provisioning.KeyVault.KeyVaultBuiltInRole>
type KeyVaultBuiltInRole = struct
Public Structure KeyVaultBuiltInRole
Implements IEquatable(Of KeyVaultBuiltInRole)
- Inheritance
-
KeyVaultBuiltInRole
- Implements
Constructors
KeyVaultBuiltInRole(String) |
Built-in KeyVault roles that you can assign to users, groups, service principals, and managed identities. |
Properties
KeyVaultAdministrator |
Perform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets. Cannot manage key vault resources or manage role assignments. Only works for key vaults that use the 'Azure role-based access control' permission model. |
KeyVaultCertificatesOfficer |
Perform any action on the certificates of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model. |
KeyVaultCertificateUser |
Read certificate contents. Only works for key vaults that use the 'Azure role-based access control' permission model. |
KeyVaultContributor |
Manage key vaults, but does not allow you to assign roles in Azure RBAC, and does not allow you to access secrets, keys, or certificates. |
KeyVaultCryptoOfficer |
Perform any action on the keys of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model. |
KeyVaultCryptoServiceEncryptionUser |
Read metadata of keys and perform wrap/unwrap operations. Only works for key vaults that use the 'Azure role-based access control' permission model. |
KeyVaultCryptoServiceReleaseUser |
Release keys. Only works for key vaults that use the 'Azure role-based access control' permission model. |
KeyVaultCryptoUser |
Perform cryptographic operations using keys. Only works for key vaults that use the 'Azure role-based access control' permission model. |
KeyVaultDataAccessAdministrator |
Manage access to Azure Key Vault by adding or removing role assignments for the Key Vault Administrator, Key Vault Certificates Officer, Key Vault Crypto Officer, Key Vault Crypto Service Encryption User, Key Vault Crypto User, Key Vault Reader, Key Vault Secrets Officer, or Key Vault Secrets User roles. Includes an ABAC condition to constrain role assignments. |
KeyVaultReader |
Read metadata of key vaults and its certificates, keys, and secrets. Cannot read sensitive values such as secret contents or key material. Only works for key vaults that use the 'Azure role-based access control' permission model. |
KeyVaultSecretsOfficer |
Perform any action on the secrets of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model. |
KeyVaultSecretsUser |
Read secret contents. Only works for key vaults that use the 'Azure role-based access control' permission model. |
ManagedHsmContributor |
Lets you manage managed HSM pools, but not access to them. |
Methods
Equals(KeyVaultBuiltInRole) |
Indicates whether the current object is equal to another object of the same type. |
ToString() |
Returns the fully qualified type name of this instance. |
Operators
Equality(KeyVaultBuiltInRole, KeyVaultBuiltInRole) |
Determines if two KeyVaultBuiltInRole values are the same. |
Implicit(String to KeyVaultBuiltInRole) |
Converts a string to a KeyVaultBuiltInRole. |
Inequality(KeyVaultBuiltInRole, KeyVaultBuiltInRole) |
Determines if two KeyVaultBuiltInRole values are different. |