Role Assignments - Create

Servizio:: Authorization

Versione API:: 2022-04-01

Creare o aggiornare un'assegnazione di ruolo in base all'ambito e al nome.

PUT https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}?api-version=2022-04-01

Parametri dell'URI

Nome	In	Necessario	Tipo	Descrizione
roleAssignmentName	path	True	string	Nome dell'assegnazione di ruolo. Può essere qualsiasi GUID valido.
scope	path	True	string	L'identificatore Azure Resource Manager completamente qualificato della risorsa.
api-version	query	True	string minLength: 1	Versione dell'API da usare per questa operazione.

Corpo della richiesta

Nome	Necessario	Tipo	Descrizione
properties.principalId	True	string	ID entità.
properties.roleDefinitionId	True	string	ID definizione del ruolo.
properties.condition		string	Condizioni per l'assegnazione di ruolo. Questo limita le risorse a cui può essere assegnato. ad esempio: @Resource[Microsoft. Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
properties.conditionVersion		string	Versione della condizione. Attualmente l'unico valore accettato è '2.0'
properties.delegatedManagedIdentityResourceId		string	ID della risorsa identità gestita delegata
properties.description		string	Descrizione dell'assegnazione di ruolo
properties.principalType		PrincipalType	Tipo di entità dell'ID entità assegnato.

Risposte

Nome	Tipo	Descrizione
200 OK	RoleAssignment	Operazione di aggiornamento 'RoleAssignment' risorsa riuscita
201 Created	RoleAssignment	Risorsa 'RoleAssignment' crea operazione con successo
Other Status Codes	ErrorResponse	Risposta di errore imprevista.

Autorizzazioni

Per chiamare questa API, è necessario che ti sia stato assegnato un ruolo con le autorizzazioni seguenti. Per altre informazioni, vedere Ruoli predefiniti di Azure.

Microsoft.Authorization/roleAssignments/write

Sicurezza

azure_auth

Azure Active Directory OAuth2 Flow.

Tipo: oauth2
Flow: implicit
URL di autorizzazione: https://login.microsoftonline.com/common/oauth2/authorize

Ambiti

Nome	Descrizione
user_impersonation	rappresentare l'account utente

Esempio

Create role assignment for resource

Create role assignment for resource group

Create role assignment for subscription

Create role assignment for resource

Esempio di richiesta

PUT https://management.azure.com/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff?api-version=2022-04-01

{
  "properties": {
    "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
    "principalType": "User",
    "roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"
  }
}

from azure.identity import DefaultAzureCredential

from azure.mgmt.authorization import AuthorizationManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-authorization
# USAGE
    python role_assignments_create_for_resource.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = AuthorizationManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="SUBSCRIPTION_ID",
    )

    response = client.role_assignments.create(
        scope="subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account",
        role_assignment_name="05c5a614-a7d6-4502-b150-c2fb455033ff",
        parameters={
            "properties": {
                "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
                "principalType": "User",
                "roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
            }
        },
    )
    print(response)


# x-ms-original-file: 2022-04-01/RoleAssignments_CreateForResource.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armauthorization_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v3"
)

// Generated from example definition: 2022-04-01/RoleAssignments_CreateForResource.json
func ExampleRoleAssignmentsClient_Create_createRoleAssignmentForResource() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armauthorization.NewClientFactory("<subscriptionID>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewRoleAssignmentsClient().Create(ctx, "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account", "05c5a614-a7d6-4502-b150-c2fb455033ff", armauthorization.RoleAssignmentCreateParameters{
		Properties: &armauthorization.RoleAssignmentProperties{
			PrincipalID:      to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
			PrincipalType:    to.Ptr(armauthorization.PrincipalTypeUser),
			RoleDefinitionID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armauthorization.RoleAssignmentsClientCreateResponse{
	// 	RoleAssignment: &armauthorization.RoleAssignment{
	// 		Name: to.Ptr("05c5a614-a7d6-4502-b150-c2fb455033ff"),
	// 		Type: to.Ptr("Microsoft.Authorization/roleAssignments"),
	// 		ID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff"),
	// 		Properties: &armauthorization.RoleAssignmentProperties{
	// 			PrincipalID: to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
	// 			PrincipalType: to.Ptr(armauthorization.PrincipalTypeUser),
	// 			RoleDefinitionID: to.Ptr("/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
	// 			Scope: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account"),
	// 		},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to create or update a role assignment by scope and name.
 *
 * @summary create or update a role assignment by scope and name.
 * x-ms-original-file: 2022-04-01/RoleAssignments_CreateForResource.json
 */
async function createRoleAssignmentForResource() {
  const credential = new DefaultAzureCredential();
  const client = new AuthorizationManagementClient(credential);
  const result = await client.roleAssignments.create(
    "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account",
    "05c5a614-a7d6-4502-b150-c2fb455033ff",
    {
      principalId: "ce2ce14e-85d7-4629-bdbc-454d0519d987",
      principalType: "User",
      roleDefinitionId:
        "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    },
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Risposta di esempio

