Role Assignments - Create

Serviço:: Authorization

Versão da API:: 2022-04-01

Crie ou atualize uma atribuição de função por escopo e nome.

PUT https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}?api-version=2022-04-01

Parâmetros do URI

Name	Em	Necessário	Tipo	Description
roleAssignmentName	path	True	string	O nome da atribuição de função. Pode ser qualquer GUID válido.
scope	path	True	string	O identificador totalmente qualificado do Azure Resource Manager do recurso.
api-version	query	True	string minLength: 1	A versão da API a ser usada para esta operação.

Corpo do Pedido

Name	Necessário	Tipo	Description
properties.principalId	True	string	O ID principal.
properties.roleDefinitionId	True	string	O ID de definição de função.
properties.condition		string	As condições na atribuição de função. Isto limita os recursos a que pode ser atribuída. por exemplo: @Resource[Microsoft. Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
properties.conditionVersion		string	Versão da condição. Atualmente, o único valor aceite é '2.0'
properties.delegatedManagedIdentityResourceId		string	Id do recurso de identidade gerenciado delegado
properties.description		string	Descrição da atribuição de funções
properties.principalType		PrincipalType	O tipo principal do ID principal atribuído.

Respostas

Name	Tipo	Description
200 OK	RoleAssignment	Operação de atualização do recurso 'RoleAssignment' bem-sucedida
201 Created	RoleAssignment	Recurso 'RoleAssignment' criar operação bem-sucedida
Other Status Codes	ErrorResponse	Uma resposta de erro inesperada.

Permissões

Para chamar esta API, tem de lhe ser atribuída uma função que tenha as seguintes permissões. Para obter mais informações, veja Funções incorporadas do Azure.

Microsoft.Authorization/roleAssignments/write

Segurança

azure_auth

Azure Active Directory OAuth2 Flow.

Tipo: oauth2
Fluxo: implicit
URL de Autorização: https://login.microsoftonline.com/common/oauth2/authorize

Âmbitos

Name	Description
user_impersonation	personificar a sua conta de utilizador

Exemplos

Create role assignment for resource

Create role assignment for resource group

Create role assignment for subscription

Create role assignment for resource

Pedido de amostra

PUT https://management.azure.com/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff?api-version=2022-04-01

{
  "properties": {
    "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
    "principalType": "User",
    "roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"
  }
}

from azure.identity import DefaultAzureCredential

from azure.mgmt.authorization import AuthorizationManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-authorization
# USAGE
    python role_assignments_create_for_resource.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = AuthorizationManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="SUBSCRIPTION_ID",
    )

    response = client.role_assignments.create(
        scope="subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account",
        role_assignment_name="05c5a614-a7d6-4502-b150-c2fb455033ff",
        parameters={
            "properties": {
                "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
                "principalType": "User",
                "roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
            }
        },
    )
    print(response)


# x-ms-original-file: 2022-04-01/RoleAssignments_CreateForResource.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armauthorization_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v3"
)

// Generated from example definition: 2022-04-01/RoleAssignments_CreateForResource.json
func ExampleRoleAssignmentsClient_Create_createRoleAssignmentForResource() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armauthorization.NewClientFactory("<subscriptionID>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewRoleAssignmentsClient().Create(ctx, "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account", "05c5a614-a7d6-4502-b150-c2fb455033ff", armauthorization.RoleAssignmentCreateParameters{
		Properties: &armauthorization.RoleAssignmentProperties{
			PrincipalID:      to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
			PrincipalType:    to.Ptr(armauthorization.PrincipalTypeUser),
			RoleDefinitionID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armauthorization.RoleAssignmentsClientCreateResponse{
	// 	RoleAssignment: &armauthorization.RoleAssignment{
	// 		Name: to.Ptr("05c5a614-a7d6-4502-b150-c2fb455033ff"),
	// 		Type: to.Ptr("Microsoft.Authorization/roleAssignments"),
	// 		ID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff"),
	// 		Properties: &armauthorization.RoleAssignmentProperties{
	// 			PrincipalID: to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
	// 			PrincipalType: to.Ptr(armauthorization.PrincipalTypeUser),
	// 			RoleDefinitionID: to.Ptr("/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
	// 			Scope: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account"),
	// 		},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to create or update a role assignment by scope and name.
 *
 * @summary create or update a role assignment by scope and name.
 * x-ms-original-file: 2022-04-01/RoleAssignments_CreateForResource.json
 */
async function createRoleAssignmentForResource() {
  const credential = new DefaultAzureCredential();
  const client = new AuthorizationManagementClient(credential);
  const result = await client.roleAssignments.create(
    "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account",
    "05c5a614-a7d6-4502-b150-c2fb455033ff",
    {
      principalId: "ce2ce14e-85d7-4629-bdbc-454d0519d987",
      principalType: "User",
      roleDefinitionId:
        "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    },
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Resposta da amostra

