Role Eligibility Schedules - List For Scope

Referencia

Servicio:: Authorization

Versión de la API:: 2020-10-01

Obtiene las programaciones de idoneidad del rol para un ámbito de recurso.

GET https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleEligibilitySchedules?api-version=2020-10-01

Con parámetros opcionales:

GET https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleEligibilitySchedules?$filter={$filter}&api-version=2020-10-01

Parámetros de identificador URI

Nombre	En	Requerido	Tipo	Description
scope	path	True	string	Ámbito de las programaciones de idoneidad del rol.
api-version	query	True	string	Versión de API que se usará para la operación.
$filter	query		string	Filtro que se va a aplicar en la operación. Use $filter=atScope() para devolver todas las programaciones de idoneidad de roles en o por encima del ámbito. Use $filter=principalId eq {id} para devolver todas las programaciones de idoneidad de roles en, por encima o por debajo del ámbito de la entidad de seguridad especificada. Use $filter=assignedTo('{userId}') para devolver todas las programaciones de idoneidad del rol para el usuario. Use $filter=asTarget() para devolver todas las programaciones de idoneidad de roles creadas para el usuario actual.

Respuestas

Nombre	Tipo	Description
200 OK	RoleEligibilityScheduleListResult	Aceptar: devuelve una matriz de programaciones de idoneidad de roles.
Other Status Codes	CloudError	Respuesta de error que describe el motivo del error de la operación.

Seguridad

azure_auth

Flujo OAuth2 de Azure Active Directory

Tipo: oauth2
Flujo: implicit
Dirección URL de autorización: https://login.microsoftonline.com/common/oauth2/authorize

Ámbitos

Nombre	Description
user_impersonation	suplantación de su cuenta de usuario

Ejemplos

GetRoleEligibilitySchedulesByScope

Solicitud de ejemplo

GET https://management.azure.com/providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleEligibilitySchedules?$filter=assignedTo('a3bb8764-cb92-4276-9d2a-ca1e895e55ea')&api-version=2020-10-01


/**
 * Samples for RoleEligibilitySchedules ListForScope.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/
     * GetRoleEligibilitySchedulesByScope.json
     */
    /**
     * Sample code: GetRoleEligibilitySchedulesByScope.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void getRoleEligibilitySchedulesByScope(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.accessManagement().roleAssignments().manager().roleServiceClient().getRoleEligibilitySchedules()
            .listForScope("providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f",
                "assignedTo('a3bb8764-cb92-4276-9d2a-ca1e895e55ea')", com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armauthorization_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/53b1affe357b3bfbb53721d0a2002382a046d3b0/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleEligibilitySchedulesByScope.json
func ExampleRoleEligibilitySchedulesClient_NewListForScopePager() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armauthorization.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewRoleEligibilitySchedulesClient().NewListForScopePager("providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", &armauthorization.RoleEligibilitySchedulesClientListForScopeOptions{Filter: to.Ptr("assignedTo('a3bb8764-cb92-4276-9d2a-ca1e895e55ea')")})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.RoleEligibilityScheduleListResult = armauthorization.RoleEligibilityScheduleListResult{
		// 	Value: []*armauthorization.RoleEligibilitySchedule{
		// 		{
		// 			Name: to.Ptr("b1477448-2cc6-4ceb-93b4-54a202a89413"),
		// 			Type: to.Ptr("Microsoft.Authorization/RoleEligibilitySchedules"),
		// 			ID: to.Ptr("/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleEligibilitySchedules/b1477448-2cc6-4ceb-93b4-54a202a89413"),
		// 			Properties: &armauthorization.RoleEligibilityScheduleProperties{
		// 				Condition: to.Ptr("@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'"),
		// 				ConditionVersion: to.Ptr("1.0"),
		// 				CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-09T21:33:06.300Z"); return t}()),
		// 				EndDateTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-09T21:32:28.490Z"); return t}()),
		// 				ExpandedProperties: &armauthorization.ExpandedProperties{
		// 					Principal: &armauthorization.ExpandedPropertiesPrincipal{
		// 						Type: to.Ptr("User"),
		// 						DisplayName: to.Ptr("User Account"),
		// 						Email: to.Ptr("user@my-tenant.com"),
		// 						ID: to.Ptr("a3bb8764-cb92-4276-9d2a-ca1e895e55ea"),
		// 					},
		// 					RoleDefinition: &armauthorization.ExpandedPropertiesRoleDefinition{
		// 						Type: to.Ptr("BuiltInRole"),
		// 						DisplayName: to.Ptr("Contributor"),
		// 						ID: to.Ptr("/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608"),
		// 					},
		// 					Scope: &armauthorization.ExpandedPropertiesScope{
		// 						Type: to.Ptr("subscription"),
		// 						DisplayName: to.Ptr("Pay-As-You-Go"),
		// 						ID: to.Ptr("/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f"),
		// 					},
		// 				},
		// 				MemberType: to.Ptr(armauthorization.MemberTypeDirect),
		// 				PrincipalID: to.Ptr("a3bb8764-cb92-4276-9d2a-ca1e895e55ea"),
		// 				PrincipalType: to.Ptr(armauthorization.PrincipalTypeUser),
		// 				RoleDefinitionID: to.Ptr("/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"),
		// 				RoleEligibilityScheduleRequestID: to.Ptr("/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleEligibilityScheduleRequests/64caffb6-55c0-4deb-a585-68e948ea1ad6"),
		// 				Scope: to.Ptr("/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f"),
		// 				StartDateTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-09T21:33:14.557Z"); return t}()),
		// 				Status: to.Ptr(armauthorization.StatusProvisioned),
		// 				UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-09T22:27:00.513Z"); return t}()),
		// 			},
		// 	}},
		// }
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Gets role eligibility schedules for a resource scope.
 *
 * @summary Gets role eligibility schedules for a resource scope.
 * x-ms-original-file: specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleEligibilitySchedulesByScope.json
 */
async function getRoleEligibilitySchedulesByScope() {
  const subscriptionId =
    process.env["AUTHORIZATION_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
  const scope =
    "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f";
  const filter = "assignedTo('a3bb8764-cb92-4276-9d2a-ca1e895e55ea')";
  const options = {
    filter,
  };
  const credential = new DefaultAzureCredential();
  const client = new AuthorizationManagementClient(credential, subscriptionId);
  const resArray = new Array();
  for await (let item of client.roleEligibilitySchedules.listForScope(scope, options)) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Authorization;

