Role Eligibility Schedule Requests - Create

Referens

Tjänst:: Authorization

API-version:: 2020-10-01

Skapar en begäran om behörighetsschema för rollen.

PUT https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleEligibilityScheduleRequests/{roleEligibilityScheduleRequestName}?api-version=2020-10-01

URI-parametrar

Name	I	Obligatorisk	Typ	Description
roleEligibilityScheduleRequestName	path	True	string	Namnet på rollens berättigande att skapa. Det kan vara valfritt giltigt GUID.
scope	path	True	string	Omfånget för den begäran om behörighetsschema för rollen som ska skapas. Omfånget kan vara vilken REST-resursinstans som helst. Använd till exempel '/subscriptions/{subscription-id}/' för en prenumeration, '/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}' för en resursgrupp och '/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/{resource-provider}/{resource-type}/{resource-name} för en resurs.
api-version	query	True	string minLength: 1	DEN API-version som ska användas för den här åtgärden.

Begärandetext

Name	Obligatorisk	Typ	Description
properties.principalId	True	string	Huvud-ID:t.
properties.requestType	True	RequestType	Typ av begäran om rolltilldelningsschema. T.ex. SelfActivate, AdminAssign osv.
properties.roleDefinitionId	True	string	Rolldefinitions-ID.
properties.condition		string	Villkoren för rolltilldelningen. Detta begränsar de resurser som den kan tilldelas till. t.ex. @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"
properties.conditionVersion		string	Version av villkoret. Det godkända värdet är för närvarande "2.0"
properties.justification		string	Motivering för rollens berättigande
properties.scheduleInfo		ScheduleInfo	Schemalägg information om schemat för rollberättigande
properties.targetRoleEligibilityScheduleId		string	Det resulterande rollberättigande schema-ID eller rollberättigande schema-ID som uppdateras
properties.targetRoleEligibilityScheduleInstanceId		string	Instans-ID för rollberättigande schema uppdateras
properties.ticketInfo		TicketInfo	Biljettinformation om rollens berättigande

Svar

Name	Typ	Description
201 Created	RoleEligibilityScheduleRequest	Skapad – Returnerar information om begäran om behörighetsschema för rollen.
Other Status Codes	CloudError	Felsvar som beskriver varför åtgärden misslyckades.

Säkerhet

azure_auth

Azure Active Directory OAuth2 Flow

Typ: oauth2
Flow: implicit
Auktoriseringswebbadress: https://login.microsoftonline.com/common/oauth2/authorize

Omfattningar

Name	Description
user_impersonation	personifiera ditt användarkonto

Exempel

PutRoleEligibilityScheduleRequest

Exempelbegäran

PUT https://management.azure.com/providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleEligibilityScheduleRequests/64caffb6-55c0-4deb-a585-68e948ea1ad6?api-version=2020-10-01

{
  "properties": {
    "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
    "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
    "requestType": "AdminAssign",
    "scheduleInfo": {
      "startDateTime": "2020-09-09T21:31:27.91Z",
      "expiration": {
        "type": "AfterDuration",
        "endDateTime": null,
        "duration": "P365D"
      }
    },
    "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'",
    "conditionVersion": "1.0"
  }
}


import com.azure.resourcemanager.authorization.fluent.models.RoleEligibilityScheduleRequestInner;
import com.azure.resourcemanager.authorization.models.RequestType;
import com.azure.resourcemanager.authorization.models.RoleEligibilityScheduleRequestPropertiesScheduleInfo;
import com.azure.resourcemanager.authorization.models.RoleEligibilityScheduleRequestPropertiesScheduleInfoExpiration;
import com.azure.resourcemanager.authorization.models.Type;
import java.time.OffsetDateTime;

/**
 * Samples for RoleEligibilityScheduleRequests Create.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/
     * PutRoleEligibilityScheduleRequest.json
     */
    /**
     * Sample code: PutRoleEligibilityScheduleRequest.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void putRoleEligibilityScheduleRequest(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.accessManagement().roleAssignments().manager().roleServiceClient().getRoleEligibilityScheduleRequests()
            .createWithResponse("providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f",
                "64caffb6-55c0-4deb-a585-68e948ea1ad6",
                new RoleEligibilityScheduleRequestInner().withRoleDefinitionId(
                    "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608")
                    .withPrincipalId("a3bb8764-cb92-4276-9d2a-ca1e895e55ea").withRequestType(RequestType.ADMIN_ASSIGN)
                    .withScheduleInfo(new RoleEligibilityScheduleRequestPropertiesScheduleInfo()
                        .withStartDateTime(OffsetDateTime.parse("2020-09-09T21:31:27.91Z"))
                        .withExpiration(new RoleEligibilityScheduleRequestPropertiesScheduleInfoExpiration()
                            .withType(Type.AFTER_DURATION).withDuration("P365D")))
                    .withCondition(
                        "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'")
                    .withConditionVersion("1.0"),
                com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armauthorization_test

import (
	"context"
	"log"

