Role Management Policy Assignments - Get
Get the specified role management policy assignment for a resource scope
GET https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleManagementPolicyAssignments/{roleManagementPolicyAssignmentName}?api-version=2020-10-01
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
role
|
path | True |
string |
The name of format {guid_guid} the role management policy assignment to get. |
scope
|
path | True |
string |
The scope of the role management policy. |
api-version
|
query | True |
string |
The API version to use for this operation. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
OK - Returns information about the role management policy. |
|
Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
GetConfigurations
Sample request
GET https://management.azure.com/providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicyAssignments/b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24?api-version=2020-10-01
Sample response
{
"properties": {
"scope": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368",
"roleDefinitionId": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
"policyId": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9",
"effectiveRules": [
{
"enabledRules": [],
"id": "Enablement_Admin_Eligibility",
"ruleType": "RoleManagementPolicyEnablementRule",
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Eligibility",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"isExpirationRequired": true,
"maximumDuration": "P90D",
"id": "Expiration_Admin_Eligibility",
"ruleType": "RoleManagementPolicyExpirationRule",
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Eligibility",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"notificationType": "Email",
"recipientType": "Admin",
"isDefaultRecipientsEnabled": false,
"notificationLevel": "Critical",
"notificationRecipients": [
"admin_admin_eligible@test.com"
],
"id": "Notification_Admin_Admin_Eligibility",
"ruleType": "RoleManagementPolicyNotificationRule",
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Eligibility",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"notificationType": "Email",
"recipientType": "Requestor",
"isDefaultRecipientsEnabled": false,
"notificationLevel": "Critical",
"notificationRecipients": [
"requestor_admin_eligible@test.com"
],
"id": "Notification_Requestor_Admin_Eligibility",
"ruleType": "RoleManagementPolicyNotificationRule",
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Eligibility",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"notificationType": "Email",
"recipientType": "Approver",
"isDefaultRecipientsEnabled": false,
"notificationLevel": "Critical",
"notificationRecipients": [
"approver_admin_eligible@test.com"
],
"id": "Notification_Approver_Admin_Eligibility",
"ruleType": "RoleManagementPolicyNotificationRule",
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Eligibility",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"enabledRules": [
"MultiFactorAuthentication",
"Justification"
],
"id": "Enablement_Admin_Assignment",
"ruleType": "RoleManagementPolicyEnablementRule",
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Assignment",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"isExpirationRequired": false,
"maximumDuration": "P90D",
"id": "Expiration_Admin_Assignment",
"ruleType": "RoleManagementPolicyExpirationRule",
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Assignment",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"notificationType": "Email",
"recipientType": "Admin",
"isDefaultRecipientsEnabled": false,
"notificationLevel": "Critical",
"notificationRecipients": [
"admin_admin_member@test.com"
],
"id": "Notification_Admin_Admin_Assignment",
"ruleType": "RoleManagementPolicyNotificationRule",
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Assignment",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"notificationType": "Email",
"recipientType": "Requestor",
"isDefaultRecipientsEnabled": false,
"notificationLevel": "Critical",
"notificationRecipients": [
"requestor_admin_member@test.com"
],
"id": "Notification_Requestor_Admin_Assignment",
"ruleType": "RoleManagementPolicyNotificationRule",
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Assignment",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"notificationType": "Email",
"recipientType": "Approver",
"isDefaultRecipientsEnabled": false,
"notificationLevel": "Critical",
"notificationRecipients": [
"approver_admin_member@test.com"
],
"id": "Notification_Approver_Admin_Assignment",
"ruleType": "RoleManagementPolicyNotificationRule",
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Assignment",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"setting": {
"isApprovalRequired": true,
"isApprovalRequiredForExtension": false,
"isRequestorJustificationRequired": true,
"approvalMode": "SingleStage",
"approvalStages": [
{
"approvalStageTimeOutInDays": 1,
"isApproverJustificationRequired": true,
"escalationTimeInMinutes": 0,
"primaryApprovers": [
{
"id": "2385b0f3-5fa9-43cf-8ca4-b01dc97298cd",
"description": "amansw_new_group",
"isBackup": false,
"userType": "Group"
},
{
"id": "2f4913c9-d15b-406a-9946-1d66a28f2690",
"description": "amansw_group",
"isBackup": false,
"userType": "Group"
}
],
"isEscalationEnabled": false,
"escalationApprovers": null
}
]
},
"id": "Approval_EndUser_Assignment",
"ruleType": "RoleManagementPolicyApprovalRule",
"target": {
"caller": "EndUser",
"operations": [
"All"
],
"level": "Assignment",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"isEnabled": false,
"claimValue": "",
