Role Assignment Schedule Requests - Validate

Validates a new role assignment schedule request.

POST https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleAssignmentScheduleRequests/{roleAssignmentScheduleRequestName}/validate?api-version=2020-10-01

URI Parameters

Name In Required Type Description
roleAssignmentScheduleRequestName
path True

string

The name of the role assignment request to validate.

scope
path True

string

The scope of the role assignment request to validate.

api-version
query True

string

The API version to use for this operation.

Request Body

Name Required Type Description
properties.principalId True

string

The principal ID.

properties.requestType True

RequestType

The type of the role assignment schedule request. Eg: SelfActivate, AdminAssign etc

properties.roleDefinitionId True

string

The role definition ID.

properties.condition

string

The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'

properties.conditionVersion

string

Version of the condition. Currently accepted value is '2.0'

properties.justification

string

Justification for the role assignment

properties.linkedRoleEligibilityScheduleId

string

The linked role eligibility schedule id - to activate an eligibility.

properties.scheduleInfo

ScheduleInfo

Schedule info of the role assignment schedule

properties.targetRoleAssignmentScheduleId

string

The resultant role assignment schedule id or the role assignment schedule id being updated

properties.targetRoleAssignmentScheduleInstanceId

string

The role assignment schedule instance id being updated

properties.ticketInfo

TicketInfo

Ticket Info of the role assignment

Responses

Name Type Description
200 OK

RoleAssignmentScheduleRequest

OK - Returns information about the role assignment request.

Other Status Codes

CloudError

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

ValidateRoleAssignmentScheduleRequestByName

Sample request

POST https://management.azure.com/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleAssignmentScheduleRequests/fea7a502-9a96-4806-a26f-eee560e52045/validate?api-version=2020-10-01

{
  "properties": {
    "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
    "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
    "requestType": "SelfActivate",
    "linkedRoleEligibilityScheduleId": "b1477448-2cc6-4ceb-93b4-54a202a89413",
    "scheduleInfo": {
      "startDateTime": "2020-09-09T21:35:27.91Z",
      "expiration": {
        "type": "AfterDuration",
        "endDateTime": null,
        "duration": "PT8H"
      }
    },
    "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'",
    "conditionVersion": "1.0"
  }
}

Sample response

{
  "properties": {
    "targetRoleAssignmentScheduleId": "c9e264ff-3133-4776-a81a-ebc7c33c8ec6",
    "targetRoleAssignmentScheduleInstanceId": null,
    "scope": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f",
    "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
    "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
    "principalType": "User",
    "requestType": "SelfActivate",
    "status": "Provisioned",
    "approvalId": null,
    "scheduleInfo": {
      "startDateTime": "2020-09-09T21:35:27.91Z",
      "expiration": {
        "type": "AfterDuration",
        "endDateTime": null,
        "duration": "PT8H"
      }
    },
    "ticketInfo": {
      "ticketNumber": null,
      "ticketSystem": null
    },
    "justification": null,
    "requestorId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
    "createdOn": "2020-09-09T21:35:27.91Z",
    "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'",
    "conditionVersion": "1.0",
    "expandedProperties": {
      "scope": {
        "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f",
        "displayName": "Pay-As-You-Go",
        "type": "subscription"
      },
      "roleDefinition": {
        "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
        "displayName": "Contributor",
        "type": "BuiltInRole"
      },
      "principal": {
        "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
        "displayName": "User Account",
        "email": "user@my-tenant.com",
        "type": "User"
      }
    }
  },
  "name": "fea7a502-9a96-4806-a26f-eee560e52045",
  "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleAssignmentScheduleRequests/fea7a502-9a96-4806-a26f-eee560e52045",
  "type": "Microsoft.Authorization/RoleAssignmentScheduleRequests"
}

Definitions

Name Description
CloudError

An error response from the service.

CloudErrorBody

An error response from the service.

ExpandedProperties
Expiration

Expiration of the role assignment schedule

Principal

Details of the principal

principalType

The principal type of the assigned principal ID.

RequestType

The type of the role assignment schedule request. Eg: SelfActivate, AdminAssign etc

RoleAssignmentScheduleRequest

Role Assignment schedule request

RoleDefinition

Details of role definition

ScheduleInfo

Schedule info of the role assignment schedule

Scope

Details of the resource scope

Status

The status of the role assignment schedule request.