Código de estado:: 200

{
  "name": "05c5a614-a7d6-4502-b150-c2fb455033ff",
  "type": "Microsoft.Authorization/roleAssignments",
  "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff",
  "properties": {
    "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
    "principalType": "User",
    "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account"
  }
}

Código de estado:: 201

{
  "name": "05c5a614-a7d6-4502-b150-c2fb455033ff",
  "type": "Microsoft.Authorization/roleAssignments",
  "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff",
  "properties": {
    "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
    "principalType": "User",
    "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account"
  }
}

Create role assignment for resource group

Pedido de amostra

PUT https://management.azure.com/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff?api-version=2022-04-01

{
  "properties": {
    "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
    "principalType": "User",
    "roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"
  }
}

from azure.identity import DefaultAzureCredential

from azure.mgmt.authorization import AuthorizationManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-authorization
# USAGE
    python role_assignments_create_for_resource_group.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = AuthorizationManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="SUBSCRIPTION_ID",
    )

    response = client.role_assignments.create(
        scope="subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg",
        role_assignment_name="05c5a614-a7d6-4502-b150-c2fb455033ff",
        parameters={
            "properties": {
                "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
                "principalType": "User",
                "roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
            }
        },
    )
    print(response)


# x-ms-original-file: 2022-04-01/RoleAssignments_CreateForResourceGroup.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armauthorization_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v3"
)

// Generated from example definition: 2022-04-01/RoleAssignments_CreateForResourceGroup.json
func ExampleRoleAssignmentsClient_Create_createRoleAssignmentForResourceGroup() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armauthorization.NewClientFactory("<subscriptionID>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewRoleAssignmentsClient().Create(ctx, "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg", "05c5a614-a7d6-4502-b150-c2fb455033ff", armauthorization.RoleAssignmentCreateParameters{
		Properties: &armauthorization.RoleAssignmentProperties{
			PrincipalID:      to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
			PrincipalType:    to.Ptr(armauthorization.PrincipalTypeUser),
			RoleDefinitionID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armauthorization.RoleAssignmentsClientCreateResponse{
	// 	RoleAssignment: &armauthorization.RoleAssignment{
	// 		Name: to.Ptr("05c5a614-a7d6-4502-b150-c2fb455033ff"),
	// 		Type: to.Ptr("Microsoft.Authorization/roleAssignments"),
	// 		ID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff"),
	// 		Properties: &armauthorization.RoleAssignmentProperties{
	// 			PrincipalID: to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
	// 			PrincipalType: to.Ptr(armauthorization.PrincipalTypeUser),
	// 			RoleDefinitionID: to.Ptr("/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
	// 			Scope: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg"),
	// 		},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to create or update a role assignment by scope and name.
 *
 * @summary create or update a role assignment by scope and name.
 * x-ms-original-file: 2022-04-01/RoleAssignments_CreateForResourceGroup.json
 */
async function createRoleAssignmentForResourceGroup() {
  const credential = new DefaultAzureCredential();
  const client = new AuthorizationManagementClient(credential);
  const result = await client.roleAssignments.create(
    "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg",
    "05c5a614-a7d6-4502-b150-c2fb455033ff",
    {
      principalId: "ce2ce14e-85d7-4629-bdbc-454d0519d987",
      principalType: "User",
      roleDefinitionId:
        "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    },
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Resposta da amostra

