Role Management Policy Assignments - Create

Riferimento

Servizio:: Authorization

Versione API:: 2020-10-01

Creare un'assegnazione dei criteri di gestione dei ruoli

PUT https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleManagementPolicyAssignments/{roleManagementPolicyAssignmentName}?api-version=2020-10-01

Parametri dell'URI

Nome	In	Necessario	Tipo	Descrizione
roleManagementPolicyAssignmentName	path	True	string	Nome del formato {guid_guid} assegnazione dei criteri di gestione dei ruoli a upsert.
scope	path	True	string	Ambito dell'assegnazione dei criteri di gestione dei ruoli a upsert.
api-version	query	True	string	Versione dell'API da usare per questa operazione.

Corpo della richiesta

Nome	Tipo	Descrizione
properties.policyId	string	Assegnazione dei criteri di gestione dei ruoli ID criteri.
properties.roleDefinitionId	string	Definizione del ruolo di assegnazione dei criteri di gestione.
properties.scope	string	Ambito dei criteri di gestione dei ruoli.

Risposte

Nome	Tipo	Descrizione
201 Created	RoleManagementPolicyAssignment	Creato: restituisce l'assegnazione dei criteri creata o aggiornata.
Other Status Codes	CloudError	Risposta di errore che descrive il motivo per cui l'operazione non è riuscita.

Sicurezza

azure_auth

Flusso OAuth2 di Azure Active Directory

Tipo: oauth2
Flow: implicit
URL di autorizzazione: https://login.microsoftonline.com/common/oauth2/authorize

Ambiti

Nome	Descrizione
user_impersonation	rappresentare l'account utente

Esempio

PutRoleManagementPolicyAssignment

Esempio di richiesta

PUT https://management.azure.com/providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicyAssignments/b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24?api-version=2020-10-01

{
  "properties": {
    "scope": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368",
    "roleDefinitionId": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
    "policyId": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9"
  }
}


import com.azure.resourcemanager.authorization.fluent.models.RoleManagementPolicyAssignmentInner;

/**
 * Samples for RoleManagementPolicyAssignments Create.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/
     * PutRoleManagementPolicyAssignment.json
     */
    /**
     * Sample code: PutRoleManagementPolicyAssignment.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void putRoleManagementPolicyAssignment(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.accessManagement().roleAssignments().manager().roleServiceClient().getRoleManagementPolicyAssignments()
            .createWithResponse("providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368",
                "b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
                new RoleManagementPolicyAssignmentInner()
                    .withScope("/subscriptions/129ff972-28f8-46b8-a726-e497be039368")
                    .withRoleDefinitionId(
                        "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24")
                    .withPolicyId(
                        "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9"),
                com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armauthorization_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/53b1affe357b3bfbb53721d0a2002382a046d3b0/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PutRoleManagementPolicyAssignment.json
func ExampleRoleManagementPolicyAssignmentsClient_Create() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armauthorization.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewRoleManagementPolicyAssignmentsClient().Create(ctx, "providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368", "b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24", armauthorization.RoleManagementPolicyAssignment{
		Properties: &armauthorization.RoleManagementPolicyAssignmentProperties{
			PolicyID:         to.Ptr("/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9"),
			RoleDefinitionID: to.Ptr("/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24"),
			Scope:            to.Ptr("/subscriptions/129ff972-28f8-46b8-a726-e497be039368"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Create a role management policy assignment
 *
 * @summary Create a role management policy assignment
 * x-ms-original-file: specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PutRoleManagementPolicyAssignment.json
 */
async function putRoleManagementPolicyAssignment() {
  const subscriptionId =
    process.env["AUTHORIZATION_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
  const scope =
    "providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368";
  const roleManagementPolicyAssignmentName =
    "b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24";
  const parameters = {
    policyId:
      "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9",
    roleDefinitionId:
      "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
    scope: "/subscriptions/129ff972-28f8-46b8-a726-e497be039368",
  };
  const credential = new DefaultAzureCredential();
  const client = new AuthorizationManagementClient(credential, subscriptionId);
  const result = await client.roleManagementPolicyAssignments.create(
    scope,
    roleManagementPolicyAssignmentName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Authorization;

