Rufen Sie eine Rollenzuweisung nach Bereich und Name ab.
GET https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}?api-version=2022-04-01
Mit optionalen Parametern:
GET https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}?api-version=2022-04-01&tenantId={tenantId}
URI-Parameter
Name |
In |
Erforderlich |
Typ |
Beschreibung |
roleAssignmentName
|
path |
True
|
string
|
Der Name der Rollenzuweisung. Es kann sich um eine beliebige gültige GUID sein.
|
scope
|
path |
True
|
string
|
Der Bereich des Vorgangs oder der Ressource. Gültige Bereiche sind: Abonnement (Format: '/subscriptions/{subscriptionId}'), Ressourcengruppe (Format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}' oder Ressource (Format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
|
api-version
|
query |
True
|
string
|
Hierbei handelt es sich um die für diesen Vorgang zu verwendende API-Version.
|
tenantId
|
query |
|
string
|
Mandanten-ID für mandantenübergreifende Anforderungen
|
Antworten
Name |
Typ |
Beschreibung |
200 OK
|
RoleAssignment
|
Gibt die Rollenzuweisung zurück.
|
Other Status Codes
|
ErrorResponse
|
Fehlerantwort mit Beschreibung des Grunds für den Fehler.
|
Berechtigungen
Ihnen muss eine Rolle mit den folgenden Berechtigungen zugewiesen sein, damit Sie diese API aufrufen können. Weitere Informationen finden Sie unter Integrierte Azure-Rollen.
Microsoft.Authorization/roleAssignments/read
Sicherheit
azure_auth
Azure Active Directory-OAuth2-Flow
Typ:
oauth2
Ablauf:
implicit
Autorisierungs-URL:
https://login.microsoftonline.com/common/oauth2/authorize
Bereiche
Name |
Beschreibung |
user_impersonation
|
Identitätswechsel Ihres Benutzerkontos
|
Beispiele
Get role assignment by scope and name
Beispielanforderung
GET https://management.azure.com/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/b0f43c54-e787-4862-89b1-a653fa9cf747?api-version=2022-04-01
/**
* Samples for RoleAssignments Get.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/
* RoleAssignments_Get.json
*/
/**
* Sample code: Get role assignment by scope and name.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void getRoleAssignmentByScopeAndName(com.azure.resourcemanager.AzureResourceManager azure) {
azure.accessManagement().roleAssignments().manager().roleServiceClient().getRoleAssignments().getWithResponse(
"subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2", "b0f43c54-e787-4862-89b1-a653fa9cf747", null,
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.authorization import AuthorizationManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-authorization
# USAGE
python role_assignments_get.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = AuthorizationManagementClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.role_assignments.get(
scope="subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2",
role_assignment_name="b0f43c54-e787-4862-89b1-a653fa9cf747",
)
print(response)
# x-ms-original-file: specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_Get.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armauthorization_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v3"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/310a0100f5b020c1900c527a6aa70d21992f078a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_Get.json
func ExampleRoleAssignmentsClient_Get() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armauthorization.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewRoleAssignmentsClient().Get(ctx, "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2", "b0f43c54-e787-4862-89b1-a653fa9cf747", &armauthorization.RoleAssignmentsClientGetOptions{TenantID: nil})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.RoleAssignment = armauthorization.RoleAssignment{
// Name: to.Ptr("b0f43c54-e787-4862-89b1-a653fa9cf747"),
// Type: to.Ptr("Microsoft.Authorization/roleAssignments"),
// ID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/b0f43c54-e787-4862-89b1-a653fa9cf747"),
// Properties: &armauthorization.RoleAssignmentProperties{
// PrincipalID: to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
// PrincipalType: to.Ptr(armauthorization.PrincipalTypeUser),
// RoleDefinitionID: to.Ptr("/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
// Scope: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Get a role assignment by scope and name.
*
* @summary Get a role assignment by scope and name.