Codice di stato:: 200

{
  "name": "05c5a614-a7d6-4502-b150-c2fb455033ff",
  "type": "Microsoft.Authorization/roleAssignments",
  "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff",
  "properties": {
    "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
    "principalType": "User",
    "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account"
  }
}

Codice di stato:: 201

{
  "name": "05c5a614-a7d6-4502-b150-c2fb455033ff",
  "type": "Microsoft.Authorization/roleAssignments",
  "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff",
  "properties": {
    "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
    "principalType": "User",
    "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account"
  }
}

Create role assignment for resource group

Esempio di richiesta

PUT https://management.azure.com/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff?api-version=2022-04-01

{
  "properties": {
    "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
    "principalType": "User",
    "roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"
  }
}

from azure.identity import DefaultAzureCredential

from azure.mgmt.authorization import AuthorizationManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-authorization
# USAGE
    python role_assignments_create_for_resource_group.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = AuthorizationManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="SUBSCRIPTION_ID",
    )

    response = client.role_assignments.create(
        scope="subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg",
        role_assignment_name="05c5a614-a7d6-4502-b150-c2fb455033ff",
        parameters={
            "properties": {
                "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
                "principalType": "User",
                "roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
            }
        },
    )
    print(response)


# x-ms-original-file: 2022-04-01/RoleAssignments_CreateForResourceGroup.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armauthorization_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v3"
)

// Generated from example definition: 2022-04-01/RoleAssignments_CreateForResourceGroup.json
func ExampleRoleAssignmentsClient_Create_createRoleAssignmentForResourceGroup() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armauthorization.NewClientFactory("<subscriptionID>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewRoleAssignmentsClient().Create(ctx, "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg", "05c5a614-a7d6-4502-b150-c2fb455033ff", armauthorization.RoleAssignmentCreateParameters{
		Properties: &armauthorization.RoleAssignmentProperties{
			PrincipalID:      to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
			PrincipalType:    to.Ptr(armauthorization.PrincipalTypeUser),
			RoleDefinitionID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armauthorization.RoleAssignmentsClientCreateResponse{
	// 	RoleAssignment: &armauthorization.RoleAssignment{
	// 		Name: to.Ptr("05c5a614-a7d6-4502-b150-c2fb455033ff"),
	// 		Type: to.Ptr("Microsoft.Authorization/roleAssignments"),
	// 		ID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff"),
	// 		Properties: &armauthorization.RoleAssignmentProperties{
	// 			PrincipalID: to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
	// 			PrincipalType: to.Ptr(armauthorization.PrincipalTypeUser),
	// 			RoleDefinitionID: to.Ptr("/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
	// 			Scope: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg"),
	// 		},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to create or update a role assignment by scope and name.
 *
 * @summary create or update a role assignment by scope and name.
 * x-ms-original-file: 2022-04-01/RoleAssignments_CreateForResourceGroup.json
 */
async function createRoleAssignmentForResourceGroup() {
  const credential = new DefaultAzureCredential();
  const client = new AuthorizationManagementClient(credential);
  const result = await client.roleAssignments.create(
    "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg",
    "05c5a614-a7d6-4502-b150-c2fb455033ff",
    {
      principalId: "ce2ce14e-85d7-4629-bdbc-454d0519d987",
      principalType: "User",
      roleDefinitionId:
        "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    },
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Risposta di esempio

Codice di stato:: 200

{
  "name": "05c5a614-a7d6-4502-b150-c2fb455033ff",
  "type": "Microsoft.Authorization/roleAssignments",
  "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff",
  "properties": {
    "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
    "principalType": "User",
    "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg"
  }
}

