Role Management Policy Assignments - Create

Odwołanie

Usługa:: Authorization

Wersja interfejsu API:: 2020-10-01

Tworzenie przypisania zasad zarządzania rolami

PUT https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleManagementPolicyAssignments/{roleManagementPolicyAssignmentName}?api-version=2020-10-01

Parametry identyfikatora URI

Nazwa	W	Wymagane	Typ	Opis
roleManagementPolicyAssignmentName	path	True	string	Nazwa formatu {guid_guid} przypisania zasad zarządzania rolami do operacji upsert.
scope	path	True	string	Zakres przypisania zasad zarządzania rolami do rozszerzenia.
api-version	query	True	string	Wersja interfejsu API do użycia dla tej operacji.

Treść żądania

Nazwa	Typ	Opis
properties.policyId	string	Przypisanie zasad zarządzania rolami identyfikatora zasad.
properties.roleDefinitionId	string	Definicja roli przypisania zasad zarządzania.
properties.scope	string	Zakres zasad zarządzania rolami.

Odpowiedzi

Nazwa	Typ	Opis
201 Created	RoleManagementPolicyAssignment	Utworzone — zwraca utworzone lub zaktualizowane przypisanie zasad.
Other Status Codes	CloudError	Odpowiedź na błąd opisująca, dlaczego operacja nie powiodła się.

Zabezpieczenia

azure_auth

Przepływ OAuth2 usługi Azure Active Directory

Typ: oauth2
Flow: implicit
Adres URL autoryzacji: https://login.microsoftonline.com/common/oauth2/authorize

Zakresy

Nazwa	Opis
user_impersonation	personifikacja konta użytkownika

Przykłady

PutRoleManagementPolicyAssignment

Przykładowe żądanie

PUT https://management.azure.com/providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicyAssignments/b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24?api-version=2020-10-01

{
  "properties": {
    "scope": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368",
    "roleDefinitionId": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
    "policyId": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9"
  }
}


import com.azure.resourcemanager.authorization.fluent.models.RoleManagementPolicyAssignmentInner;

/**
 * Samples for RoleManagementPolicyAssignments Create.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/
     * PutRoleManagementPolicyAssignment.json
     */
    /**
     * Sample code: PutRoleManagementPolicyAssignment.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void putRoleManagementPolicyAssignment(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.accessManagement().roleAssignments().manager().roleServiceClient().getRoleManagementPolicyAssignments()
            .createWithResponse("providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368",
                "b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
                new RoleManagementPolicyAssignmentInner()
                    .withScope("/subscriptions/129ff972-28f8-46b8-a726-e497be039368")
                    .withRoleDefinitionId(
                        "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24")
                    .withPolicyId(
                        "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9"),
                com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armauthorization_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/53b1affe357b3bfbb53721d0a2002382a046d3b0/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PutRoleManagementPolicyAssignment.json
func ExampleRoleManagementPolicyAssignmentsClient_Create() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armauthorization.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewRoleManagementPolicyAssignmentsClient().Create(ctx, "providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368", "b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24", armauthorization.RoleManagementPolicyAssignment{
		Properties: &armauthorization.RoleManagementPolicyAssignmentProperties{
			PolicyID:         to.Ptr("/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9"),
			RoleDefinitionID: to.Ptr("/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24"),
			Scope:            to.Ptr("/subscriptions/129ff972-28f8-46b8-a726-e497be039368"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Create a role management policy assignment
 *
 * @summary Create a role management policy assignment
 * x-ms-original-file: specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PutRoleManagementPolicyAssignment.json
 */
async function putRoleManagementPolicyAssignment() {
  const subscriptionId =
    process.env["AUTHORIZATION_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
  const scope =
    "providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368";
  const roleManagementPolicyAssignmentName =
    "b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24";
  const parameters = {
    policyId:
      "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9",
    roleDefinitionId:
      "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
    scope: "/subscriptions/129ff972-28f8-46b8-a726-e497be039368",
  };
  const credential = new DefaultAzureCredential();
  const client = new AuthorizationManagementClient(credential, subscriptionId);
  const result = await client.roleManagementPolicyAssignments.create(
    scope,
    roleManagementPolicyAssignmentName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Authorization;

