Crie ou atualize uma atribuição de função por escopo e nome.
PUT https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}?api-version=2022-04-01
Parâmetros de URI
| Nome |
Em |
Obrigatório |
Tipo |
Description |
|
roleAssignmentName
|
path |
True
|
string
|
O nome da atribuição de função. Pode ser qualquer GUID válido.
|
|
scope
|
path |
True
|
string
|
O identificador totalmente qualificado do Azure Resource Manager do recurso.
|
|
api-version
|
query |
True
|
string
minLength: 1
|
A versão da API a ser usada para esta operação.
|
Corpo da solicitação
| Nome |
Obrigatório |
Tipo |
Description |
|
properties.principalId
|
True
|
string
|
A ID da entidade de segurança.
|
|
properties.roleDefinitionId
|
True
|
string
|
A ID da definição de função.
|
|
properties.condition
|
|
string
|
As condições na atribuição de função. Isso limita os recursos aos quais pode ser atribuída. por exemplo: @Resource[Microsoft. Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
|
|
properties.conditionVersion
|
|
string
|
Versão da condição. Atualmente, o único valor aceito é '2.0'
|
|
properties.delegatedManagedIdentityResourceId
|
|
string
|
ID do recurso de identidade gerenciada delegado
|
|
properties.description
|
|
string
|
Descrição da atribuição de função
|
|
properties.principalType
|
|
PrincipalType
|
O tipo principal da ID da entidade de segurança atribuída.
|
Respostas
| Nome |
Tipo |
Description |
|
200 OK
|
RoleAssignment
|
Operação de atualização do recurso 'RoleAssignment' bem-sucedida
|
|
201 Created
|
RoleAssignment
|
Recurso 'RoleAssignment' criar operação bem-sucedida
|
|
Other Status Codes
|
ErrorResponse
|
Uma resposta de erro inesperada.
|
Permissões
Para chamar essa API, você precisa de uma função atribuída que tenha as permissões a seguir. Para obter mais informações, veja Funções internas do Azure.
Microsoft.Authorization/roleAssignments/write
Segurança
azure_auth
Azure Active Directory OAuth2 Flow.
Tipo:
oauth2
Flow:
implicit
URL de Autorização:
https://login.microsoftonline.com/common/oauth2/authorize
Escopos
| Nome |
Description |
|
user_impersonation
|
representar sua conta de usuário
|
Exemplos
Create role assignment for resource
Solicitação de exemplo
PUT https://management.azure.com/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff?api-version=2022-04-01
{
"properties": {
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"
}
}
from azure.identity import DefaultAzureCredential
from azure.mgmt.authorization import AuthorizationManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-authorization
# USAGE
python role_assignments_create_for_resource.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = AuthorizationManagementClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.role_assignments.create(
scope="subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account",
role_assignment_name="05c5a614-a7d6-4502-b150-c2fb455033ff",
parameters={
"properties": {
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
}
},
)
print(response)
# x-ms-original-file: 2022-04-01/RoleAssignments_CreateForResource.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armauthorization_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v3"
)
// Generated from example definition: 2022-04-01/RoleAssignments_CreateForResource.json
func ExampleRoleAssignmentsClient_Create_createRoleAssignmentForResource() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armauthorization.NewClientFactory("<subscriptionID>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewRoleAssignmentsClient().Create(ctx, "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account", "05c5a614-a7d6-4502-b150-c2fb455033ff", armauthorization.RoleAssignmentCreateParameters{
Properties: &armauthorization.RoleAssignmentProperties{
PrincipalID: to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
PrincipalType: to.Ptr(armauthorization.PrincipalTypeUser),
RoleDefinitionID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armauthorization.RoleAssignmentsClientCreateResponse{
// RoleAssignment: &armauthorization.RoleAssignment{
// Name: to.Ptr("05c5a614-a7d6-4502-b150-c2fb455033ff"),
// Type: to.Ptr("Microsoft.Authorization/roleAssignments"),
// ID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff"),
// Properties: &armauthorization.RoleAssignmentProperties{
// PrincipalID: to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
// PrincipalType: to.Ptr(armauthorization.PrincipalTypeUser),
// RoleDefinitionID: to.Ptr("/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
// Scope: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to create or update a role assignment by scope and name.
