Erstellen oder Aktualisieren einer Rollenzuweisung nach Bereich und Name.
PUT https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}?api-version=2022-04-01
URI-Parameter
| Name |
In |
Erforderlich |
Typ |
Beschreibung |
|
roleAssignmentName
|
path |
True
|
string
|
Der Name der Rollenzuweisung. Dies kann eine beliebige gültige GUID sein.
|
|
scope
|
path |
True
|
string
|
Die vollständig qualifizierte Azure Resource Manager-Kennung der Ressource.
|
|
api-version
|
query |
True
|
string
minLength: 1
|
Die API-Version, die für diesen Vorgang verwendet werden soll.
|
Anforderungstext
| Name |
Erforderlich |
Typ |
Beschreibung |
|
properties.principalId
|
True
|
string
|
Die Prinzipal-ID.
|
|
properties.roleDefinitionId
|
True
|
string
|
Die Rollendefinitions-ID.
|
|
properties.condition
|
|
string
|
Die Bedingungen für die Rollenzuweisung. Das begrenzt die Ressourcen, denen es zugewiesen werden kann. z.B.: @Resource[Microsoft. Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
|
|
properties.conditionVersion
|
|
string
|
Version der Bedingung. Derzeit ist der einzige akzeptierte Wert "2,0"
|
|
properties.delegatedManagedIdentityResourceId
|
|
string
|
ID der delegierten verwalteten Identitätsressource
|
|
properties.description
|
|
string
|
Beschreibung der Rollenzuweisung
|
|
properties.principalType
|
|
PrincipalType
|
Der Prinzipaltyp der zugewiesenen Prinzipal-ID.
|
Antworten
| Name |
Typ |
Beschreibung |
|
200 OK
|
RoleAssignment
|
Die Aktualisierung der Ressource 'RoleAssignment' war erfolgreich
|
|
201 Created
|
RoleAssignment
|
Die Erstellungsoperation der Ressource 'RoleAssignment' war erfolgreich
|
|
Other Status Codes
|
ErrorResponse
|
Unerwartete Fehlerantwort.
|
Berechtigungen
Ihnen muss eine Rolle mit den folgenden Berechtigungen zugewiesen sein, damit Sie diese API aufrufen können. Weitere Informationen finden Sie unter Integrierte Azure-Rollen.
Microsoft.Authorization/roleAssignments/write
Sicherheit
azure_auth
Azure Active Directory OAuth2 Flow.
Typ:
oauth2
Ablauf:
implicit
Autorisierungs-URL:
https://login.microsoftonline.com/common/oauth2/authorize
Bereiche
| Name |
Beschreibung |
|
user_impersonation
|
Identitätswechsel ihres Benutzerkontos
|
Beispiele
Create role assignment for resource
Beispielanforderung
PUT https://management.azure.com/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff?api-version=2022-04-01
{
"properties": {
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"
}
}
from azure.identity import DefaultAzureCredential
from azure.mgmt.authorization import AuthorizationManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-authorization
# USAGE
python role_assignments_create_for_resource.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = AuthorizationManagementClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.role_assignments.create(
scope="subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account",
role_assignment_name="05c5a614-a7d6-4502-b150-c2fb455033ff",
parameters={
"properties": {
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
}
},
)
print(response)
# x-ms-original-file: 2022-04-01/RoleAssignments_CreateForResource.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armauthorization_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v3"
)
// Generated from example definition: 2022-04-01/RoleAssignments_CreateForResource.json
func ExampleRoleAssignmentsClient_Create_createRoleAssignmentForResource() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armauthorization.NewClientFactory("<subscriptionID>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewRoleAssignmentsClient().Create(ctx, "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account", "05c5a614-a7d6-4502-b150-c2fb455033ff", armauthorization.RoleAssignmentCreateParameters{
Properties: &armauthorization.RoleAssignmentProperties{
PrincipalID: to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
PrincipalType: to.Ptr(armauthorization.PrincipalTypeUser),
RoleDefinitionID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armauthorization.RoleAssignmentsClientCreateResponse{
// RoleAssignment: &armauthorization.RoleAssignment{
// Name: to.Ptr("05c5a614-a7d6-4502-b150-c2fb455033ff"),
// Type: to.Ptr("Microsoft.Authorization/roleAssignments"),
// ID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff"),
// Properties: &armauthorization.RoleAssignmentProperties{
// PrincipalID: to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
// PrincipalType: to.Ptr(armauthorization.PrincipalTypeUser),
// RoleDefinitionID: to.Ptr("/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
// Scope: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to create or update a role assignment by scope and name.