// Generated from example definition: specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PutRoleManagementPolicyAssignment.json
// this example is just showing the usage of "RoleManagementPolicyAssignments_Create" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this ArmResource created on azure
// for more information of creating ArmResource, please refer to the document of ArmResource

// get the collection of this RoleManagementPolicyAssignmentResource
string scope = "providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368";
ResourceIdentifier scopeId = new ResourceIdentifier(string.Format("/{0}", scope));
RoleManagementPolicyAssignmentCollection collection = client.GetRoleManagementPolicyAssignments(scopeId);

// invoke the operation
string roleManagementPolicyAssignmentName = "b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24";
RoleManagementPolicyAssignmentData data = new RoleManagementPolicyAssignmentData()
{
    Scope = "/subscriptions/129ff972-28f8-46b8-a726-e497be039368",
    RoleDefinitionId = new ResourceIdentifier("/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24"),
    PolicyId = new ResourceIdentifier("/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9"),
};
ArmOperation<RoleManagementPolicyAssignmentResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, roleManagementPolicyAssignmentName, data);
RoleManagementPolicyAssignmentResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
RoleManagementPolicyAssignmentData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Przykładowa odpowiedź

Kod stanu:: 201

{
  "properties": {
    "scope": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368",
    "roleDefinitionId": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
    "policyId": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9",
    "effectiveRules": [
      {
        "enabledRules": [],
        "id": "Enablement_Admin_Eligibility",
        "ruleType": "RoleManagementPolicyEnablementRule",
        "target": {
          "caller": "Admin",
          "operations": [
            "All"
          ],
          "level": "Eligibility",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "isExpirationRequired": true,
        "maximumDuration": "P90D",
        "id": "Expiration_Admin_Eligibility",
        "ruleType": "RoleManagementPolicyExpirationRule",
        "target": {
          "caller": "Admin",
          "operations": [
            "All"
          ],
          "level": "Eligibility",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "notificationType": "Email",
        "recipientType": "Admin",
        "isDefaultRecipientsEnabled": false,
        "notificationLevel": "Critical",
        "notificationRecipients": [
          "admin_admin_eligible@test.com"
        ],
        "id": "Notification_Admin_Admin_Eligibility",
        "ruleType": "RoleManagementPolicyNotificationRule",
        "target": {
          "caller": "Admin",
          "operations": [
            "All"
          ],
          "level": "Eligibility",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "notificationType": "Email",
        "recipientType": "Requestor",
        "isDefaultRecipientsEnabled": false,
        "notificationLevel": "Critical",
        "notificationRecipients": [
          "requestor_admin_eligible@test.com"
        ],
        "id": "Notification_Requestor_Admin_Eligibility",
        "ruleType": "RoleManagementPolicyNotificationRule",
        "target": {
          "caller": "Admin",
          "operations": [
            "All"
          ],
          "level": "Eligibility",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "notificationType": "Email",
        "recipientType": "Approver",
        "isDefaultRecipientsEnabled": false,
        "notificationLevel": "Critical",
        "notificationRecipients": [
          "approver_admin_eligible@test.com"
        ],
        "id": "Notification_Approver_Admin_Eligibility",
        "ruleType": "RoleManagementPolicyNotificationRule",
        "target": {
          "caller": "Admin",
          "operations": [
            "All"
          ],
          "level": "Eligibility",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "enabledRules": [
          "MultiFactorAuthentication",
          "Justification"
        ],
        "id": "Enablement_Admin_Assignment",
        "ruleType": "RoleManagementPolicyEnablementRule",
        "target": {
          "caller": "Admin",
          "operations": [
            "All"
          ],
          "level": "Assignment",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "isExpirationRequired": false,
        "maximumDuration": "P90D",
        "id": "Expiration_Admin_Assignment",
        "ruleType": "RoleManagementPolicyExpirationRule",
        "target": {
          "caller": "Admin",
          "operations": [
            "All"
          ],
          "level": "Assignment",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "notificationType": "Email",
        "recipientType": "Admin",
        "isDefaultRecipientsEnabled": false,
        "notificationLevel": "Critical",
        "notificationRecipients": [
          "admin_admin_member@test.com"
        ],
        "id": "Notification_Admin_Admin_Assignment",
        "ruleType": "RoleManagementPolicyNotificationRule",
        "target": {
          "caller": "Admin",
          "operations": [
            "All"
          ],
          "level": "Assignment",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "notificationType": "Email",
        "recipientType": "Requestor",
        "isDefaultRecipientsEnabled": false,
        "notificationLevel": "Critical",
        "notificationRecipients": [
          "requestor_admin_member@test.com"
        ],
        "id": "Notification_Requestor_Admin_Assignment",