// Generated from example definition: specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PutRoleManagementPolicyAssignment.json
// this example is just showing the usage of "RoleManagementPolicyAssignments_Create" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this ArmResource created on azure
// for more information of creating ArmResource, please refer to the document of ArmResource

// get the collection of this RoleManagementPolicyAssignmentResource
string scope = "providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368";
ResourceIdentifier scopeId = new ResourceIdentifier(string.Format("/{0}", scope));
RoleManagementPolicyAssignmentCollection collection = client.GetRoleManagementPolicyAssignments(scopeId);

// invoke the operation
string roleManagementPolicyAssignmentName = "b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24";
RoleManagementPolicyAssignmentData data = new RoleManagementPolicyAssignmentData()
{
    Scope = "/subscriptions/129ff972-28f8-46b8-a726-e497be039368",
    RoleDefinitionId = new ResourceIdentifier("/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24"),
    PolicyId = new ResourceIdentifier("/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9"),
};
ArmOperation<RoleManagementPolicyAssignmentResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, roleManagementPolicyAssignmentName, data);
RoleManagementPolicyAssignmentResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
RoleManagementPolicyAssignmentData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Risposta di esempio

Codice di stato:: 201

{
  "properties": {
    "scope": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368",
    "roleDefinitionId": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
    "policyId": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9",
    "effectiveRules": [
      {
        "enabledRules": [],
        "id": "Enablement_Admin_Eligibility",
        "ruleType": "RoleManagementPolicyEnablementRule",
        "target": {
          "caller": "Admin",
          "operations": [
            "All"
          ],
          "level": "Eligibility",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "isExpirationRequired": true,
        "maximumDuration": "P90D",
        "id": "Expiration_Admin_Eligibility",
        "ruleType": "RoleManagementPolicyExpirationRule",
        "target": {
          "caller": "Admin",
          "operations": [
            "All"
          ],
          "level": "Eligibility",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "notificationType": "Email",
        "recipientType": "Admin",
        "isDefaultRecipientsEnabled": false,
        "notificationLevel": "Critical",
        "notificationRecipients": [
          "admin_admin_eligible@test.com"
        ],
        "id": "Notification_Admin_Admin_Eligibility",
        "ruleType": "RoleManagementPolicyNotificationRule",
        "target": {
          "caller": "Admin",
          "operations": [
            "All"
          ],
          "level": "Eligibility",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "notificationType": "Email",
        "recipientType": "Requestor",
        "isDefaultRecipientsEnabled": false,
        "notificationLevel": "Critical",
        "notificationRecipients": [
          "requestor_admin_eligible@test.com"
        ],
        "id": "Notification_Requestor_Admin_Eligibility",
        "ruleType": "RoleManagementPolicyNotificationRule",
        "target": {
          "caller": "Admin",
          "operations": [
            "All"
          ],
          "level": "Eligibility",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "notificationType": "Email",
        "recipientType": "Approver",
        "isDefaultRecipientsEnabled": false,
        "notificationLevel": "Critical",
        "notificationRecipients": [
          "approver_admin_eligible@test.com"
        ],
        "id": "Notification_Approver_Admin_Eligibility",
        "ruleType": "RoleManagementPolicyNotificationRule",
        "target": {
          "caller": "Admin",
          "operations": [
            "All"
          ],
          "level": "Eligibility",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "enabledRules": [
          "MultiFactorAuthentication",
          "Justification"
        ],
        "id": "Enablement_Admin_Assignment",
        "ruleType": "RoleManagementPolicyEnablementRule",
        "target": {
          "caller": "Admin",
          "operations": [
            "All"
          ],
          "level": "Assignment",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "isExpirationRequired": false,
        "maximumDuration": "P90D",
        "id": "Expiration_Admin_Assignment",
        "ruleType": "RoleManagementPolicyExpirationRule",
        "target": {
          "caller": "Admin",
          "operations": [
            "All"
          ],
          "level": "Assignment",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "notificationType": "Email",
        "recipientType": "Admin",
        "isDefaultRecipientsEnabled": false,
        "notificationLevel": "Critical",
        "notificationRecipients": [
          "admin_admin_member@test.com"
        ],
        "id": "Notification_Admin_Admin_Assignment",
        "ruleType": "RoleManagementPolicyNotificationRule",
        "target": {
          "caller": "Admin",
          "operations": [
            "All"
          ],
          "level": "Assignment",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "notificationType": "Email",
        "recipientType": "Requestor",
        "isDefaultRecipientsEnabled": false,
        "notificationLevel": "Critical",
        "notificationRecipients": [
          "requestor_admin_member@test.com"
        ],
