Role Assignment Schedule Requests - Validate
Validates a new role assignment schedule request.
POST https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleAssignmentScheduleRequests/{roleAssignmentScheduleRequestName}/validate?api-version=2020-10-01
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
role
|
path | True |
string |
The name of the role assignment request to validate. |
scope
|
path | True |
string |
The scope of the role assignment request to validate. |
api-version
|
query | True |
string |
The API version to use for this operation. |
Request Body
Name | Required | Type | Description |
---|---|---|---|
properties.principalId | True |
string |
The principal ID. |
properties.requestType | True |
The type of the role assignment schedule request. Eg: SelfActivate, AdminAssign etc |
|
properties.roleDefinitionId | True |
string |
The role definition ID. |
properties.condition |
string |
The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container' |
|
properties.conditionVersion |
string |
Version of the condition. Currently accepted value is '2.0' |
|
properties.justification |
string |
Justification for the role assignment |
|
properties.linkedRoleEligibilityScheduleId |
string |
The linked role eligibility schedule id - to activate an eligibility. |
|
properties.scheduleInfo |
Schedule info of the role assignment schedule |
||
properties.targetRoleAssignmentScheduleId |
string |
The resultant role assignment schedule id or the role assignment schedule id being updated |
|
properties.targetRoleAssignmentScheduleInstanceId |
string |
The role assignment schedule instance id being updated |
|
properties.ticketInfo |
Ticket Info of the role assignment |
Responses
Name | Type | Description |
---|---|---|
200 OK |
OK - Returns information about the role assignment request. |
|
Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
ValidateRoleAssignmentScheduleRequestByName
Sample request
POST https://management.azure.com/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleAssignmentScheduleRequests/fea7a502-9a96-4806-a26f-eee560e52045/validate?api-version=2020-10-01
{
"properties": {
"principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
"roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
"requestType": "SelfActivate",
"linkedRoleEligibilityScheduleId": "b1477448-2cc6-4ceb-93b4-54a202a89413",
"scheduleInfo": {
"startDateTime": "2020-09-09T21:35:27.91Z",
"expiration": {
"type": "AfterDuration",
"endDateTime": null,
"duration": "PT8H"
}
},
"condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'",
"conditionVersion": "1.0"
}
}
Sample response
{
"properties": {
"targetRoleAssignmentScheduleId": "c9e264ff-3133-4776-a81a-ebc7c33c8ec6",
"targetRoleAssignmentScheduleInstanceId": null,
"scope": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f",
"roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
"principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
"principalType": "User",
"requestType": "SelfActivate",
"status": "Provisioned",
"approvalId": null,
"scheduleInfo": {
"startDateTime": "2020-09-09T21:35:27.91Z",
"expiration": {
"type": "AfterDuration",
"endDateTime": null,
"duration": "PT8H"
}
},
"ticketInfo": {
"ticketNumber": null,
"ticketSystem": null
},
"justification": null,
"requestorId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
"createdOn": "2020-09-09T21:35:27.91Z",
"condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'",
"conditionVersion": "1.0",
"expandedProperties": {
"scope": {
"id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f",
"displayName": "Pay-As-You-Go",
"type": "subscription"
},
"roleDefinition": {
"id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
"displayName": "Contributor",
"type": "BuiltInRole"
},
"principal": {
"id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
"displayName": "User Account",
"email": "user@my-tenant.com",
"type": "User"
}
}
},
"name": "fea7a502-9a96-4806-a26f-eee560e52045",
"id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleAssignmentScheduleRequests/fea7a502-9a96-4806-a26f-eee560e52045",
"type": "Microsoft.Authorization/RoleAssignmentScheduleRequests"
}
Definitions
Name | Description |
---|---|
Cloud |
An error response from the service. |
Cloud |
An error response from the service. |
Expanded |
|
Expiration |
Expiration of the role assignment schedule |
Principal |
Details of the principal |
principal |
The principal type of the assigned principal ID. |
Request |
The type of the role assignment schedule request. Eg: SelfActivate, AdminAssign etc |
Role |
Role Assignment schedule request |
Role |
Details of role definition |
Schedule |
Schedule info of the role assignment schedule |
Scope |
Details of the resource scope |
Status |
The status of the role assignment schedule request. |
Ticket |
Ticket Info of the role assignment |
Type |
Type of the role assignment schedule expiration |
CloudError
An error response from the service.
Name | Type | Description |
---|---|---|
error |
An error response from the service. |
CloudErrorBody
An error response from the service.