*
* @summary create or update a role assignment by scope and name.
* x-ms-original-file: 2022-04-01/RoleAssignments_CreateForResource.json
*/
async function createRoleAssignmentForResource() {
const credential = new DefaultAzureCredential();
const client = new AuthorizationManagementClient(credential);
const result = await client.roleAssignments.create(
"subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account",
"05c5a614-a7d6-4502-b150-c2fb455033ff",
{
principalId: "ce2ce14e-85d7-4629-bdbc-454d0519d987",
principalType: "User",
roleDefinitionId:
"/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
},
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"name": "05c5a614-a7d6-4502-b150-c2fb455033ff",
"type": "Microsoft.Authorization/roleAssignments",
"id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff",
"properties": {
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
"scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account"
}
}
{
"name": "05c5a614-a7d6-4502-b150-c2fb455033ff",
"type": "Microsoft.Authorization/roleAssignments",
"id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff",
"properties": {
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
"scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account"
}
}
Create role assignment for resource group
Solicitação de exemplo
PUT https://management.azure.com/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff?api-version=2022-04-01
{
"properties": {
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"
}
}
from azure.identity import DefaultAzureCredential
from azure.mgmt.authorization import AuthorizationManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-authorization
# USAGE
python role_assignments_create_for_resource_group.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = AuthorizationManagementClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.role_assignments.create(
scope="subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg",
role_assignment_name="05c5a614-a7d6-4502-b150-c2fb455033ff",
parameters={
"properties": {
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
}
},
)
print(response)
# x-ms-original-file: 2022-04-01/RoleAssignments_CreateForResourceGroup.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armauthorization_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v3"
)
// Generated from example definition: 2022-04-01/RoleAssignments_CreateForResourceGroup.json
func ExampleRoleAssignmentsClient_Create_createRoleAssignmentForResourceGroup() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armauthorization.NewClientFactory("<subscriptionID>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewRoleAssignmentsClient().Create(ctx, "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg", "05c5a614-a7d6-4502-b150-c2fb455033ff", armauthorization.RoleAssignmentCreateParameters{
Properties: &armauthorization.RoleAssignmentProperties{
PrincipalID: to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
PrincipalType: to.Ptr(armauthorization.PrincipalTypeUser),
RoleDefinitionID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armauthorization.RoleAssignmentsClientCreateResponse{
// RoleAssignment: &armauthorization.RoleAssignment{
// Name: to.Ptr("05c5a614-a7d6-4502-b150-c2fb455033ff"),
// Type: to.Ptr("Microsoft.Authorization/roleAssignments"),
// ID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff"),
// Properties: &armauthorization.RoleAssignmentProperties{
// PrincipalID: to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
// PrincipalType: to.Ptr(armauthorization.PrincipalTypeUser),
// RoleDefinitionID: to.Ptr("/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
// Scope: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to create or update a role assignment by scope and name.
*
* @summary create or update a role assignment by scope and name.
