deny_assignments
Creates, updates, deletes, gets or lists a deny_assignments resource.
Overview
| Name | deny_assignments |
| Type | Resource |
| Id | azure.authorization.deny_assignments |
Fields
The following fields are returned by SELECT queries:
- list_for_resource
- list_for_resource_group
- get
- list
- get_by_id
- list_for_scope
OK - Returns an array of deny assignments.
| Name | Datatype | Description |
|---|---|---|
id | string | The deny assignment ID. |
name | string | The deny assignment name. |
properties | object | Deny assignment properties. |
type | string | The deny assignment type. |
OK - Returns an array of deny assignments.
| Name | Datatype | Description |
|---|---|---|
id | string | The deny assignment ID. |
name | string | The deny assignment name. |
properties | object | Deny assignment properties. |
type | string | The deny assignment type. |
OK - Returns information about the deny assignment.
| Name | Datatype | Description |
|---|---|---|
id | string | The deny assignment ID. |
name | string | The deny assignment name. |
properties | object | Deny assignment properties. |
type | string | The deny assignment type. |
OK - Returns an array of deny assignments.
| Name | Datatype | Description |
|---|---|---|
id | string | The deny assignment ID. |
name | string | The deny assignment name. |
properties | object | Deny assignment properties. |
type | string | The deny assignment type. |
OK - Returns the deny assignment.
| Name | Datatype | Description |
|---|---|---|
id | string | The deny assignment ID. |
name | string | The deny assignment name. |
properties | object | Deny assignment properties. |
type | string | The deny assignment type. |
OK - Returns an array of deny assignments.
| Name | Datatype | Description |
|---|---|---|
id | string | The deny assignment ID. |
name | string | The deny assignment name. |
properties | object | Deny assignment properties. |
type | string | The deny assignment type. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_for_resource | select | subscriptionId, resourceGroupName, resourceProviderNamespace, parentResourcePath, resourceType, resourceName | $filter | Gets deny assignments for a resource. |
list_for_resource_group | select | subscriptionId, resourceGroupName | $filter | Gets deny assignments for a resource group. |
get | select | scope, denyAssignmentId | Get the specified deny assignment. | |
list | select | subscriptionId | $filter | Gets all deny assignments for the subscription. |
get_by_id | select | denyAssignmentId | Gets a deny assignment by ID. | |
list_for_scope | select | scope | $filter | Gets deny assignments for a scope. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
denyAssignmentId | string | The fully qualified deny assignment ID. For example, use the format, /subscriptions/{guid}/providers/Microsoft.Authorization/denyAssignments/{denyAssignmentId} for subscription level deny assignments, or /providers/Microsoft.Authorization/denyAssignments/{denyAssignmentId} for tenant level deny assignments. |
parentResourcePath | string | The parent resource identity. |
resourceGroupName | string | The name of the resource group. The name is case insensitive. |
resourceName | string | The name of the resource to get deny assignments for. |
resourceProviderNamespace | string | The namespace of the resource provider. |
resourceType | string | The resource type of the resource. |
scope | string | The scope of the deny assignments. |
subscriptionId | string | The ID of the target subscription. |
$filter | string | The filter to apply on the operation. Use $filter=atScope() to return all deny assignments at or above the scope. Use $filter=denyAssignmentName eq '{name}' to search deny assignments by name at specified scope. Use $filter=principalId eq '{id}' to return all deny assignments at, above and below the scope for the specified principal. Use $filter=gdprExportPrincipalId eq '{id}' to return all deny assignments at, above and below the scope for the specified principal. This filter is different from the principalId filter as it returns not only those deny assignments that contain the specified principal is the Principals list but also those deny assignments that contain the specified principal is the ExcludePrincipals list. Additionally, when gdprExportPrincipalId filter is used, only the deny assignment name and description properties are returned. |
SELECT examples
- list_for_resource
- list_for_resource_group
- get
- list
- get_by_id
- list_for_scope
Gets deny assignments for a resource.
SELECT
id,
name,
properties,
type
FROM azure.authorization.deny_assignments
WHERE subscriptionId = '{{ subscriptionId }}' -- required
AND resourceGroupName = '{{ resourceGroupName }}' -- required
AND resourceProviderNamespace = '{{ resourceProviderNamespace }}' -- required
AND parentResourcePath = '{{ parentResourcePath }}' -- required
AND resourceType = '{{ resourceType }}' -- required
AND resourceName = '{{ resourceName }}' -- required
AND $filter = '{{ $filter }}'
;
Gets deny assignments for a resource group.
SELECT
id,
name,
properties,
type
FROM azure.authorization.deny_assignments
WHERE subscriptionId = '{{ subscriptionId }}' -- required
AND resourceGroupName = '{{ resourceGroupName }}' -- required
AND $filter = '{{ $filter }}'
;
Get the specified deny assignment.
SELECT
id,
name,
properties,
type
FROM azure.authorization.deny_assignments
WHERE scope = '{{ scope }}' -- required
AND denyAssignmentId = '{{ denyAssignmentId }}' -- required
;
Gets all deny assignments for the subscription.
SELECT
id,
name,
properties,
type
FROM azure.authorization.deny_assignments
WHERE subscriptionId = '{{ subscriptionId }}' -- required
AND $filter = '{{ $filter }}'
;
Gets a deny assignment by ID.
SELECT
id,
name,
properties,
type
FROM azure.authorization.deny_assignments
WHERE denyAssignmentId = '{{ denyAssignmentId }}' -- required
;
Gets deny assignments for a scope.
SELECT
id,
name,
properties,
type
FROM azure.authorization.deny_assignments
WHERE scope = '{{ scope }}' -- required
AND $filter = '{{ $filter }}'
;