	"time"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/53b1affe357b3bfbb53721d0a2002382a046d3b0/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PutRoleEligibilityScheduleRequest.json
func ExampleRoleEligibilityScheduleRequestsClient_Create() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armauthorization.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewRoleEligibilityScheduleRequestsClient().Create(ctx, "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", "64caffb6-55c0-4deb-a585-68e948ea1ad6", armauthorization.RoleEligibilityScheduleRequest{
		Properties: &armauthorization.RoleEligibilityScheduleRequestProperties{
			Condition:        to.Ptr("@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'"),
			ConditionVersion: to.Ptr("1.0"),
			PrincipalID:      to.Ptr("a3bb8764-cb92-4276-9d2a-ca1e895e55ea"),
			RequestType:      to.Ptr(armauthorization.RequestTypeAdminAssign),
			RoleDefinitionID: to.Ptr("/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608"),
			ScheduleInfo: &armauthorization.RoleEligibilityScheduleRequestPropertiesScheduleInfo{
				Expiration: &armauthorization.RoleEligibilityScheduleRequestPropertiesScheduleInfoExpiration{
					Type:     to.Ptr(armauthorization.TypeAfterDuration),
					Duration: to.Ptr("P365D"),
				},
				StartDateTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-09T21:31:27.910Z"); return t }()),
			},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates a role eligibility schedule request.
 *
 * @summary Creates a role eligibility schedule request.
 * x-ms-original-file: specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PutRoleEligibilityScheduleRequest.json
 */
async function putRoleEligibilityScheduleRequest() {
  const subscriptionId =
    process.env["AUTHORIZATION_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
  const scope =
    "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f";
  const roleEligibilityScheduleRequestName = "64caffb6-55c0-4deb-a585-68e948ea1ad6";
  const parameters = {
    condition:
      "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'",
    conditionVersion: "1.0",
    principalId: "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
    requestType: "AdminAssign",
    roleDefinitionId:
      "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
    scheduleInfo: {
      expiration: {
        type: "AfterDuration",
        duration: "P365D",
        endDateTime: undefined,
      },
      startDateTime: new Date("2020-09-09T21:31:27.91Z"),
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new AuthorizationManagementClient(credential, subscriptionId);
  const result = await client.roleEligibilityScheduleRequests.create(
    scope,
    roleEligibilityScheduleRequestName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using System.Xml;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Authorization.Models;
using Azure.ResourceManager.Authorization;

// Generated from example definition: specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PutRoleEligibilityScheduleRequest.json
// this example is just showing the usage of "RoleEligibilityScheduleRequests_Create" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// get the collection of this RoleEligibilityScheduleRequestResource
string scope = "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f";
RoleEligibilityScheduleRequestCollection collection = client.GetRoleEligibilityScheduleRequests(new ResourceIdentifier(scope));

// invoke the operation
string roleEligibilityScheduleRequestName = "64caffb6-55c0-4deb-a585-68e948ea1ad6";
RoleEligibilityScheduleRequestData data = new RoleEligibilityScheduleRequestData
{
    RoleDefinitionId = new ResourceIdentifier("/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608"),
    PrincipalId = Guid.Parse("a3bb8764-cb92-4276-9d2a-ca1e895e55ea"),
    RequestType = RoleManagementScheduleRequestType.AdminAssign,
    Condition = "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'",
    ConditionVersion = "1.0",
    StartOn = DateTimeOffset.Parse("2020-09-09T21:31:27.91Z"),
    ExpirationType = RoleManagementScheduleExpirationType.AfterDuration,
    EndOn = default,
    Duration = XmlConvert.ToTimeSpan("P365D"),
};
ArmOperation<RoleEligibilityScheduleRequestResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, roleEligibilityScheduleRequestName, data);
RoleEligibilityScheduleRequestResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
RoleEligibilityScheduleRequestData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Exempelsvar