* x-ms-original-file: 2022-04-01/RoleAssignments_CreateForResourceGroup.json
*/
async function createRoleAssignmentForResourceGroup() {
const credential = new DefaultAzureCredential();
const client = new AuthorizationManagementClient(credential);
const result = await client.roleAssignments.create(
"subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg",
"05c5a614-a7d6-4502-b150-c2fb455033ff",
{
principalId: "ce2ce14e-85d7-4629-bdbc-454d0519d987",
principalType: "User",
roleDefinitionId:
"/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
},
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"name": "05c5a614-a7d6-4502-b150-c2fb455033ff",
"type": "Microsoft.Authorization/roleAssignments",
"id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff",
"properties": {
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
"scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg"
}
}
{
"name": "05c5a614-a7d6-4502-b150-c2fb455033ff",
"type": "Microsoft.Authorization/roleAssignments",
"id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff",
"properties": {
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
"scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg"
}
}
Create role assignment for subscription
Solicitação de exemplo
PUT https://management.azure.com/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff?api-version=2022-04-01
{
"properties": {
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"
}
}
from azure.identity import DefaultAzureCredential
from azure.mgmt.authorization import AuthorizationManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-authorization
# USAGE
python role_assignments_create_for_subscription.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = AuthorizationManagementClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.role_assignments.create(
scope="subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2",
role_assignment_name="05c5a614-a7d6-4502-b150-c2fb455033ff",
parameters={
"properties": {
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
}
},
)
print(response)
# x-ms-original-file: 2022-04-01/RoleAssignments_CreateForSubscription.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armauthorization_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v3"
)
// Generated from example definition: 2022-04-01/RoleAssignments_CreateForSubscription.json
func ExampleRoleAssignmentsClient_Create_createRoleAssignmentForSubscription() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armauthorization.NewClientFactory("<subscriptionID>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewRoleAssignmentsClient().Create(ctx, "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2", "05c5a614-a7d6-4502-b150-c2fb455033ff", armauthorization.RoleAssignmentCreateParameters{
Properties: &armauthorization.RoleAssignmentProperties{
PrincipalID: to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
PrincipalType: to.Ptr(armauthorization.PrincipalTypeUser),
RoleDefinitionID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armauthorization.RoleAssignmentsClientCreateResponse{
// RoleAssignment: &armauthorization.RoleAssignment{
// Name: to.Ptr("05c5a614-a7d6-4502-b150-c2fb455033ff"),
// Type: to.Ptr("Microsoft.Authorization/roleAssignments"),
// ID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff"),
// Properties: &armauthorization.RoleAssignmentProperties{
// PrincipalID: to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
// PrincipalType: to.Ptr(armauthorization.PrincipalTypeUser),
// RoleDefinitionID: to.Ptr("/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
// Scope: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to create or update a role assignment by scope and name.
*
* @summary create or update a role assignment by scope and name.
* x-ms-original-file: 2022-04-01/RoleAssignments_CreateForSubscription.json
*/
async function createRoleAssignmentForSubscription() {
const credential = new DefaultAzureCredential();
const client = new AuthorizationManagementClient(credential);
const result = await client.roleAssignments.create(
"subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2",
"05c5a614-a7d6-4502-b150-c2fb455033ff",
{
principalId: "ce2ce14e-85d7-4629-bdbc-454d0519d987",
principalType: "User",
roleDefinitionId:
"/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
},
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"name": "05c5a614-a7d6-4502-b150-c2fb455033ff",
"type": "Microsoft.Authorization/roleAssignments",
"id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff",
"properties": {
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
"scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2"
}
}
{
"name": "05c5a614-a7d6-4502-b150-c2fb455033ff",
"type": "Microsoft.Authorization/roleAssignments",
"id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff",
"properties": {
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
"scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2"
}
}
Definições
createdByType
Enumeração
O tipo de identidade que criou o recurso.
| Valor |
Description |
|
User
|
|
|
Application
|
|
|
ManagedIdentity
|
|
|
Key
|
|
ErrorAdditionalInfo
Objeto
As informações adicionais do erro de gerenciamento de recursos.
| Nome |
Tipo |
Description |
|
info
|
object
|
As informações adicionais.
|
|
type
|
string
|
O tipo de informação adicional.
|
ErrorDetail
Objeto
O detalhe do erro.
| Nome |
Tipo |
Description |
|
additionalInfo
|
ErrorAdditionalInfo[]
|
As informações adicionais do erro.
|
|
code
|
string
|
O código de erro.
|
|
details
|
ErrorDetail[]
|
Os detalhes do erro.
|
|
message
|
string
|
A mensagem de erro.
|
|
target
|
string
|
O destino do erro.
|
ErrorResponse
Objeto
Resposta de erro
| Nome |
Tipo |
Description |
|
error
|
ErrorDetail
|
O objeto de erro.
|
PrincipalType
Enumeração
O tipo principal da ID da entidade de segurança atribuída.
