Page does not indicate if the other higher credentials roles can perform these actions.

[mth11]

It is unclear if Owner, or Global admin account can perform these actions. They are not listed in the table and it is not clear if they are able to handle the same key vault operations as the accounts that are listed in the table.

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: 44b9a84f-6765-67dc-bb7b-04303e070c03
• Version Independent ID: 32fc20a0-4321-c74a-34aa-909f43a72db0
• Content: Grant permission to applications to access an Azure key vault using Azure RBAC
• Content Source: articles/key-vault/general/rbac-guide.md
• Service: key-vault
• Sub-service: general
• GitHub Login: @msmbaldwin
• Microsoft Alias: mbaldwin

[TPavanBalaji]

@mth11
Thanks for your feedback! We will investigate and update as appropriate.

[PesalaPavan]

@mth11
Thanks for your feedback! I've assigned this issue to the author who will investigate and update as appropriate.

[jlichwa]

@mth11
These are specific data plane operations (secrets, certificates, keys), Owner, Contributor etc.. are for accessing management plane only and Global Admin is for managing Entra Id objects.

Those are all Roles provided by Key Vault team to manage secrets, certificates, keys.

Any team can create any role with any actions desired we will have no control of it. Not sure what is the scenario here with this question.

Please let us know if there is more clarification needed.