* x-ms-original-file: specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_Get.json
*/
async function getRoleAssignmentByScopeAndName() {
const scope = "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2";
const roleAssignmentName = "b0f43c54-e787-4862-89b1-a653fa9cf747";
const credential = new DefaultAzureCredential();
const client = new AuthorizationManagementClient(credential);
const result = await client.roleAssignments.get(scope, roleAssignmentName);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Authorization.Models;
using Azure.ResourceManager.Authorization;
// Generated from example definition: specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_Get.json
// this example is just showing the usage of "RoleAssignments_Get" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this RoleAssignmentResource created on azure
// for more information of creating RoleAssignmentResource, please refer to the document of RoleAssignmentResource
string scope = "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2";
string roleAssignmentName = "b0f43c54-e787-4862-89b1-a653fa9cf747";
ResourceIdentifier roleAssignmentResourceId = RoleAssignmentResource.CreateResourceIdentifier(scope, roleAssignmentName);
RoleAssignmentResource roleAssignment = client.GetRoleAssignmentResource(roleAssignmentResourceId);
// invoke the operation
RoleAssignmentResource result = await roleAssignment.GetAsync();
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
RoleAssignmentData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Beispiel für eine Antwort
{
"properties": {
"roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2"
},
"id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/b0f43c54-e787-4862-89b1-a653fa9cf747",
"type": "Microsoft.Authorization/roleAssignments",
"name": "b0f43c54-e787-4862-89b1-a653fa9cf747"
}
Definitionen
ErrorAdditionalInfo
Zusätzliche Informationen zum Ressourcenverwaltungsfehler.
Name |
Typ |
Beschreibung |
info
|
object
|
Zusätzliche Informationen.
|
type
|
string
|
Typ der zusätzlichen Informationen.
|
ErrorDetail
Die Fehlerdetails.
Name |
Typ |
Beschreibung |
additionalInfo
|
ErrorAdditionalInfo[]
|
Die zusätzlichen Fehlerinformationen.
|
code
|
string
|
Der Fehlercode.
|
details
|
ErrorDetail[]
|
Die Fehlerdetails.
|
message
|
string
|
Die Fehlermeldung.
|
target
|
string
|
Das Fehlerziel.
|
ErrorResponse
Fehlerantwort
Name |
Typ |
Beschreibung |
error
|
ErrorDetail
|
Das Fehlerobjekt.
|
PrincipalType
Der Prinzipaltyp der zugewiesenen Prinzipal-ID.
Name |
Typ |
Beschreibung |
Device
|
string
|
|
ForeignGroup
|
string
|
|
Group
|
string
|
|
ServicePrincipal
|
string
|
|
User
|
string
|
|
RoleAssignment
Rollenzuweisungen
Name |
Typ |
Standardwert |
Beschreibung |
id
|
string
|
|
Hierbei handelt es sich um die Rollenzuweisungs-ID.
|
name
|
string
|
|
Der Name der Rollenzuweisung.
|
properties.condition
|
string
|
|
Die Bedingungen für die Rollenzuweisung. Dies schränkt die Ressourcen ein, denen sie zugewiesen werden kann. Beispiel: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
|
properties.conditionVersion
|
string
|
|
Version der Bedingung. Derzeit ist der einzige akzeptierte Wert "2.0"
|
properties.createdBy
|
string
|
|
ID des Benutzers, der die Zuweisung erstellt hat
|
properties.createdOn
|
string
|
|
Erstellungszeit
|
properties.delegatedManagedIdentityResourceId
|
string
|
|
ID der delegierten Verwalteten Identitätsressource
|
properties.description
|
string
|
|
Beschreibung der Rollenzuweisung
|
properties.principalId
|
string
|
|
Die Prinzipal-ID.
|
properties.principalType
|
PrincipalType
|
User
|
Der Prinzipaltyp der zugewiesenen Prinzipal-ID.
|
properties.roleDefinitionId
|
string
|
|
Hierbei handelt es sich um die Rollendefinitions-ID.
|
properties.scope
|
string
|
|
Der Rollenzuweisungsbereich.
|
properties.updatedBy
|
string
|
|
ID des Benutzers, der die Zuweisung aktualisiert hat
|
properties.updatedOn
|
string
|
|
Zeitpunkt der Aktualisierung
|
type
|
string
|
|
Der Rollenzuweisungstyp.
|