        "id": "Notification_Requestor_Admin_Assignment",
        "ruleType": "RoleManagementPolicyNotificationRule",
        "target": {
          "caller": "Admin",
          "operations": [
            "All"
          ],
          "level": "Assignment",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "notificationType": "Email",
        "recipientType": "Approver",
        "isDefaultRecipientsEnabled": false,
        "notificationLevel": "Critical",
        "notificationRecipients": [
          "approver_admin_member@test.com"
        ],
        "id": "Notification_Approver_Admin_Assignment",
        "ruleType": "RoleManagementPolicyNotificationRule",
        "target": {
          "caller": "Admin",
          "operations": [
            "All"
          ],
          "level": "Assignment",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "setting": {
          "isApprovalRequired": true,
          "isApprovalRequiredForExtension": false,
          "isRequestorJustificationRequired": true,
          "approvalMode": "SingleStage",
          "approvalStages": [
            {
              "approvalStageTimeOutInDays": 1,
              "isApproverJustificationRequired": true,
              "escalationTimeInMinutes": 0,
              "primaryApprovers": [
                {
                  "id": "2385b0f3-5fa9-43cf-8ca4-b01dc97298cd",
                  "description": "amansw_new_group",
                  "isBackup": false,
                  "userType": "Group"
                },
                {
                  "id": "2f4913c9-d15b-406a-9946-1d66a28f2690",
                  "description": "amansw_group",
                  "isBackup": false,
                  "userType": "Group"
                }
              ],
              "isEscalationEnabled": false,
              "escalationApprovers": null
            }
          ]
        },
        "id": "Approval_EndUser_Assignment",
        "ruleType": "RoleManagementPolicyApprovalRule",
        "target": {
          "caller": "EndUser",
          "operations": [
            "All"
          ],
          "level": "Assignment",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "isEnabled": false,
        "claimValue": "",
        "id": "AuthenticationContext_EndUser_Assignment",
        "ruleType": "RoleManagementPolicyAuthenticationContextRule",
        "target": {
          "caller": "EndUser",
          "operations": [
            "All"
          ],
          "level": "Assignment",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "enabledRules": [
          "MultiFactorAuthentication",
          "Justification",
          "Ticketing"
        ],
        "id": "Enablement_EndUser_Assignment",
        "ruleType": "RoleManagementPolicyEnablementRule",
        "target": {
          "caller": "EndUser",
          "operations": [
            "All"
          ],
          "level": "Assignment",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "isExpirationRequired": true,
        "maximumDuration": "PT7H",
        "id": "Expiration_EndUser_Assignment",
        "ruleType": "RoleManagementPolicyExpirationRule",
        "target": {
          "caller": "EndUser",
          "operations": [
            "All"
          ],
          "level": "Assignment",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "notificationType": "Email",
        "recipientType": "Admin",
        "isDefaultRecipientsEnabled": false,
        "notificationLevel": "Critical",
        "notificationRecipients": [
          "admin_enduser_member@test.com"
        ],
        "id": "Notification_Admin_EndUser_Assignment",
        "ruleType": "RoleManagementPolicyNotificationRule",
        "target": {
          "caller": "EndUser",
          "operations": [
            "All"
          ],
          "level": "Assignment",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "notificationType": "Email",
        "recipientType": "Requestor",
        "isDefaultRecipientsEnabled": false,
        "notificationLevel": "Critical",
        "notificationRecipients": [
          "requestor_enduser_member@test.com"
        ],
        "id": "Notification_Requestor_EndUser_Assignment",
        "ruleType": "RoleManagementPolicyNotificationRule",
        "target": {
          "caller": "EndUser",
          "operations": [
            "All"
          ],
          "level": "Assignment",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "notificationType": "Email",
        "recipientType": "Approver",
        "isDefaultRecipientsEnabled": true,
        "notificationLevel": "Critical",
        "notificationRecipients": null,
        "id": "Notification_Approver_EndUser_Assignment",
        "ruleType": "RoleManagementPolicyNotificationRule",
        "target": {
          "caller": "EndUser",
          "operations": [
            "All"
          ],
          "level": "Assignment",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      }
    ],
    "policyAssignmentProperties": {
      "scope": {
        "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368",
        "displayName": "Pay-As-You-Go",
        "type": "subscription"
      },
      "roleDefinition": {
        "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
        "displayName": "FHIR Data Converter",
        "type": "BuiltInRole"
      },
      "policy": {
        "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9",
        "lastModifiedBy": null,
        "lastModifiedDateTime": null
      }
    }
  },
  "name": "b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
  "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicyAssignment/b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
  "type": "Microsoft.Authorization/RoleManagementPolicyAssignment"
}

