Usuń przypisanie roli według zakresu i nazwy.
DELETE https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}?api-version=2022-04-01
Z parametrami opcjonalnymi:
DELETE https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}?api-version=2022-04-01&tenantId={tenantId}
Parametry identyfikatora URI
| Nazwa |
W |
Wymagane |
Typ |
Opis |
|
roleAssignmentName
|
path |
True
|
string
|
Nazwa przypisania roli. Może to być dowolny prawidłowy identyfikator GUID.
|
|
scope
|
path |
True
|
string
|
Zakres operacji lub zasobu. Prawidłowe zakresy to: subskrypcja (format: "/subscriptions/{subscriptionId}"), grupa zasobów (format: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}" lub zasób (format: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}"
|
|
api-version
|
query |
True
|
string
|
Wersja interfejsu API do użycia dla tej operacji.
|
|
tenantId
|
query |
|
string
|
Identyfikator dzierżawy dla żądania między dzierżawami
|
Odpowiedzi
| Nazwa |
Typ |
Opis |
|
200 OK
|
RoleAssignment
|
Zwraca usunięte przypisanie roli.
|
|
204 No Content
|
|
Przypisanie roli zostało już usunięte lub nie istnieje.
|
|
Other Status Codes
|
ErrorResponse
|
Odpowiedź na błąd opisująca, dlaczego operacja nie powiodła się.
|
Uprawnienia
Aby wywołać ten interfejs API, musisz mieć przypisaną rolę z następującymi uprawnieniami. Aby uzyskać więcej informacji, zobacz Role wbudowane platformy Azure.
Microsoft.Authorization/roleAssignments/delete
Zabezpieczenia
azure_auth
Przepływ OAuth2 usługi Azure Active Directory
Typ:
oauth2
Flow:
implicit
Adres URL autoryzacji:
https://login.microsoftonline.com/common/oauth2/authorize
Zakresy
| Nazwa |
Opis |
|
user_impersonation
|
personifikacja konta użytkownika
|
Przykłady
Delete role assignment
Przykładowe żądanie
DELETE https://management.azure.com/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/b0f43c54-e787-4862-89b1-a653fa9cf747?api-version=2022-04-01
/**
* Samples for RoleAssignments Delete.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/
* RoleAssignments_Delete.json
*/
/**
* Sample code: Delete role assignment.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void deleteRoleAssignment(com.azure.resourcemanager.AzureResourceManager azure) {
azure.accessManagement().roleAssignments().manager().roleServiceClient().getRoleAssignments()
.deleteWithResponse("subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2",
"b0f43c54-e787-4862-89b1-a653fa9cf747", null, com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.authorization import AuthorizationManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-authorization
# USAGE
python role_assignments_delete.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = AuthorizationManagementClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.role_assignments.delete(
scope="subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2",
role_assignment_name="b0f43c54-e787-4862-89b1-a653fa9cf747",
)
print(response)
# x-ms-original-file: specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_Delete.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armauthorization_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v3"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/310a0100f5b020c1900c527a6aa70d21992f078a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_Delete.json
func ExampleRoleAssignmentsClient_Delete() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armauthorization.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewRoleAssignmentsClient().Delete(ctx, "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2", "b0f43c54-e787-4862-89b1-a653fa9cf747", &armauthorization.RoleAssignmentsClientDeleteOptions{TenantID: nil})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.RoleAssignment = armauthorization.RoleAssignment{
// Name: to.Ptr("b0f43c54-e787-4862-89b1-a653fa9cf747"),
// Type: to.Ptr("Microsoft.Authorization/roleAssignments"),
// ID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/b0f43c54-e787-4862-89b1-a653fa9cf747"),
// Properties: &armauthorization.RoleAssignmentProperties{
// PrincipalID: to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
// PrincipalType: to.Ptr(armauthorization.PrincipalTypeUser),
// RoleDefinitionID: to.Ptr("/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
// Scope: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Delete a role assignment by scope and name.
*
* @summary Delete a role assignment by scope and name.