*
* @summary create or update a role assignment by scope and name.
* x-ms-original-file: 2022-04-01/RoleAssignments_CreateForResource.json
*/
async function createRoleAssignmentForResource() {
const credential = new DefaultAzureCredential();
const client = new AuthorizationManagementClient(credential);
const result = await client.roleAssignments.create(
"subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account",
"05c5a614-a7d6-4502-b150-c2fb455033ff",
{
principalId: "ce2ce14e-85d7-4629-bdbc-454d0519d987",
principalType: "User",
roleDefinitionId:
"/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
},
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Beispiel für eine Antwort
{
"name": "05c5a614-a7d6-4502-b150-c2fb455033ff",
"type": "Microsoft.Authorization/roleAssignments",
"id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff",
"properties": {
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
"scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account"
}
}
{
"name": "05c5a614-a7d6-4502-b150-c2fb455033ff",
"type": "Microsoft.Authorization/roleAssignments",
"id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff",
"properties": {
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
"scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account"
}
}
Create role assignment for resource group
Beispielanforderung
PUT https://management.azure.com/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff?api-version=2022-04-01
{
"properties": {
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"
}
}
from azure.identity import DefaultAzureCredential
from azure.mgmt.authorization import AuthorizationManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-authorization
# USAGE
python role_assignments_create_for_resource_group.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = AuthorizationManagementClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.role_assignments.create(
scope="subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg",
role_assignment_name="05c5a614-a7d6-4502-b150-c2fb455033ff",
parameters={
"properties": {
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
}
},
)
print(response)
# x-ms-original-file: 2022-04-01/RoleAssignments_CreateForResourceGroup.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armauthorization_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v3"
)
// Generated from example definition: 2022-04-01/RoleAssignments_CreateForResourceGroup.json
func ExampleRoleAssignmentsClient_Create_createRoleAssignmentForResourceGroup() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armauthorization.NewClientFactory("<subscriptionID>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewRoleAssignmentsClient().Create(ctx, "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg", "05c5a614-a7d6-4502-b150-c2fb455033ff", armauthorization.RoleAssignmentCreateParameters{
Properties: &armauthorization.RoleAssignmentProperties{
PrincipalID: to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
PrincipalType: to.Ptr(armauthorization.PrincipalTypeUser),
RoleDefinitionID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armauthorization.RoleAssignmentsClientCreateResponse{
// RoleAssignment: &armauthorization.RoleAssignment{
// Name: to.Ptr("05c5a614-a7d6-4502-b150-c2fb455033ff"),
// Type: to.Ptr("Microsoft.Authorization/roleAssignments"),
// ID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff"),
// Properties: &armauthorization.RoleAssignmentProperties{
// PrincipalID: to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
// PrincipalType: to.Ptr(armauthorization.PrincipalTypeUser),
// RoleDefinitionID: to.Ptr("/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
// Scope: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to create or update a role assignment by scope and name.
*
* @summary create or update a role assignment by scope and name.
