role_assignments
Creates, updates, deletes, gets or lists a role_assignments resource.
Overview
| Name | role_assignments |
| Type | Resource |
| Id | azure.authorization.role_assignments |
Fields
The following fields are returned by SELECT queries:
- list_for_resource
- list_for_resource_group
- get
- list_for_subscription
- list_for_scope
- get_by_id
Returns an array of role assignments.
| Name | Datatype | Description |
|---|---|---|
id | string | The role assignment ID. |
name | string | The role assignment name. |
properties | object | Role assignment properties. |
type | string | The role assignment type. |
Returns an array of role assignments.
| Name | Datatype | Description |
|---|---|---|
id | string | The role assignment ID. |
name | string | The role assignment name. |
properties | object | Role assignment properties. |
type | string | The role assignment type. |
Returns the role assignment.
| Name | Datatype | Description |
|---|---|---|
id | string | The role assignment ID. |
name | string | The role assignment name. |
properties | object | Role assignment properties. |
type | string | The role assignment type. |
Returns an array of role assignments.
| Name | Datatype | Description |
|---|---|---|
id | string | The role assignment ID. |
name | string | The role assignment name. |
properties | object | Role assignment properties. |
type | string | The role assignment type. |
Returns an array of role assignments.
| Name | Datatype | Description |
|---|---|---|
id | string | The role assignment ID. |
name | string | The role assignment name. |
properties | object | Role assignment properties. |
type | string | The role assignment type. |
Returns the role assignment.
| Name | Datatype | Description |
|---|---|---|
id | string | The role assignment ID. |
name | string | The role assignment name. |
properties | object | Role assignment properties. |
type | string | The role assignment type. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_for_resource | select | subscriptionId, resourceGroupName, resourceProviderNamespace, resourceType, resourceName | $filter, tenantId | List all role assignments that apply to a resource. |
list_for_resource_group | select | subscriptionId, resourceGroupName | $filter, tenantId | List all role assignments that apply to a resource group. |
get | select | scope, roleAssignmentName | tenantId | Get a role assignment by scope and name. |
list_for_subscription | select | subscriptionId | $filter, tenantId | List all role assignments that apply to a subscription. |
list_for_scope | select | scope | $filter, tenantId, $skipToken | List all role assignments that apply to a scope. |
get_by_id | select | roleAssignmentId | tenantId | Get a role assignment by ID. |
create | insert | scope, roleAssignmentName, data__properties | Create or update a role assignment by scope and name. | |
create_by_id | insert | roleAssignmentId, data__properties | Create or update a role assignment by ID. | |
delete | delete | scope, roleAssignmentName | tenantId | Delete a role assignment by scope and name. |
delete_by_id | delete | roleAssignmentId | tenantId | Delete a role assignment by ID. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
resourceGroupName | string | The name of the resource group. The name is case insensitive. |
resourceName | string | The resource name. |
resourceProviderNamespace | string | The namespace of the resource provider. |
resourceType | string | The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). |
roleAssignmentId | string | The fully qualified ID of the role assignment including scope, resource name, and resource type. Format: /{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}. Example: /subscriptions/<SUB_ID>/resourcegroups/<RESOURCE_GROUP>/providers/Microsoft.Authorization/roleAssignments/<ROLE_ASSIGNMENT_NAME> |
roleAssignmentName | string | The name of the role assignment. It can be any valid GUID. |
scope | string | The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' |
subscriptionId | string | The ID of the target subscription. |
$filter | string | The filter to apply on the operation. Use $filter=atScope() to return all role assignments at or above the scope. Use $filter=principalId eq {id} to return all role assignments at, above or below the scope for the specified principal. |
$skipToken | string | The skipToken to apply on the operation. Use $skipToken={skiptoken} to return paged role assignments following the skipToken passed. Only supported on provider level calls. |
tenantId | string | Tenant ID for cross-tenant request |
SELECT examples
- list_for_resource
- list_for_resource_group
- get
- list_for_subscription
- list_for_scope
- get_by_id
List all role assignments that apply to a resource.
SELECT
id,
name,
properties,
type
FROM azure.authorization.role_assignments
WHERE subscriptionId = '{{ subscriptionId }}' -- required
AND resourceGroupName = '{{ resourceGroupName }}' -- required
AND resourceProviderNamespace = '{{ resourceProviderNamespace }}' -- required
AND resourceType = '{{ resourceType }}' -- required
AND resourceName = '{{ resourceName }}' -- required
AND $filter = '{{ $filter }}'
AND tenantId = '{{ tenantId }}'
;
List all role assignments that apply to a resource group.
SELECT
id,
name,
properties,
type
FROM azure.authorization.role_assignments
WHERE subscriptionId = '{{ subscriptionId }}' -- required
AND resourceGroupName = '{{ resourceGroupName }}' -- required
AND $filter = '{{ $filter }}'
AND tenantId = '{{ tenantId }}'
;
Get a role assignment by scope and name.
SELECT
id,
name,
properties,
type
FROM azure.authorization.role_assignments
WHERE scope = '{{ scope }}' -- required
AND roleAssignmentName = '{{ roleAssignmentName }}' -- required
AND tenantId = '{{ tenantId }}'
;
List all role assignments that apply to a subscription.
SELECT
id,
name,
properties,
type
FROM azure.authorization.role_assignments
WHERE subscriptionId = '{{ subscriptionId }}' -- required
AND $filter = '{{ $filter }}'
AND tenantId = '{{ tenantId }}'
;
List all role assignments that apply to a scope.
SELECT
id,
name,
properties,
type
FROM azure.authorization.role_assignments
WHERE scope = '{{ scope }}' -- required
AND $filter = '{{ $filter }}'
AND tenantId = '{{ tenantId }}'
AND $skipToken = '{{ $skipToken }}'
;
Get a role assignment by ID.
SELECT
id,
name,
properties,
type
FROM azure.authorization.role_assignments
WHERE roleAssignmentId = '{{ roleAssignmentId }}' -- required
AND tenantId = '{{ tenantId }}'
;
INSERT examples
- create
- create_by_id
- Manifest
Create or update a role assignment by scope and name.
INSERT INTO azure.authorization.role_assignments (
data__properties,
scope,
roleAssignmentName
)
SELECT
'{{ properties }}' /* required */,
'{{ scope }}',
'{{ roleAssignmentName }}'
RETURNING
id,
name,
properties,
type
;
Create or update a role assignment by ID.
INSERT INTO azure.authorization.role_assignments (
data__properties,
roleAssignmentId
)
SELECT
'{{ properties }}' /* required */,
'{{ roleAssignmentId }}'
RETURNING
id,
name,
properties,
type
;
# Description fields are for documentation purposes
- name: role_assignments
props:
- name: scope
value: string
description: Required parameter for the role_assignments resource.
- name: roleAssignmentName
value: string
description: Required parameter for the role_assignments resource.
- name: roleAssignmentId
value: string
description: Required parameter for the role_assignments resource.
- name: properties
value: object
description: |
Role assignment properties.
DELETE examples
- delete
- delete_by_id
Delete a role assignment by scope and name.
DELETE FROM azure.authorization.role_assignments
WHERE scope = '{{ scope }}' --required
AND roleAssignmentName = '{{ roleAssignmentName }}' --required
AND tenantId = '{{ tenantId }}'
;
Delete a role assignment by ID.
DELETE FROM azure.authorization.role_assignments
WHERE roleAssignmentId = '{{ roleAssignmentId }}' --required
AND tenantId = '{{ tenantId }}'
;