| Valor |
Description |
|
User
|
Usuário
|
|
Group
|
Grupo
|
|
ServicePrincipal
|
ServicePrincipal
|
|
ForeignGroup
|
ForeignGroup
|
|
Device
|
Dispositivo
|
RoleAssignment
Objeto
Atribuições de função
| Nome |
Tipo |
Valor padrão |
Description |
|
id
|
string
|
|
ID de recurso totalmente qualificada para o recurso. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
|
|
name
|
string
|
|
O nome do recurso
|
|
properties.condition
|
string
|
|
As condições na atribuição de função. Isso limita os recursos aos quais pode ser atribuída. por exemplo: @Resource[Microsoft. Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
|
|
properties.conditionVersion
|
string
|
|
Versão da condição. Atualmente, o único valor aceito é '2.0'
|
|
properties.createdBy
|
string
|
|
ID do usuário que criou a atribuição
|
|
properties.createdOn
|
string
(date-time)
|
|
Hora em que foi criado
|
|
properties.delegatedManagedIdentityResourceId
|
string
|
|
ID do recurso de identidade gerenciada delegado
|
|
properties.description
|
string
|
|
Descrição da atribuição de função
|
|
properties.principalId
|
string
|
|
A ID da entidade de segurança.
|
|
properties.principalType
|
PrincipalType
|
User
|
O tipo principal da ID da entidade de segurança atribuída.
|
|
properties.roleDefinitionId
|
string
|
|
A ID da definição de função.
|
|
properties.scope
|
string
|
|
O escopo da atribuição de função.
|
|
properties.updatedBy
|
string
|
|
ID do usuário que atualizou a atribuição
|
|
properties.updatedOn
|
string
(date-time)
|
|
Hora em que foi atualizado
|
|
systemData
|
systemData
|
|
Metadados do Azure Resource Manager contendo informações createdBy e modifiedBy.
|
|
type
|
string
|
|
O tipo do recurso. Por exemplo, "Microsoft. Compute/virtualMachines" ou "Microsoft. ContasArmazenamento/Armazenamento"
|
RoleAssignmentCreateParameters
Objeto
A atribuição de função cria parâmetros.
| Nome |
Tipo |
Valor padrão |
Description |
|
properties.condition
|
string
|
|
As condições na atribuição de função. Isso limita os recursos aos quais pode ser atribuída. por exemplo: @Resource[Microsoft. Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
|
|
properties.conditionVersion
|
string
|
|
Versão da condição. Atualmente, o único valor aceito é '2.0'
|
|
properties.createdBy
|
string
|
|
ID do usuário que criou a atribuição
|
|
properties.createdOn
|
string
(date-time)
|
|
Hora em que foi criado
|
|
properties.delegatedManagedIdentityResourceId
|
string
|
|
ID do recurso de identidade gerenciada delegado
|
|
properties.description
|
string
|
|
Descrição da atribuição de função
|
|
properties.principalId
|
string
|
|
A ID da entidade de segurança.
|
|
properties.principalType
|
PrincipalType
|
User
|
O tipo principal da ID da entidade de segurança atribuída.
|
|
properties.roleDefinitionId
|
string
|
|
A ID da definição de função.
|
|
properties.scope
|
string
|
|
O escopo da atribuição de função.
|
|
properties.updatedBy
|
string
|
|
ID do usuário que atualizou a atribuição
|
|
properties.updatedOn
|
string
(date-time)
|
|
Hora em que foi atualizado
|
systemData
Objeto
Metadados relativos à criação e última modificação do recurso.
| Nome |
Tipo |
Description |
|
createdAt
|
string
(date-time)
|
O carimbo de data/hora da criação de recursos (UTC).
|
|
createdBy
|
string
|
A identidade que criou o recurso.
|
|
createdByType
|
createdByType
|
O tipo de identidade que criou o recurso.
|
|
lastModifiedAt
|
string
(date-time)
|
O carimbo de data/hora da última modificação do recurso (UTC)
|
|
lastModifiedBy
|
string
|
A identidade que modificou o recurso pela última vez.
|
|
lastModifiedByType
|
createdByType
|
O tipo de identidade que modificou o recurso pela última vez.
|