Role Eligibility Schedule Requests - Create

Referens

Tjänst:: Authorization

API-version:: 2020-10-01

Skapar en begäran om behörighetsschema för rollen.

PUT https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleEligibilityScheduleRequests/{roleEligibilityScheduleRequestName}?api-version=2020-10-01

URI-parametrar

Name	I	Obligatorisk	Typ	Description
roleEligibilityScheduleRequestName	path	True	string	Namnet på rollberättigandet som ska skapas. Det kan vara valfritt giltigt GUID.
scope	path	True	string	Omfånget för den begäran om behörighetsschema för rollen som ska skapas. Omfånget kan vara vilken REST-resursinstans som helst. Använd till exempel '/subscriptions/{subscription-id}/' för en prenumeration, '/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}' för en resursgrupp och '/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/{resource-provider}/{resource-type}/{resource-name} för en resurs.
api-version	query	True	string	Den API-version som ska användas för den här åtgärden.

Begärandetext

Name	Obligatorisk	Typ	Description
properties.principalId	True	string	Huvudkonto-ID.
properties.requestType	True	RequestType	Typ av begäran om rolltilldelningsschema. T.ex. SelfActivate, AdminAssign osv.
properties.roleDefinitionId	True	string	Rolldefinitions-ID.
properties.condition		string	Villkoren för rolltilldelningen. Detta begränsar de resurser som den kan tilldelas till. t.ex. @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"
properties.conditionVersion		string	Version av villkoret. Det godkända värdet är "2.0"
properties.justification		string	Motivering för rollberättigandet
properties.scheduleInfo		ScheduleInfo	Schemainformation om schemat för rollberättigande
properties.targetRoleEligibilityScheduleId		string	Det resulterande schema-ID:t för rollberättigande eller det schema-ID för rollberättigande som uppdateras
properties.targetRoleEligibilityScheduleInstanceId		string	Instans-ID:t för rollberättigandeschemat uppdateras
properties.ticketInfo		TicketInfo	Biljettinformation om rollberättigandet

Svar

Name	Typ	Description
201 Created	RoleEligibilityScheduleRequest	Skapad – Returnerar information om begäran om schema för rollberättigande.
Other Status Codes	CloudError	Felsvar som beskriver varför åtgärden misslyckades.

Säkerhet

azure_auth

Azure Active Directory OAuth2 Flow

Typ: oauth2
Flow: implicit
Auktoriseringswebbadress: https://login.microsoftonline.com/common/oauth2/authorize

Omfattningar

Name	Description
user_impersonation	personifiera ditt användarkonto

Exempel

PutRoleEligibilityScheduleRequest

Exempelbegäran

PUT https://management.azure.com/providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleEligibilityScheduleRequests/64caffb6-55c0-4deb-a585-68e948ea1ad6?api-version=2020-10-01

{
  "properties": {
    "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
    "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
    "requestType": "AdminAssign",
    "scheduleInfo": {
      "startDateTime": "2020-09-09T21:31:27.91Z",
      "expiration": {
        "type": "AfterDuration",
        "endDateTime": null,
        "duration": "P365D"
      }
    },
    "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'",
    "conditionVersion": "1.0"
  }
}


import com.azure.resourcemanager.authorization.fluent.models.RoleEligibilityScheduleRequestInner;
import com.azure.resourcemanager.authorization.models.RequestType;
import com.azure.resourcemanager.authorization.models.RoleEligibilityScheduleRequestPropertiesScheduleInfo;
import com.azure.resourcemanager.authorization.models.RoleEligibilityScheduleRequestPropertiesScheduleInfoExpiration;
import com.azure.resourcemanager.authorization.models.Type;
import java.time.OffsetDateTime;

/**
 * Samples for RoleEligibilityScheduleRequests Create.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/
     * PutRoleEligibilityScheduleRequest.json
     */
    /**
     * Sample code: PutRoleEligibilityScheduleRequest.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void putRoleEligibilityScheduleRequest(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.accessManagement().roleAssignments().manager().roleServiceClient().getRoleEligibilityScheduleRequests()
            .createWithResponse("providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f",
                "64caffb6-55c0-4deb-a585-68e948ea1ad6",
                new RoleEligibilityScheduleRequestInner().withRoleDefinitionId(
                    "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608")
                    .withPrincipalId("a3bb8764-cb92-4276-9d2a-ca1e895e55ea").withRequestType(RequestType.ADMIN_ASSIGN)
                    .withScheduleInfo(new RoleEligibilityScheduleRequestPropertiesScheduleInfo()
                        .withStartDateTime(OffsetDateTime.parse("2020-09-09T21:31:27.91Z"))
                        .withExpiration(new RoleEligibilityScheduleRequestPropertiesScheduleInfoExpiration()
                            .withType(Type.AFTER_DURATION).withDuration("P365D")))
                    .withCondition(
                        "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'")
                    .withConditionVersion("1.0"),
                com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armauthorization_test

import (
	"context"
	"log"