Codice di stato:: 201

{
  "name": "05c5a614-a7d6-4502-b150-c2fb455033ff",
  "type": "Microsoft.Authorization/roleAssignments",
  "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff",
  "properties": {
    "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
    "principalType": "User",
    "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg"
  }
}

Create role assignment for subscription

Esempio di richiesta

PUT https://management.azure.com/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff?api-version=2022-04-01

{
  "properties": {
    "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
    "principalType": "User",
    "roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"
  }
}

from azure.identity import DefaultAzureCredential

from azure.mgmt.authorization import AuthorizationManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-authorization
# USAGE
    python role_assignments_create_for_subscription.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = AuthorizationManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="SUBSCRIPTION_ID",
    )

    response = client.role_assignments.create(
        scope="subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2",
        role_assignment_name="05c5a614-a7d6-4502-b150-c2fb455033ff",
        parameters={
            "properties": {
                "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
                "principalType": "User",
                "roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
            }
        },
    )
    print(response)


# x-ms-original-file: 2022-04-01/RoleAssignments_CreateForSubscription.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armauthorization_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v3"
)

// Generated from example definition: 2022-04-01/RoleAssignments_CreateForSubscription.json
func ExampleRoleAssignmentsClient_Create_createRoleAssignmentForSubscription() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armauthorization.NewClientFactory("<subscriptionID>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewRoleAssignmentsClient().Create(ctx, "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2", "05c5a614-a7d6-4502-b150-c2fb455033ff", armauthorization.RoleAssignmentCreateParameters{
		Properties: &armauthorization.RoleAssignmentProperties{
			PrincipalID:      to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
			PrincipalType:    to.Ptr(armauthorization.PrincipalTypeUser),
			RoleDefinitionID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armauthorization.RoleAssignmentsClientCreateResponse{
	// 	RoleAssignment: &armauthorization.RoleAssignment{
	// 		Name: to.Ptr("05c5a614-a7d6-4502-b150-c2fb455033ff"),
	// 		Type: to.Ptr("Microsoft.Authorization/roleAssignments"),
	// 		ID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff"),
	// 		Properties: &armauthorization.RoleAssignmentProperties{
	// 			PrincipalID: to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
	// 			PrincipalType: to.Ptr(armauthorization.PrincipalTypeUser),
	// 			RoleDefinitionID: to.Ptr("/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
	// 			Scope: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2"),
	// 		},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to create or update a role assignment by scope and name.
 *
 * @summary create or update a role assignment by scope and name.
 * x-ms-original-file: 2022-04-01/RoleAssignments_CreateForSubscription.json
 */
async function createRoleAssignmentForSubscription() {
  const credential = new DefaultAzureCredential();
  const client = new AuthorizationManagementClient(credential);
  const result = await client.roleAssignments.create(
    "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2",
    "05c5a614-a7d6-4502-b150-c2fb455033ff",
    {
      principalId: "ce2ce14e-85d7-4629-bdbc-454d0519d987",
      principalType: "User",
      roleDefinitionId:
        "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    },
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Risposta di esempio

Codice di stato:: 200

{
  "name": "05c5a614-a7d6-4502-b150-c2fb455033ff",
  "type": "Microsoft.Authorization/roleAssignments",
  "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff",
  "properties": {
    "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
    "principalType": "User",
    "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2"
  }
}

Codice di stato:: 201

{
  "name": "05c5a614-a7d6-4502-b150-c2fb455033ff",
  "type": "Microsoft.Authorization/roleAssignments",
  "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff",
  "properties": {
    "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
    "principalType": "User",
    "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2"
  }
}

Definizioni

Nome	Descrizione
createdByType	Tipo di identità che ha creato la risorsa.
ErrorAdditionalInfo	Informazioni aggiuntive sull'errore di gestione delle risorse.
ErrorDetail	Dettagli dell'errore.
ErrorResponse	Risposta di errore
PrincipalType	Tipo di entità dell'ID entità assegnato.
RoleAssignment	Assegnazioni di ruolo
RoleAssignmentCreateParameters	L'assegnazione di ruolo crea parametri.
systemData	Metadati relativi alla creazione e all'ultima modifica della risorsa.

createdByType

Enumerazione

Tipo di identità che ha creato la risorsa.