        "ruleType": "RoleManagementPolicyNotificationRule",
        "target": {
          "caller": "Admin",
          "operations": [
            "All"
          ],
          "level": "Assignment",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "notificationType": "Email",
        "recipientType": "Approver",
        "isDefaultRecipientsEnabled": false,
        "notificationLevel": "Critical",
        "notificationRecipients": [
          "approver_admin_member@test.com"
        ],
        "id": "Notification_Approver_Admin_Assignment",
        "ruleType": "RoleManagementPolicyNotificationRule",
        "target": {
          "caller": "Admin",
          "operations": [
            "All"
          ],
          "level": "Assignment",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "setting": {
          "isApprovalRequired": true,
          "isApprovalRequiredForExtension": false,
          "isRequestorJustificationRequired": true,
          "approvalMode": "SingleStage",
          "approvalStages": [
            {
              "approvalStageTimeOutInDays": 1,
              "isApproverJustificationRequired": true,
              "escalationTimeInMinutes": 0,
              "primaryApprovers": [
                {
                  "id": "2385b0f3-5fa9-43cf-8ca4-b01dc97298cd",
                  "description": "amansw_new_group",
                  "isBackup": false,
                  "userType": "Group"
                },
                {
                  "id": "2f4913c9-d15b-406a-9946-1d66a28f2690",
                  "description": "amansw_group",
                  "isBackup": false,
                  "userType": "Group"
                }
              ],
              "isEscalationEnabled": false,
              "escalationApprovers": null
            }
          ]
        },
        "id": "Approval_EndUser_Assignment",
        "ruleType": "RoleManagementPolicyApprovalRule",
        "target": {
          "caller": "EndUser",
          "operations": [
            "All"
          ],
          "level": "Assignment",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "isEnabled": false,
        "claimValue": "",
        "id": "AuthenticationContext_EndUser_Assignment",
        "ruleType": "RoleManagementPolicyAuthenticationContextRule",
        "target": {
          "caller": "EndUser",
          "operations": [
            "All"
          ],
          "level": "Assignment",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "enabledRules": [
          "MultiFactorAuthentication",
          "Justification",
          "Ticketing"
        ],
        "id": "Enablement_EndUser_Assignment",
        "ruleType": "RoleManagementPolicyEnablementRule",
        "target": {
          "caller": "EndUser",
          "operations": [
            "All"
          ],
          "level": "Assignment",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "isExpirationRequired": true,
        "maximumDuration": "PT7H",
        "id": "Expiration_EndUser_Assignment",
        "ruleType": "RoleManagementPolicyExpirationRule",
        "target": {
          "caller": "EndUser",
          "operations": [
            "All"
          ],
          "level": "Assignment",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "notificationType": "Email",
        "recipientType": "Admin",
        "isDefaultRecipientsEnabled": false,
        "notificationLevel": "Critical",
        "notificationRecipients": [
          "admin_enduser_member@test.com"
        ],
        "id": "Notification_Admin_EndUser_Assignment",
        "ruleType": "RoleManagementPolicyNotificationRule",
        "target": {
          "caller": "EndUser",
          "operations": [
            "All"
          ],
          "level": "Assignment",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "notificationType": "Email",
        "recipientType": "Requestor",
        "isDefaultRecipientsEnabled": false,
        "notificationLevel": "Critical",
        "notificationRecipients": [
          "requestor_enduser_member@test.com"
        ],
        "id": "Notification_Requestor_EndUser_Assignment",
        "ruleType": "RoleManagementPolicyNotificationRule",
        "target": {
          "caller": "EndUser",
          "operations": [
            "All"
          ],
          "level": "Assignment",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      },
      {
        "notificationType": "Email",
        "recipientType": "Approver",
        "isDefaultRecipientsEnabled": true,
        "notificationLevel": "Critical",
        "notificationRecipients": null,
        "id": "Notification_Approver_EndUser_Assignment",
        "ruleType": "RoleManagementPolicyNotificationRule",
        "target": {
          "caller": "EndUser",
          "operations": [
            "All"
          ],
          "level": "Assignment",
          "targetObjects": null,
          "inheritableSettings": null,
          "enforcedSettings": null
        }
      }
    ],
    "policyAssignmentProperties": {
      "scope": {
        "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368",
        "displayName": "Pay-As-You-Go",
        "type": "subscription"
      },
      "roleDefinition": {
        "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
        "displayName": "FHIR Data Converter",
        "type": "BuiltInRole"
      },
      "policy": {
        "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9",
        "lastModifiedBy": null,
        "lastModifiedDateTime": null
      }
    }
  },
  "name": "b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
  "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicyAssignment/b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
  "type": "Microsoft.Authorization/RoleManagementPolicyAssignment"
}

