Skip to content

Commit 05bd4be

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #278467 from dcurwin/wi-265480-owner-role-june17-2024
Add note about Owner role
2 parents 75d6d67 + f35b277 commit 05bd4be

File tree

1 file changed

+5
-2
lines changed

1 file changed

+5
-2
lines changed

articles/defender-for-cloud/permissions.md

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
---
22
title: User roles and permissions
3-
description: This article explains how Microsoft Defender for Cloud uses role-based access control to assign permissions to users and identify the permitted actions for each role.
3+
description: Learn how Microsoft Defender for Cloud uses role-based access control to assign permissions to users and identify the permitted actions for each role.
44
ms.topic: limits-and-quotas
55
ms.date: 05/12/2024
66
---
@@ -25,7 +25,7 @@ The following table displays roles and allowed actions in Defender for Cloud.
2525
| **Action** | [Security Reader](../role-based-access-control/built-in-roles.md#security-reader) /<br> [Reader](../role-based-access-control/built-in-roles.md#reader) | [Security Admin](../role-based-access-control/built-in-roles.md#security-admin) | [Contributor](../role-based-access-control/built-in-roles.md#contributor) / [Owner](../role-based-access-control/built-in-roles.md#owner) | [Contributor](../role-based-access-control/built-in-roles.md#contributor) | [Owner](../role-based-access-control/built-in-roles.md#owner) |
2626
|:-|:-:|:-:|:-:|:-:|:-:|
2727
| | | | **(Resource group level)** | **(Subscription level)** | **(Subscription level)** |
28-
| Add/assign initiatives (including) regulatory compliance standards) | - || - | - ||
28+
| Add/assign initiatives (including regulatory compliance standards) | - || - | - ||
2929
| Edit security policy | - || - | - ||
3030
| Enable / disable Microsoft Defender plans | - || - |||
3131
| Dismiss alerts | - || - |||
@@ -34,6 +34,9 @@ The following table displays roles and allowed actions in Defender for Cloud.
3434
| Exempt security recommendations | - ||-|-||
3535
| Configure email notifications | - |||||
3636

37+
> [!NOTE]
38+
> While the three roles mentioned are sufficient for enabling and disabling Defender plans, to enable all capabilities of a plan the Owner role is required.
39+
3740
The specific role required to deploy monitoring components depends on the extension you're deploying. Learn more about [monitoring components](monitoring-components.md).
3841

3942
## Roles used to automatically provision agents and extensions

0 commit comments

Comments
 (0)