Valore	Descrizione
User
Application
ManagedIdentity
Key

ErrorAdditionalInfo

Oggetto

Informazioni aggiuntive sull'errore di gestione delle risorse.

Nome	Tipo	Descrizione
info	object	Informazioni aggiuntive.
type	string	Tipo di informazioni aggiuntive.

ErrorDetail

Oggetto

Dettagli dell'errore.

Nome	Tipo	Descrizione
additionalInfo	ErrorAdditionalInfo[]	Informazioni aggiuntive sull'errore.
code	string	Codice di errore.
details	ErrorDetail[]	Dettagli dell'errore.
message	string	Messaggio di errore.
target	string	Destinazione dell'errore.

ErrorResponse

Oggetto

Risposta di errore

Nome	Tipo	Descrizione
error	ErrorDetail	Oggetto error.

PrincipalType

Enumerazione

Tipo di entità dell'ID entità assegnato.

Valore	Descrizione
User	User
Group	Gruppo
ServicePrincipal	Servizio Principale
ForeignGroup	ForeignGroup
Device	Dispositivo

RoleAssignment

Oggetto

Assegnazioni di ruolo

Nome	Tipo	Valore predefinito	Descrizione
id	string		ID risorsa completo per la risorsa. Ad esempio: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
name	string		Nome della risorsa
properties.condition	string		Condizioni per l'assegnazione di ruolo. Questo limita le risorse a cui può essere assegnato. ad esempio: @Resource[Microsoft. Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
properties.conditionVersion	string		Versione della condizione. Attualmente l'unico valore accettato è '2.0'
properties.createdBy	string		ID dell'utente che ha creato l'assegnazione
properties.createdOn	string (date-time)		Ora di creazione
properties.delegatedManagedIdentityResourceId	string		ID della risorsa identità gestita delegata
properties.description	string		Descrizione dell'assegnazione di ruolo
properties.principalId	string		ID entità.
properties.principalType	PrincipalType	User	Tipo di entità dell'ID entità assegnato.
properties.roleDefinitionId	string		ID definizione del ruolo.
properties.scope	string		Ambito dell'assegnazione di ruolo.
properties.updatedBy	string		ID dell'utente che ha aggiornato l'assegnazione
properties.updatedOn	string (date-time)		Ora di aggiornamento
systemData	systemData		Azure Resource Manager metadati contenenti informazioni createBy e modifiedBy.
type	string		Tipo di risorsa. Ad esempio: "Microsoft. Compute/virtualMachines" oppure "Microsoft. Storage/storageAccounts"

RoleAssignmentCreateParameters

Oggetto

L'assegnazione di ruolo crea parametri.

Nome	Tipo	Valore predefinito	Descrizione
properties.condition	string		Condizioni per l'assegnazione di ruolo. Questo limita le risorse a cui può essere assegnato. ad esempio: @Resource[Microsoft. Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
properties.conditionVersion	string		Versione della condizione. Attualmente l'unico valore accettato è '2.0'
properties.createdBy	string		ID dell'utente che ha creato l'assegnazione
properties.createdOn	string (date-time)		Ora di creazione
properties.delegatedManagedIdentityResourceId	string		ID della risorsa identità gestita delegata
properties.description	string		Descrizione dell'assegnazione di ruolo
properties.principalId	string		ID entità.
properties.principalType	PrincipalType	User	Tipo di entità dell'ID entità assegnato.
properties.roleDefinitionId	string		ID definizione del ruolo.
properties.scope	string		Ambito dell'assegnazione di ruolo.
properties.updatedBy	string		ID dell'utente che ha aggiornato l'assegnazione
properties.updatedOn	string (date-time)		Ora di aggiornamento

systemData

Oggetto

Metadati relativi alla creazione e all'ultima modifica della risorsa.

Nome	Tipo	Descrizione
createdAt	string (date-time)	Timestamp della creazione della risorsa (UTC).
createdBy	string	Identità che ha creato la risorsa.
createdByType	createdByType	Tipo di identità che ha creato la risorsa.
lastModifiedAt	string (date-time)	Il timestamp dell'ultima modifica della risorsa (UTC)
lastModifiedBy	string	Identità che ha modificato l'ultima volta la risorsa.
lastModifiedByType	createdByType	Tipo di identità che ha modificato l'ultima volta la risorsa.