Código de estado:: 200

{
  "name": "05c5a614-a7d6-4502-b150-c2fb455033ff",
  "type": "Microsoft.Authorization/roleAssignments",
  "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff",
  "properties": {
    "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
    "principalType": "User",
    "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg"
  }
}

Código de estado:: 201

{
  "name": "05c5a614-a7d6-4502-b150-c2fb455033ff",
  "type": "Microsoft.Authorization/roleAssignments",
  "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff",
  "properties": {
    "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
    "principalType": "User",
    "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg"
  }
}

Create role assignment for subscription

Pedido de amostra

PUT https://management.azure.com/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff?api-version=2022-04-01

{
  "properties": {
    "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
    "principalType": "User",
    "roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"
  }
}

from azure.identity import DefaultAzureCredential

from azure.mgmt.authorization import AuthorizationManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-authorization
# USAGE
    python role_assignments_create_for_subscription.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = AuthorizationManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="SUBSCRIPTION_ID",
    )

    response = client.role_assignments.create(
        scope="subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2",
        role_assignment_name="05c5a614-a7d6-4502-b150-c2fb455033ff",
        parameters={
            "properties": {
                "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
                "principalType": "User",
                "roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
            }
        },
    )
    print(response)


# x-ms-original-file: 2022-04-01/RoleAssignments_CreateForSubscription.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armauthorization_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v3"
)

// Generated from example definition: 2022-04-01/RoleAssignments_CreateForSubscription.json
func ExampleRoleAssignmentsClient_Create_createRoleAssignmentForSubscription() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armauthorization.NewClientFactory("<subscriptionID>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewRoleAssignmentsClient().Create(ctx, "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2", "05c5a614-a7d6-4502-b150-c2fb455033ff", armauthorization.RoleAssignmentCreateParameters{
		Properties: &armauthorization.RoleAssignmentProperties{
			PrincipalID:      to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
			PrincipalType:    to.Ptr(armauthorization.PrincipalTypeUser),
			RoleDefinitionID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armauthorization.RoleAssignmentsClientCreateResponse{
	// 	RoleAssignment: &armauthorization.RoleAssignment{
	// 		Name: to.Ptr("05c5a614-a7d6-4502-b150-c2fb455033ff"),
	// 		Type: to.Ptr("Microsoft.Authorization/roleAssignments"),
	// 		ID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff"),
	// 		Properties: &armauthorization.RoleAssignmentProperties{
	// 			PrincipalID: to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
	// 			PrincipalType: to.Ptr(armauthorization.PrincipalTypeUser),
	// 			RoleDefinitionID: to.Ptr("/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
	// 			Scope: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2"),
	// 		},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to create or update a role assignment by scope and name.
 *
 * @summary create or update a role assignment by scope and name.
 * x-ms-original-file: 2022-04-01/RoleAssignments_CreateForSubscription.json
 */
async function createRoleAssignmentForSubscription() {
  const credential = new DefaultAzureCredential();
  const client = new AuthorizationManagementClient(credential);
  const result = await client.roleAssignments.create(
    "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2",
    "05c5a614-a7d6-4502-b150-c2fb455033ff",
    {
      principalId: "ce2ce14e-85d7-4629-bdbc-454d0519d987",
      principalType: "User",
      roleDefinitionId:
        "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    },
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Resposta da amostra

Código de estado:: 200

{
  "name": "05c5a614-a7d6-4502-b150-c2fb455033ff",
  "type": "Microsoft.Authorization/roleAssignments",
  "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff",
  "properties": {
    "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
    "principalType": "User",
    "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2"
  }
}

Código de estado:: 201

{
  "name": "05c5a614-a7d6-4502-b150-c2fb455033ff",
  "type": "Microsoft.Authorization/roleAssignments",
  "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff",
  "properties": {
    "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
    "principalType": "User",
    "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2"
  }
}

Definições

Name	Description
createdByType	O tipo de identidade que criou o recurso.
ErrorAdditionalInfo	O erro de gerenciamento de recursos informações adicionais.
ErrorDetail	O detalhe do erro.
ErrorResponse	Resposta de erro
PrincipalType	O tipo principal do ID principal atribuído.
RoleAssignment	Atribuições de Funções
RoleAssignmentCreateParameters	A atribuição de função cria parâmetros.
systemData	Metadados referentes à criação e última modificação do recurso.

createdByType

Enumeração

O tipo de identidade que criou o recurso.