Definicje

Nazwa	Opis
CloudError	Odpowiedź błędu z usługi.
CloudErrorBody	Odpowiedź błędu z usługi.
Policy	Szczegóły zasad
PolicyAssignmentProperties	Rozwinięte informacje o zakresie zasobów, definicji roli i zasadach
Principal	Nazwa jednostki, która została ostatnio zmodyfikowana
RoleDefinition	Szczegóły definicji roli
RoleManagementPolicyAssignment	Zasady zarządzania rolami
Scope	Szczegóły zakresu zasobów

CloudError

Odpowiedź błędu z usługi.

Nazwa	Typ	Opis
error	CloudErrorBody	Odpowiedź błędu z usługi.

CloudErrorBody

Odpowiedź błędu z usługi.

Nazwa	Typ	Opis
code	string	Identyfikator błędu. Kody są niezmienne i mają być używane programowo.
message	string	Komunikat opisujący błąd, który ma być odpowiedni do wyświetlania w interfejsie użytkownika.

Policy

Szczegóły zasad

Nazwa	Typ	Opis
id	string	Identyfikator zasad
lastModifiedBy	Principal	Nazwa jednostki, która została ostatnio zmodyfikowana
lastModifiedDateTime	string	Data ostatniej modyfikacji.

PolicyAssignmentProperties

Rozwinięte informacje o zakresie zasobów, definicji roli i zasadach

Nazwa	Typ	Opis
policy	Policy	Szczegóły zasad
roleDefinition	RoleDefinition	Szczegóły definicji roli
scope	Scope	Szczegóły zakresu zasobów

Principal

Nazwa jednostki, która została ostatnio zmodyfikowana

Nazwa	Typ	Opis
displayName	string	Nazwa podmiotu zabezpieczeń wprowadzonych zmian
email	string	Email podmiotu zabezpieczeń
id	string	Identyfikator podmiotu zabezpieczeń wprowadzonych zmian
type	string	Typ podmiotu zabezpieczeń, takiego jak użytkownik , grupa itp.

RoleDefinition

Szczegóły definicji roli

Nazwa	Typ	Opis
displayName	string	Nazwa wyświetlana definicji roli
id	string	Identyfikator definicji roli
type	string	Typ definicji roli