"id": "AuthenticationContext_EndUser_Assignment",
"ruleType": "RoleManagementPolicyAuthenticationContextRule",
"target": {
"caller": "EndUser",
"operations": [
"All"
],
"level": "Assignment",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"enabledRules": [
"MultiFactorAuthentication",
"Justification",
"Ticketing"
],
"id": "Enablement_EndUser_Assignment",
"ruleType": "RoleManagementPolicyEnablementRule",
"target": {
"caller": "EndUser",
"operations": [
"All"
],
"level": "Assignment",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"isExpirationRequired": true,
"maximumDuration": "PT7H",
"id": "Expiration_EndUser_Assignment",
"ruleType": "RoleManagementPolicyExpirationRule",
"target": {
"caller": "EndUser",
"operations": [
"All"
],
"level": "Assignment",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"notificationType": "Email",
"recipientType": "Admin",
"isDefaultRecipientsEnabled": false,
"notificationLevel": "Critical",
"notificationRecipients": [
"admin_enduser_member@test.com"
],
"id": "Notification_Admin_EndUser_Assignment",
"ruleType": "RoleManagementPolicyNotificationRule",
"target": {
"caller": "EndUser",
"operations": [
"All"
],
"level": "Assignment",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"notificationType": "Email",
"recipientType": "Requestor",
"isDefaultRecipientsEnabled": false,
"notificationLevel": "Critical",
"notificationRecipients": [
"requestor_enduser_member@test.com"
],
"id": "Notification_Requestor_EndUser_Assignment",
"ruleType": "RoleManagementPolicyNotificationRule",
"target": {
"caller": "EndUser",
"operations": [
"All"
],
"level": "Assignment",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"notificationType": "Email",
"recipientType": "Approver",
"isDefaultRecipientsEnabled": true,
"notificationLevel": "Critical",
"notificationRecipients": null,
"id": "Notification_Approver_EndUser_Assignment",
"ruleType": "RoleManagementPolicyNotificationRule",
"target": {
"caller": "EndUser",
"operations": [
"All"
],
"level": "Assignment",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
}
],
"policyAssignmentProperties": {
"scope": {
"id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368",
"displayName": "Pay-As-You-Go",
"type": "subscription"
},
"roleDefinition": {
"id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
"displayName": "FHIR Data Converter",
"type": "BuiltInRole"
},
"policy": {
"id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9",
"lastModifiedBy": {
"id": null,
"displayName": "Admin",
"type": null,
"email": null
},
"lastModifiedDateTime": null
}
}
},
"name": "b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
"id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicyAssignment/b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
"type": "Microsoft.Authorization/RoleManagementPolicyAssignment"
}
Definitions
Name | Description |
---|---|
Cloud |
An error response from the service. |
Cloud |
An error response from the service. |
Policy |
Details of the policy |
Policy |
Expanded info of resource scope, role definition and policy |
Principal |
The name of the entity last modified it |
Role |
Details of role definition |
Role |
Role management policy |
Scope |
Details of the resource scope |
CloudError
An error response from the service.
Name | Type | Description |
---|---|---|
error |
An error response from the service. |
CloudErrorBody
An error response from the service.
Name | Type | Description |
---|---|---|
code |
string |
An identifier for the error. Codes are invariant and are intended to be consumed programmatically. |
message |
string |
A message describing the error, intended to be suitable for display in a user interface. |
Policy
Details of the policy
Name | Type | Description |
---|---|---|
id |
string |
Id of the policy |
lastModifiedBy |
The name of the entity last modified it |
|
lastModifiedDateTime |
string |
The last modified date time. |
PolicyAssignmentProperties
Expanded info of resource scope, role definition and policy
Name | Type | Description |
---|---|---|
policy |
Details of the policy |
|
roleDefinition |
Details of role definition |
|
scope |
Details of the resource scope |
Principal
The name of the entity last modified it
Name | Type | Description |
---|---|---|
displayName |
string |
The name of the principal made changes |
string |
Email of principal |
|
id |
string |
The id of the principal made changes |
type |
string |
Type of principal such as user , group etc |
RoleDefinition
Details of role definition
Name | Type | Description |
---|---|---|
displayName |
string |
Display name of the role definition |
id |
string |
Id of the role definition |
type |
string |
Type of the role definition |
RoleManagementPolicyAssignment
Role management policy
Name | Type | Description |
---|---|---|
id |
string |
The role management policy Id. |
name |
string |
The role management policy name. |
properties.effectiveRules |
Role |
The readonly computed rule applied to the policy. |
properties.policyAssignmentProperties |
Additional properties of scope, role definition and policy |
|
properties.policyId |
string |
The policy id role management policy assignment. |
properties.roleDefinitionId |
string |
The role definition of management policy assignment. |
properties.scope |
string |
The role management policy scope. |
type |
string |
The role management policy type. |
Scope
Details of the resource scope
Name | Type | Description |
---|---|---|
displayName |
string |
Display name of the resource |
id |
string |
Scope id of the resource |
type |
string |
Type of the resource |