Statuskod:: 201

{
  "properties": {
    "targetRoleEligibilityScheduleId": "b1477448-2cc6-4ceb-93b4-54a202a89413",
    "targetRoleEligibilityScheduleInstanceId": null,
    "scope": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f",
    "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
    "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
    "principalType": "User",
    "requestType": "AdminAssign",
    "status": "Provisioned",
    "approvalId": null,
    "scheduleInfo": {
      "startDateTime": "2020-09-09T21:31:27.91Z",
      "expiration": {
        "type": "AfterDuration",
        "endDateTime": null,
        "duration": "P365D"
      }
    },
    "ticketInfo": {
      "ticketNumber": null,
      "ticketSystem": null
    },
    "justification": null,
    "requestorId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
    "createdOn": "2020-09-09T21:32:27.91Z",
    "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'",
    "conditionVersion": "1.0",
    "expandedProperties": {
      "scope": {
        "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f",
        "displayName": "Pay-As-You-Go",
        "type": "subscription"
      },
      "roleDefinition": {
        "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
        "displayName": "Contributor",
        "type": "BuiltInRole"
      },
      "principal": {
        "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
        "displayName": "User Account",
        "email": "user@my-tenant.com",
        "type": "User"
      }
    }
  },
  "name": "64caffb6-55c0-4deb-a585-68e948ea1ad6",
  "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleEligibilityScheduleRequests/64caffb6-55c0-4deb-a585-68e948ea1ad6",
  "type": "Microsoft.Authorization/RoleEligibilityScheduleRequests"
}

Definitioner

Name	Description
CloudError	Ett felsvar från tjänsten.
CloudErrorBody	Ett felsvar från tjänsten.
ExpandedProperties	Utökad information om resurs, roll och huvudnamn
Expiration	Förfallodatum för behörighetsschemat för rollen
Principal	Information om huvudkontot
principalType	Huvudtypen för det tilldelade huvudnamns-ID:t.
RequestType	Typ av begäran om rolltilldelningsschema. T.ex. SelfActivate, AdminAssign osv.
RoleDefinition	Information om rolldefinition
RoleEligibilityScheduleRequest	Begäran om schema för rollberättigande
ScheduleInfo	Schemalägg information om schemat för rollberättigande
Scope	Information om resursomfånget
Status	Status för begäran om behörighetsschema för rollen.
TicketInfo	Biljettinformation om rollens berättigande
Type	Typ av förfallodatum för rollberättigande

CloudError

Objekt

Ett felsvar från tjänsten.

Name	Typ	Description
error	CloudErrorBody	Ett felsvar från tjänsten.

CloudErrorBody

Objekt

Ett felsvar från tjänsten.

Name	Typ	Description
code	string	En identifierare för felet. Koder är invarianta och är avsedda att användas programmatiskt.
message	string	Ett meddelande som beskriver felet, avsett att vara lämpligt för visning i ett användargränssnitt.

ExpandedProperties

Objekt

Utökad information om resurs, roll och huvudnamn

Name	Typ	Description
principal	Principal	Information om huvudkontot
roleDefinition	RoleDefinition	Information om rolldefinition
scope	Scope	Information om resursomfånget

Expiration

Objekt

Förfallodatum för behörighetsschemat för rollen

Name	Typ	Description
duration	string	Varaktighet för schemat för rollberättigande i TimeSpan.
endDateTime	string (date-time)	SlutdatumTid för behörighetsschemat för rollen.
type	Type	Typ av förfallodatum för rollberättigande

Principal

Objekt

Information om huvudkontot

Name	Typ	Description
displayName	string	Huvudnamnets visningsnamn
email	string	E-post-ID för huvudkontot
id	string	ID för huvudkontot
type	string	Typ av huvudnamn

principalType

Uppräkning

Huvudtypen för det tilldelade huvudnamns-ID:t.

Värde	Description
Device
ForeignGroup
Group
ServicePrincipal
User

RequestType

Uppräkning

Typ av begäran om rolltilldelningsschema. T.ex. SelfActivate, AdminAssign osv.

Värde	Description
AdminAssign
AdminExtend
AdminRemove
AdminRenew
AdminUpdate
SelfActivate
SelfDeactivate
SelfExtend
SelfRenew

RoleDefinition

Objekt

Information om rolldefinition

Name	Typ	Description
displayName	string	Visningsnamn för rolldefinitionen
id	string	ID för rolldefinitionen
type	string	Typ av rolldefinition