-
Notifications
You must be signed in to change notification settings - Fork 97
Rbac Policy Apis
David Ebbo edited this page Jan 20, 2015
·
7 revisions
- Listing all authorization resource types
ARMClient.exe get /subscriptions/{sub}/providers/Microsoft.Authorization?api-version=2014-04-01
- Listing all role definitions (Contributor, Reader, Owner, ...)
ARMClient.exe get /subscriptions/{sub}/providers/Microsoft.Authorization/roleDefinitions?api-version=2014-07-01-preview
- Listing all role assignments. This is where each users (principalId) is assigned to role definition id for specific resource scope.
ARMClient.exe get /subscriptions/{sub}/providers/Microsoft.Authorization/roleAssignments?api-version=2014-07-01-preview
- Listing specific role assignment.
ARMClient.exe get /subscriptions/{sub}/providers/Microsoft.Authorization/roleAssignments/{name}?api-version=2014-07-01-preview
- Add new role assignment.
ARMClient.exe put /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.Web/sites/{site}/providers/Microsoft.Authorization/roleAssignments/{name}?api-version=2014-07-01-preview @roleAssignment.json
roleAssignment.json sample:
{
"properties": {
"roleDefinitionId": "/subscriptions/05fe7df8-d95b-426e-becc-f10e6be4430d/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
"principalId": "150fd6d5-4560-41b7-abe1-f4d5f5504f9f",
}
}- Remove role assignment.
ARMClient.exe delete /subscriptions/{sub}/providers/Microsoft.Authorization/roleAssignments/{name}?api-version=2014-07-01-preview