* x-ms-original-file: specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_Delete.json
*/
async function deleteRoleAssignment() {
const scope = "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2";
const roleAssignmentName = "b0f43c54-e787-4862-89b1-a653fa9cf747";
const credential = new DefaultAzureCredential();
const client = new AuthorizationManagementClient(credential);
const result = await client.roleAssignments.delete(scope, roleAssignmentName);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Authorization.Models;
using Azure.ResourceManager.Authorization;
// Generated from example definition: specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_Delete.json
// this example is just showing the usage of "RoleAssignments_Delete" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this RoleAssignmentResource created on azure
// for more information of creating RoleAssignmentResource, please refer to the document of RoleAssignmentResource
string scope = "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2";
string roleAssignmentName = "b0f43c54-e787-4862-89b1-a653fa9cf747";
ResourceIdentifier roleAssignmentResourceId = RoleAssignmentResource.CreateResourceIdentifier(scope, roleAssignmentName);
RoleAssignmentResource roleAssignment = client.GetRoleAssignmentResource(roleAssignmentResourceId);
// invoke the operation
ArmOperation<RoleAssignmentResource> lro = await roleAssignment.DeleteAsync(WaitUntil.Completed);
RoleAssignmentResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
RoleAssignmentData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"properties": {
"roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2"
},
"id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/b0f43c54-e787-4862-89b1-a653fa9cf747",
"type": "Microsoft.Authorization/roleAssignments",
"name": "b0f43c54-e787-4862-89b1-a653fa9cf747"
}
Definicje
ErrorAdditionalInfo
Dodatkowe informacje o błędzie zarządzania zasobami.
| Nazwa |
Typ |
Opis |
|
info
|
object
|
Dodatkowe informacje.
|
|
type
|
string
|
Dodatkowy typ informacji.
|
ErrorDetail
Szczegóły błędu.
| Nazwa |
Typ |
Opis |
|
additionalInfo
|
ErrorAdditionalInfo[]
|
Dodatkowe informacje o błędzie.
|
|
code
|
string
|
Kod błędu.
|
|
details
|
ErrorDetail[]
|
Szczegóły błędu.
|
|
message
|
string
|
Komunikat o błędzie.
|
|
target
|
string
|
Element docelowy błędu.
|
ErrorResponse
Odpowiedź na błąd
PrincipalType
Typ podmiotu zabezpieczeń przypisanego identyfikatora podmiotu zabezpieczeń.
| Nazwa |
Typ |
Opis |
|
Device
|
string
|
|
|
ForeignGroup
|
string
|
|
|
Group
|
string
|
|
|
ServicePrincipal
|
string
|
|
|
User
|
string
|
|
RoleAssignment
Przypisania ról
| Nazwa |
Typ |
Domyślna wartość |
Opis |
|
id
|
string
|
|
Identyfikator przypisania roli.
|
|
name
|
string
|
|
Nazwa przypisania roli.
|
|
properties.condition
|
string
|
|
Warunki przypisania roli. Ogranicza to zasoby, do których można je przypisać. np @Resource. [Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
|
|
properties.conditionVersion
|
string
|
|
Wersja warunku. Obecnie jedyną akceptowaną wartością jest "2.0"
|
|
properties.createdBy
|
string
|
|
Identyfikator użytkownika, który utworzył przypisanie
|
|
properties.createdOn
|
string
|
|
Czas jego utworzenia
|
|
properties.delegatedManagedIdentityResourceId
|
string
|
|
Identyfikator delegowanego zasobu tożsamości zarządzanej
|
|
properties.description
|
string
|
|
Opis przypisania roli
|
|
properties.principalId
|
string
|
|
Identyfikator podmiotu zabezpieczeń.
|
|
properties.principalType
|
PrincipalType
|
User
|
Typ podmiotu zabezpieczeń przypisanego identyfikatora podmiotu zabezpieczeń.
|
|
properties.roleDefinitionId
|
string
|
|
Identyfikator definicji roli.
|
|
properties.scope
|
string
|
|
Zakres przypisania roli.
|
|
properties.updatedBy
|
string
|
|
Identyfikator użytkownika, który zaktualizował przypisanie
|
|
properties.updatedOn
|
string
|
|
Czas jego aktualizacji
|
|
type
|
string
|
|
Typ przypisania roli.
|