Name | Type | Description |
---|---|---|
code |
string |
An identifier for the error. Codes are invariant and are intended to be consumed programmatically. |
message |
string |
A message describing the error, intended to be suitable for display in a user interface. |
ExpandedProperties
Name | Type | Description |
---|---|---|
principal |
Details of the principal |
|
roleDefinition |
Details of role definition |
|
scope |
Details of the resource scope |
Expiration
Expiration of the role assignment schedule
Name | Type | Description |
---|---|---|
duration |
string |
Duration of the role assignment schedule in TimeSpan. |
endDateTime |
string |
End DateTime of the role assignment schedule. |
type |
Type of the role assignment schedule expiration |
Principal
Details of the principal
Name | Type | Description |
---|---|---|
displayName |
string |
Display name of the principal |
string |
Email id of the principal |
|
id |
string |
Id of the principal |
type |
string |
Type of the principal |
principalType
The principal type of the assigned principal ID.
Name | Type | Description |
---|---|---|
Device |
string |
|
ForeignGroup |
string |
|
Group |
string |
|
ServicePrincipal |
string |
|
User |
string |
RequestType
The type of the role assignment schedule request. Eg: SelfActivate, AdminAssign etc
Name | Type | Description |
---|---|---|
AdminAssign |
string |
|
AdminExtend |
string |
|
AdminRemove |
string |
|
AdminRenew |
string |
|
AdminUpdate |
string |
|
SelfActivate |
string |
|
SelfDeactivate |
string |
|
SelfExtend |
string |
|
SelfRenew |
string |
RoleAssignmentScheduleRequest
Role Assignment schedule request
Name | Type | Description |
---|---|---|
id |
string |
The role assignment schedule request ID. |
name |
string |
The role assignment schedule request name. |
properties.approvalId |
string |
The approvalId of the role assignment schedule request. |
properties.condition |
string |
The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container' |
properties.conditionVersion |
string |
Version of the condition. Currently accepted value is '2.0' |
properties.createdOn |
string |
DateTime when role assignment schedule request was created |
properties.expandedProperties |
Additional properties of principal, scope and role definition |
|
properties.justification |
string |
Justification for the role assignment |
properties.linkedRoleEligibilityScheduleId |
string |
The linked role eligibility schedule id - to activate an eligibility. |
properties.principalId |
string |
The principal ID. |
properties.principalType |
The principal type of the assigned principal ID. |
|
properties.requestType |
The type of the role assignment schedule request. Eg: SelfActivate, AdminAssign etc |
|
properties.requestorId |
string |
Id of the user who created this request |
properties.roleDefinitionId |
string |
The role definition ID. |
properties.scheduleInfo |
Schedule info of the role assignment schedule |
|
properties.scope |
string |
The role assignment schedule request scope. |
properties.status |
The status of the role assignment schedule request. |
|
properties.targetRoleAssignmentScheduleId |
string |
The resultant role assignment schedule id or the role assignment schedule id being updated |
properties.targetRoleAssignmentScheduleInstanceId |
string |
The role assignment schedule instance id being updated |
properties.ticketInfo |
Ticket Info of the role assignment |
|
type |
string |
The role assignment schedule request type. |
RoleDefinition
Details of role definition
Name | Type | Description |
---|---|---|
displayName |
string |
Display name of the role definition |
id |
string |
Id of the role definition |
type |
string |
Type of the role definition |
ScheduleInfo
Schedule info of the role assignment schedule
Name | Type | Description |
---|---|---|
expiration |
Expiration of the role assignment schedule |
|
startDateTime |
string |
Start DateTime of the role assignment schedule. |
Scope
Details of the resource scope
Name | Type | Description |
---|---|---|
displayName |
string |
Display name of the resource |
id |
string |
Scope id of the resource |
type |
string |
Type of the resource |
Status
The status of the role assignment schedule request.
Name | Type | Description |
---|---|---|
Accepted |
string |
|
AdminApproved |
string |
|
AdminDenied |
string |
|
Canceled |
string |
|
Denied |
string |
|
Failed |
string |
|
FailedAsResourceIsLocked |
string |
|
Granted |
string |
|
Invalid |
string |
|
PendingAdminDecision |
string |
|
PendingApproval |
string |
|
PendingApprovalProvisioning |
string |
|
PendingEvaluation |
string |
|
PendingExternalProvisioning |
string |
|
PendingProvisioning |
string |
|
PendingRevocation |
string |
|
PendingScheduleCreation |
string |
|
Provisioned |
string |
|
ProvisioningStarted |
string |
|
Revoked |
string |
|
ScheduleCreated |
string |
|
TimedOut |
string |
TicketInfo
Ticket Info of the role assignment
Name | Type | Description |
---|---|---|
ticketNumber |
string |
Ticket number for the role assignment |
ticketSystem |
string |
Ticket system name for the role assignment |
Type
Type of the role assignment schedule expiration
Name | Type | Description |
---|---|---|
AfterDateTime |
string |
|
AfterDuration |
string |
|
NoExpiration |
string |