TicketInfo

Ticket Info of the role assignment

Type

Type of the role assignment schedule expiration

CloudError

An error response from the service.

Name Type Description
error

CloudErrorBody

An error response from the service.

CloudErrorBody

An error response from the service.

Name Type Description
code

string

An identifier for the error. Codes are invariant and are intended to be consumed programmatically.

message

string

A message describing the error, intended to be suitable for display in a user interface.

ExpandedProperties

Name Type Description
principal

Principal

Details of the principal

roleDefinition

RoleDefinition

Details of role definition

scope

Scope

Details of the resource scope

Expiration

Expiration of the role assignment schedule

Name Type Description
duration

string

Duration of the role assignment schedule in TimeSpan.

endDateTime

string

End DateTime of the role assignment schedule.

type

Type

Type of the role assignment schedule expiration

Principal

Details of the principal

Name Type Description
displayName

string

Display name of the principal

email

string

Email id of the principal

id

string

Id of the principal

type

string

Type of the principal

principalType

The principal type of the assigned principal ID.

Name Type Description
Device

string

ForeignGroup

string

Group

string

ServicePrincipal

string

User

string

RequestType

The type of the role assignment schedule request. Eg: SelfActivate, AdminAssign etc

Name Type Description
AdminAssign

string

AdminExtend

string

AdminRemove

string

AdminRenew

string

AdminUpdate

string

SelfActivate

string

SelfDeactivate

string

SelfExtend

string

SelfRenew

string

RoleAssignmentScheduleRequest

Role Assignment schedule request

Name Type Description
id

string

The role assignment schedule request ID.

name

string

The role assignment schedule request name.

properties.approvalId

string

The approvalId of the role assignment schedule request.

properties.condition

string

The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'

properties.conditionVersion

string

Version of the condition. Currently accepted value is '2.0'

properties.createdOn

string

DateTime when role assignment schedule request was created

properties.expandedProperties

ExpandedProperties

Additional properties of principal, scope and role definition

properties.justification

string

Justification for the role assignment

properties.linkedRoleEligibilityScheduleId

string

The linked role eligibility schedule id - to activate an eligibility.

properties.principalId

string

The principal ID.

properties.principalType

principalType

The principal type of the assigned principal ID.

properties.requestType

RequestType

The type of the role assignment schedule request. Eg: SelfActivate, AdminAssign etc

properties.requestorId

string

Id of the user who created this request

properties.roleDefinitionId

string

The role definition ID.

properties.scheduleInfo

ScheduleInfo

Schedule info of the role assignment schedule

properties.scope

string

The role assignment schedule request scope.

properties.status

Status

The status of the role assignment schedule request.

properties.targetRoleAssignmentScheduleId

string

The resultant role assignment schedule id or the role assignment schedule id being updated

properties.targetRoleAssignmentScheduleInstanceId

string

The role assignment schedule instance id being updated

properties.ticketInfo

TicketInfo

Ticket Info of the role assignment

type

string

The role assignment schedule request type.

RoleDefinition

Details of role definition

Name Type Description
displayName

string

Display name of the role definition

id

string

Id of the role definition

type

string

Type of the role definition

ScheduleInfo

Schedule info of the role assignment schedule

Name Type Description
expiration

Expiration

Expiration of the role assignment schedule

startDateTime

string

Start DateTime of the role assignment schedule.

Scope

Details of the resource scope

Name Type Description
displayName

string

Display name of the resource

id

string

Scope id of the resource

type

string

Type of the resource

Status

The status of the role assignment schedule request.

Name Type Description
Accepted

string

AdminApproved

string

AdminDenied

string

Canceled

string

Denied

string

Failed

string

FailedAsResourceIsLocked

string

Granted

string

Invalid

string

PendingAdminDecision

string

PendingApproval

string

PendingApprovalProvisioning

string

PendingEvaluation

string

PendingExternalProvisioning

string

PendingProvisioning

string

PendingRevocation

string

PendingScheduleCreation

string

Provisioned

string

ProvisioningStarted

string

Revoked

string

ScheduleCreated

string

TimedOut

string

TicketInfo

Ticket Info of the role assignment

Name Type Description
ticketNumber

string

Ticket number for the role assignment

ticketSystem

string

Ticket system name for the role assignment

Type

Type of the role assignment schedule expiration

Name Type Description
AfterDateTime

string

AfterDuration

string

NoExpiration

string