* x-ms-original-file: 2022-04-01/RoleAssignments_CreateForResourceGroup.json
*/
async function createRoleAssignmentForResourceGroup() {
const credential = new DefaultAzureCredential();
const client = new AuthorizationManagementClient(credential);
const result = await client.roleAssignments.create(
"subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg",
"05c5a614-a7d6-4502-b150-c2fb455033ff",
{
principalId: "ce2ce14e-85d7-4629-bdbc-454d0519d987",
principalType: "User",
roleDefinitionId:
"/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
},
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Beispiel für eine Antwort
{
"name": "05c5a614-a7d6-4502-b150-c2fb455033ff",
"type": "Microsoft.Authorization/roleAssignments",
"id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff",
"properties": {
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
"scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg"
}
}
{
"name": "05c5a614-a7d6-4502-b150-c2fb455033ff",
"type": "Microsoft.Authorization/roleAssignments",
"id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff",
"properties": {
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
"scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg"
}
}
Create role assignment for subscription
Beispielanforderung
PUT https://management.azure.com/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff?api-version=2022-04-01
{
"properties": {
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"
}
}
from azure.identity import DefaultAzureCredential
from azure.mgmt.authorization import AuthorizationManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-authorization
# USAGE
python role_assignments_create_for_subscription.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = AuthorizationManagementClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.role_assignments.create(
scope="subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2",
role_assignment_name="05c5a614-a7d6-4502-b150-c2fb455033ff",
parameters={
"properties": {
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
}
},
)
print(response)
# x-ms-original-file: 2022-04-01/RoleAssignments_CreateForSubscription.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armauthorization_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v3"
)
// Generated from example definition: 2022-04-01/RoleAssignments_CreateForSubscription.json
func ExampleRoleAssignmentsClient_Create_createRoleAssignmentForSubscription() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armauthorization.NewClientFactory("<subscriptionID>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewRoleAssignmentsClient().Create(ctx, "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2", "05c5a614-a7d6-4502-b150-c2fb455033ff", armauthorization.RoleAssignmentCreateParameters{
Properties: &armauthorization.RoleAssignmentProperties{
PrincipalID: to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
PrincipalType: to.Ptr(armauthorization.PrincipalTypeUser),
RoleDefinitionID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armauthorization.RoleAssignmentsClientCreateResponse{
// RoleAssignment: &armauthorization.RoleAssignment{
// Name: to.Ptr("05c5a614-a7d6-4502-b150-c2fb455033ff"),
// Type: to.Ptr("Microsoft.Authorization/roleAssignments"),
// ID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff"),
// Properties: &armauthorization.RoleAssignmentProperties{
// PrincipalID: to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
// PrincipalType: to.Ptr(armauthorization.PrincipalTypeUser),
// RoleDefinitionID: to.Ptr("/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
// Scope: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to create or update a role assignment by scope and name.
*
* @summary create or update a role assignment by scope and name.
* x-ms-original-file: 2022-04-01/RoleAssignments_CreateForSubscription.json
*/
async function createRoleAssignmentForSubscription() {
const credential = new DefaultAzureCredential();
const client = new AuthorizationManagementClient(credential);
const result = await client.roleAssignments.create(
"subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2",
"05c5a614-a7d6-4502-b150-c2fb455033ff",
{
principalId: "ce2ce14e-85d7-4629-bdbc-454d0519d987",
principalType: "User",
roleDefinitionId:
"/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
},
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Beispiel für eine Antwort
{
"name": "05c5a614-a7d6-4502-b150-c2fb455033ff",
"type": "Microsoft.Authorization/roleAssignments",
"id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff",
"properties": {
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
"scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2"
}
}
{
"name": "05c5a614-a7d6-4502-b150-c2fb455033ff",
"type": "Microsoft.Authorization/roleAssignments",
"id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff",
"properties": {
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
"scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2"
}
}
Definitionen
createdByType
Enumeration
Der Identitätstyp, der die Ressource erstellt hat.
| Wert |
Beschreibung |
|
User
|
|
|
Application
|
|
|
ManagedIdentity
|
|
|
Key
|
|
ErrorAdditionalInfo
Objekt
Der Ressourcenverwaltungsfehler zusätzliche Informationen.
| Name |
Typ |
Beschreibung |
|
info
|
object
|
Die zusätzlichen Informationen.
|
|
type
|
string
|
Der zusätzliche Informationstyp.
|
ErrorDetail
Objekt
Das Fehlerdetails.
| Name |
Typ |
Beschreibung |
|
additionalInfo
|
ErrorAdditionalInfo[]
|
Die zusätzlichen Informationen des Fehlers.
|
|
code
|
string
|
Der Fehlercode.
|
|
details
|
ErrorDetail[]
|
Die Fehlerdetails.
|
|
message
|
string
|
Die Fehlermeldung.
|
|
target
|
string
|
Das Fehlerziel.
|
ErrorResponse
Objekt
Fehlerantwort
| Name |
Typ |
Beschreibung |
|
error
|
ErrorDetail
|
Das Fehlerobjekt.
|
PrincipalType
Enumeration
Der Prinzipaltyp der zugewiesenen Prinzipal-ID.