Definizioni

Nome	Descrizione
CloudError	Risposta di errore dal servizio.
CloudErrorBody	Risposta di errore dal servizio.
Policy	Dettagli dei criteri
PolicyAssignmentProperties	Informazioni espanse sull'ambito delle risorse, sulla definizione del ruolo e sui criteri
Principal	Nome dell'ultima modifica dell'entità
RoleDefinition	Dettagli della definizione del ruolo
RoleManagementPolicyAssignment	Criteri di gestione dei ruoli
Scope	Dettagli dell'ambito della risorsa

CloudError

Risposta di errore dal servizio.

Nome	Tipo	Descrizione
error	CloudErrorBody	Risposta di errore dal servizio.

CloudErrorBody

Risposta di errore dal servizio.

Nome	Tipo	Descrizione
code	string	Identificatore dell'errore. I codici sono invarianti e devono essere utilizzati a livello di codice.
message	string	Messaggio che descrive l'errore, che deve essere adatto per la visualizzazione in un'interfaccia utente.

Policy

Dettagli dei criteri

Nome	Tipo	Descrizione
id	string	ID dei criteri
lastModifiedBy	Principal	Nome dell'ultima modifica dell'entità
lastModifiedDateTime	string	Data dell'ultima modifica.

PolicyAssignmentProperties

Informazioni espanse sull'ambito delle risorse, sulla definizione del ruolo e sui criteri

Nome	Tipo	Descrizione
policy	Policy	Dettagli dei criteri
roleDefinition	RoleDefinition	Dettagli della definizione del ruolo
scope	Scope	Dettagli dell'ambito della risorsa

Principal

Nome dell'ultima modifica dell'entità

Nome	Tipo	Descrizione
displayName	string	Nome dell'entità che ha apportato modifiche
email	string	Email dell'entità
id	string	ID dell'entità che ha apportato modifiche
type	string	Tipo di entità, ad esempio utente, gruppo e così via

RoleDefinition

Dettagli della definizione del ruolo

Nome	Tipo	Descrizione
displayName	string	Nome visualizzato della definizione del ruolo
id	string	ID della definizione del ruolo
type	string	Tipo di definizione del ruolo