// Generated from example definition: specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleEligibilitySchedulesByScope.json
// this example is just showing the usage of "RoleEligibilitySchedules_ListForScope" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this ArmResource created on azure
// for more information of creating ArmResource, please refer to the document of ArmResource

// get the collection of this RoleEligibilityScheduleResource
string scope = "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f";
ResourceIdentifier scopeId = new ResourceIdentifier(string.Format("/{0}", scope));
RoleEligibilityScheduleCollection collection = client.GetRoleEligibilitySchedules(scopeId);

// invoke the operation and iterate over the result
string filter = "assignedTo('a3bb8764-cb92-4276-9d2a-ca1e895e55ea')";
await foreach (RoleEligibilityScheduleResource item in collection.GetAllAsync(filter: filter))
{
    // the variable item is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    RoleEligibilityScheduleData resourceData = item.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

Console.WriteLine($"Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Respuesta de muestra

status code:: 200

{
  "value": [
    {
      "properties": {
        "scope": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f",
        "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
        "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
        "principalType": "User",
        "status": "Provisioned",
        "roleEligibilityScheduleRequestId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleEligibilityScheduleRequests/64caffb6-55c0-4deb-a585-68e948ea1ad6",
        "startDateTime": "2020-09-09T21:33:14.557Z",
        "endDateTime": "2021-09-09T21:32:28.49Z",
        "memberType": "Direct",
        "createdOn": "2020-09-09T21:33:06.3Z",
        "updatedOn": "2020-09-09T22:27:00.513Z",
        "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'",
        "conditionVersion": "1.0",
        "expandedProperties": {
          "scope": {
            "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f",
            "displayName": "Pay-As-You-Go",
            "type": "subscription"
          },
          "roleDefinition": {
            "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
            "displayName": "Contributor",
            "type": "BuiltInRole"
          },
          "principal": {
            "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
            "displayName": "User Account",
            "email": "user@my-tenant.com",
            "type": "User"
          }
        }
      },
      "name": "b1477448-2cc6-4ceb-93b4-54a202a89413",
      "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleEligibilitySchedules/b1477448-2cc6-4ceb-93b4-54a202a89413",
      "type": "Microsoft.Authorization/RoleEligibilitySchedules"
    }
  ]
}

Definiciones

Nombre	Description
CloudError	Respuesta de error del servicio.
CloudErrorBody	Respuesta de error del servicio.
ExpandedProperties
MemberType	Tipo de pertenencia de la programación de idoneidad del rol
Principal	Detalles de la entidad de seguridad
principalType	Tipo de entidad de seguridad del identificador de entidad de seguridad asignado.
RoleDefinition	Detalles de la definición de roles
RoleEligibilitySchedule	Programación de idoneidad de roles
RoleEligibilityScheduleListResult	resultado de la operación de lista de programación de idoneidad del rol.
Scope	Detalles del ámbito del recurso
Status	El estado de la programación de idoneidad del rol.

CloudError

Object

Respuesta de error del servicio.

Nombre	Tipo	Description
error	CloudErrorBody	Respuesta de error del servicio.

CloudErrorBody

Object

Respuesta de error del servicio.

Nombre	Tipo	Description
code	string	Identificador del error. Los códigos son invariables y están diseñados para consumirse mediante programación.
message	string	Mensaje que describe el error, diseñado para ser adecuado para su presentación en una interfaz de usuario.

ExpandedProperties

Object

Nombre	Tipo	Description
principal	Principal	Detalles de la entidad de seguridad
roleDefinition	RoleDefinition	Detalles de la definición de roles
scope	Scope	Detalles del ámbito del recurso

MemberType

Enumeration

Tipo de pertenencia de la programación de idoneidad del rol

Valor	Description
Direct
Group
Inherited

Principal

Object

Detalles de la entidad de seguridad

Nombre	Tipo	Description
displayName	string	Nombre para mostrar de la entidad de seguridad
email	string	Email id. de la entidad de seguridad
id	string	Identificador de la entidad de seguridad
type	string	Tipo de la entidad de seguridad

principalType

Enumeration

Tipo de entidad de seguridad del identificador de entidad de seguridad asignado.

Valor	Description
Device
ForeignGroup
Group
ServicePrincipal
User

RoleDefinition

Object

Detalles de la definición de roles

Nombre	Tipo	Description
displayName	string	Nombre para mostrar de la definición de rol
id	string	Identificador de la definición de roles
type	string	Tipo de la definición de roles