Valor	Description
User
Application
ManagedIdentity
Key

ErrorAdditionalInfo

Object

O erro de gerenciamento de recursos informações adicionais.

Name	Tipo	Description
info	object	As informações adicionais.
type	string	O tipo de informação adicional.

ErrorDetail

Object

O detalhe do erro.

Name	Tipo	Description
additionalInfo	ErrorAdditionalInfo[]	O erro informações adicionais.
code	string	O código de erro.
details	ErrorDetail[]	Os detalhes do erro.
message	string	A mensagem de erro.
target	string	O destino do erro.

ErrorResponse

Object

Resposta de erro

Name	Tipo	Description
error	ErrorDetail	O objeto de erro.

PrincipalType

Enumeração

O tipo principal do ID principal atribuído.

Valor	Description
User	User
Group	Grupo
ServicePrincipal	Serviço Principal
ForeignGroup	ForeignGroup
Device	Device

RoleAssignment

Object

Atribuições de Funções

Name	Tipo	Default value	Description
id	string		ID de recurso totalmente qualificado para o recurso. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
name	string		O nome do recurso
properties.condition	string		As condições na atribuição de função. Isto limita os recursos a que pode ser atribuída. por exemplo: @Resource[Microsoft. Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
properties.conditionVersion	string		Versão da condição. Atualmente, o único valor aceite é '2.0'
properties.createdBy	string		ID do usuário que criou a atribuição
properties.createdOn	string (date-time)		Tempo em que foi criado
properties.delegatedManagedIdentityResourceId	string		Id do recurso de identidade gerenciado delegado
properties.description	string		Descrição da atribuição de funções
properties.principalId	string		O ID principal.
properties.principalType	PrincipalType	User	O tipo principal do ID principal atribuído.
properties.roleDefinitionId	string		O ID de definição de função.
properties.scope	string		O escopo da atribuição de função.
properties.updatedBy	string		ID do usuário que atualizou a atribuição
properties.updatedOn	string (date-time)		Hora em que foi atualizado
systemData	systemData		Metadados do Azure Resource Manager contendo informações createdBy e modifiedBy.
type	string		O tipo do recurso. Por exemplo, "Microsoft. Computação/Máquinas Virtuais" ou "Microsoft. ContasArmazenamento/Armazenamento"

RoleAssignmentCreateParameters

Object

A atribuição de função cria parâmetros.

Name	Tipo	Default value	Description
properties.condition	string		As condições na atribuição de função. Isto limita os recursos a que pode ser atribuída. por exemplo: @Resource[Microsoft. Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
properties.conditionVersion	string		Versão da condição. Atualmente, o único valor aceite é '2.0'
properties.createdBy	string		ID do usuário que criou a atribuição
properties.createdOn	string (date-time)		Tempo em que foi criado
properties.delegatedManagedIdentityResourceId	string		Id do recurso de identidade gerenciado delegado
properties.description	string		Descrição da atribuição de funções
properties.principalId	string		O ID principal.
properties.principalType	PrincipalType	User	O tipo principal do ID principal atribuído.
properties.roleDefinitionId	string		O ID de definição de função.
properties.scope	string		O escopo da atribuição de função.
properties.updatedBy	string		ID do usuário que atualizou a atribuição
properties.updatedOn	string (date-time)		Hora em que foi atualizado

systemData

Object

Metadados referentes à criação e última modificação do recurso.

Name	Tipo	Description
createdAt	string (date-time)	O carimbo de data/hora da criação de recursos (UTC).
createdBy	string	A identidade que criou o recurso.
createdByType	createdByType	O tipo de identidade que criou o recurso.
lastModifiedAt	string (date-time)	O carimbo de data/hora da última modificação do recurso (UTC)
lastModifiedBy	string	A identidade que modificou o recurso pela última vez.
lastModifiedByType	createdByType	O tipo de identidade que modificou o recurso pela última vez.