| Wert |
Beschreibung |
|
User
|
Benutzer
|
|
Group
|
Gruppieren
|
|
ServicePrincipal
|
ServicePrincipal
|
|
ForeignGroup
|
ForeignGroup
|
|
Device
|
Gerät
|
RoleAssignment
Objekt
Rollenzuweisungen
| Name |
Typ |
Standardwert |
Beschreibung |
|
id
|
string
|
|
Vollqualifizierte Ressourcen-ID für die Ressource. Zum Beispiel - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
|
|
name
|
string
|
|
Der Name der Ressource
|
|
properties.condition
|
string
|
|
Die Bedingungen für die Rollenzuweisung. Das begrenzt die Ressourcen, denen es zugewiesen werden kann. z.B.: @Resource[Microsoft. Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
|
|
properties.conditionVersion
|
string
|
|
Version der Bedingung. Derzeit ist der einzige akzeptierte Wert "2,0"
|
|
properties.createdBy
|
string
|
|
ID des Benutzers, der die Aufgabe erstellt hat
|
|
properties.createdOn
|
string
(date-time)
|
|
Erstellungszeit
|
|
properties.delegatedManagedIdentityResourceId
|
string
|
|
ID der delegierten verwalteten Identitätsressource
|
|
properties.description
|
string
|
|
Beschreibung der Rollenzuweisung
|
|
properties.principalId
|
string
|
|
Die Prinzipal-ID.
|
|
properties.principalType
|
PrincipalType
|
User
|
Der Prinzipaltyp der zugewiesenen Prinzipal-ID.
|
|
properties.roleDefinitionId
|
string
|
|
Die Rollendefinitions-ID.
|
|
properties.scope
|
string
|
|
Der Rollenzuweisungsbereich.
|
|
properties.updatedBy
|
string
|
|
ID des Benutzers, der die Aufgabe aktualisiert hat
|
|
properties.updatedOn
|
string
(date-time)
|
|
Zeitpunkt der Aktualisierung
|
|
systemData
|
systemData
|
|
Azure Resource Manager-Metadaten, die createdBy und modifiedBy-Informationen enthalten.
|
|
type
|
string
|
|
Der Typ der Ressource. Zum Beispiel "Microsoft. Compute/virtualMachines" oder "Microsoft. Speicher/Speicherkonten"
|
RoleAssignmentCreateParameters
Objekt
Rollenzuweisungsparameter erstellen.
| Name |
Typ |
Standardwert |
Beschreibung |
|
properties.condition
|
string
|
|
Die Bedingungen für die Rollenzuweisung. Das begrenzt die Ressourcen, denen es zugewiesen werden kann. z.B.: @Resource[Microsoft. Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
|
|
properties.conditionVersion
|
string
|
|
Version der Bedingung. Derzeit ist der einzige akzeptierte Wert "2,0"
|
|
properties.createdBy
|
string
|
|
ID des Benutzers, der die Aufgabe erstellt hat
|
|
properties.createdOn
|
string
(date-time)
|
|
Erstellungszeit
|
|
properties.delegatedManagedIdentityResourceId
|
string
|
|
ID der delegierten verwalteten Identitätsressource
|
|
properties.description
|
string
|
|
Beschreibung der Rollenzuweisung
|
|
properties.principalId
|
string
|
|
Die Prinzipal-ID.
|
|
properties.principalType
|
PrincipalType
|
User
|
Der Prinzipaltyp der zugewiesenen Prinzipal-ID.
|
|
properties.roleDefinitionId
|
string
|
|
Die Rollendefinitions-ID.
|
|
properties.scope
|
string
|
|
Der Rollenzuweisungsbereich.
|
|
properties.updatedBy
|
string
|
|
ID des Benutzers, der die Aufgabe aktualisiert hat
|
|
properties.updatedOn
|
string
(date-time)
|
|
Zeitpunkt der Aktualisierung
|
systemData
Objekt
Metadaten zur Erstellung und letzten Änderung der Ressource.
| Name |
Typ |
Beschreibung |
|
createdAt
|
string
(date-time)
|
Der Zeitstempel der Ressourcenerstellung (UTC).
|
|
createdBy
|
string
|
Die Identität, die die Ressource erstellt hat.
|
|
createdByType
|
createdByType
|
Der Identitätstyp, der die Ressource erstellt hat.
|
|
lastModifiedAt
|
string
(date-time)
|
Der Zeitstempel der letzten Änderung der Ressource (UTC)
|
|
lastModifiedBy
|
string
|
Die Identität, die die Ressource zuletzt geändert hat.
|
|
lastModifiedByType
|
createdByType
|
Der Identitätstyp, der die Ressource zuletzt geändert hat.
|