Share via


KeyVaultBuiltInRole Struct

Definition

Built-in KeyVault roles that you can assign to users, groups, service principals, and managed identities.

public readonly struct KeyVaultBuiltInRole : IEquatable<Azure.Provisioning.KeyVault.KeyVaultBuiltInRole>
type KeyVaultBuiltInRole = struct
Public Structure KeyVaultBuiltInRole
Implements IEquatable(Of KeyVaultBuiltInRole)
Inheritance
KeyVaultBuiltInRole
Implements

Constructors

KeyVaultBuiltInRole(String)

Built-in KeyVault roles that you can assign to users, groups, service principals, and managed identities.

Properties

KeyVaultAdministrator

Perform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets. Cannot manage key vault resources or manage role assignments. Only works for key vaults that use the 'Azure role-based access control' permission model.

KeyVaultCertificatesOfficer

Perform any action on the certificates of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model.

KeyVaultCertificateUser

Read certificate contents. Only works for key vaults that use the 'Azure role-based access control' permission model.

KeyVaultContributor

Manage key vaults, but does not allow you to assign roles in Azure RBAC, and does not allow you to access secrets, keys, or certificates.

KeyVaultCryptoOfficer

Perform any action on the keys of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model.

KeyVaultCryptoServiceEncryptionUser

Read metadata of keys and perform wrap/unwrap operations. Only works for key vaults that use the 'Azure role-based access control' permission model.

KeyVaultCryptoServiceReleaseUser

Release keys. Only works for key vaults that use the 'Azure role-based access control' permission model.

KeyVaultCryptoUser

Perform cryptographic operations using keys. Only works for key vaults that use the 'Azure role-based access control' permission model.

KeyVaultDataAccessAdministrator

Manage access to Azure Key Vault by adding or removing role assignments for the Key Vault Administrator, Key Vault Certificates Officer, Key Vault Crypto Officer, Key Vault Crypto Service Encryption User, Key Vault Crypto User, Key Vault Reader, Key Vault Secrets Officer, or Key Vault Secrets User roles. Includes an ABAC condition to constrain role assignments.

KeyVaultReader

Read metadata of key vaults and its certificates, keys, and secrets. Cannot read sensitive values such as secret contents or key material. Only works for key vaults that use the 'Azure role-based access control' permission model.

KeyVaultSecretsOfficer

Perform any action on the secrets of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model.

KeyVaultSecretsUser

Read secret contents. Only works for key vaults that use the 'Azure role-based access control' permission model.

ManagedHsmContributor

Lets you manage managed HSM pools, but not access to them.

Methods

Equals(KeyVaultBuiltInRole)

Indicates whether the current object is equal to another object of the same type.

ToString()

Returns the fully qualified type name of this instance.

Operators

Equality(KeyVaultBuiltInRole, KeyVaultBuiltInRole)

Determines if two KeyVaultBuiltInRole values are the same.

Implicit(String to KeyVaultBuiltInRole)

Converts a string to a KeyVaultBuiltInRole.

Inequality(KeyVaultBuiltInRole, KeyVaultBuiltInRole)

Determines if two KeyVaultBuiltInRole values are different.

Applies to