	"time"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/53b1affe357b3bfbb53721d0a2002382a046d3b0/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PutRoleEligibilityScheduleRequest.json
func ExampleRoleEligibilityScheduleRequestsClient_Create() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armauthorization.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewRoleEligibilityScheduleRequestsClient().Create(ctx, "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", "64caffb6-55c0-4deb-a585-68e948ea1ad6", armauthorization.RoleEligibilityScheduleRequest{
		Properties: &armauthorization.RoleEligibilityScheduleRequestProperties{
			Condition:        to.Ptr("@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'"),
			ConditionVersion: to.Ptr("1.0"),
			PrincipalID:      to.Ptr("a3bb8764-cb92-4276-9d2a-ca1e895e55ea"),
			RequestType:      to.Ptr(armauthorization.RequestTypeAdminAssign),
			RoleDefinitionID: to.Ptr("/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608"),
			ScheduleInfo: &armauthorization.RoleEligibilityScheduleRequestPropertiesScheduleInfo{
				Expiration: &armauthorization.RoleEligibilityScheduleRequestPropertiesScheduleInfoExpiration{
					Type:     to.Ptr(armauthorization.TypeAfterDuration),
					Duration: to.Ptr("P365D"),
				},
				StartDateTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-09T21:31:27.910Z"); return t }()),
			},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates a role eligibility schedule request.
 *
 * @summary Creates a role eligibility schedule request.
 * x-ms-original-file: specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PutRoleEligibilityScheduleRequest.json
 */
async function putRoleEligibilityScheduleRequest() {
  const subscriptionId =
    process.env["AUTHORIZATION_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
  const scope =
    "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f";
  const roleEligibilityScheduleRequestName = "64caffb6-55c0-4deb-a585-68e948ea1ad6";
  const parameters = {
    condition:
      "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'",
    conditionVersion: "1.0",
    principalId: "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
    requestType: "AdminAssign",
    roleDefinitionId:
      "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
    scheduleInfo: {
      expiration: {
        type: "AfterDuration",
        duration: "P365D",
        endDateTime: undefined,
      },
      startDateTime: new Date("2020-09-09T21:31:27.91Z"),
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new AuthorizationManagementClient(credential, subscriptionId);
  const result = await client.roleEligibilityScheduleRequests.create(
    scope,
    roleEligibilityScheduleRequestName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using System.Xml;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Authorization.Models;
using Azure.ResourceManager.Authorization;

// Generated from example definition: specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PutRoleEligibilityScheduleRequest.json
// this example is just showing the usage of "RoleEligibilityScheduleRequests_Create" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this ArmResource created on azure
// for more information of creating ArmResource, please refer to the document of ArmResource

// get the collection of this RoleEligibilityScheduleRequestResource
string scope = "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f";
ResourceIdentifier scopeId = new ResourceIdentifier(string.Format("/{0}", scope));
RoleEligibilityScheduleRequestCollection collection = client.GetRoleEligibilityScheduleRequests(scopeId);

// invoke the operation
string roleEligibilityScheduleRequestName = "64caffb6-55c0-4deb-a585-68e948ea1ad6";
RoleEligibilityScheduleRequestData data = new RoleEligibilityScheduleRequestData()
{
    RoleDefinitionId = new ResourceIdentifier("/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608"),
    PrincipalId = Guid.Parse("a3bb8764-cb92-4276-9d2a-ca1e895e55ea"),
    RequestType = RoleManagementScheduleRequestType.AdminAssign,
    Condition = "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'",
    ConditionVersion = "1.0",
    StartOn = DateTimeOffset.Parse("2020-09-09T21:31:27.91Z"),
    ExpirationType = RoleManagementScheduleExpirationType.AfterDuration,
    EndOn = null,
    Duration = XmlConvert.ToTimeSpan("P365D"),
};
ArmOperation<RoleEligibilityScheduleRequestResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, roleEligibilityScheduleRequestName, data);
RoleEligibilityScheduleRequestResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
RoleEligibilityScheduleRequestData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Exempelsvar

Statuskod:: 201

{
  "properties": {
    "targetRoleEligibilityScheduleId": "b1477448-2cc6-4ceb-93b4-54a202a89413",
    "targetRoleEligibilityScheduleInstanceId": null,
    "scope": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f",
    "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
    "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
    "principalType": "User",
    "requestType": "AdminAssign",
    "status": "Provisioned",
    "approvalId": null,
    "scheduleInfo": {
      "startDateTime": "2020-09-09T21:31:27.91Z",
      "expiration": {
        "type": "AfterDuration",
        "endDateTime": null,
        "duration": "P365D"
      }
    },
    "ticketInfo": {
      "ticketNumber": null,
      "ticketSystem": null
    },
    "justification": null,
    "requestorId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
    "createdOn": "2020-09-09T21:32:27.91Z",
    "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'",
    "conditionVersion": "1.0",
    "expandedProperties": {
      "scope": {
        "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f",
        "displayName": "Pay-As-You-Go",
        "type": "subscription"
      },
      "roleDefinition": {
        "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
        "displayName": "Contributor",
        "type": "BuiltInRole"
      },
      "principal": {
        "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
        "displayName": "User Account",
        "email": "user@my-tenant.com",
        "type": "User"
      }
    }
  },
  "name": "64caffb6-55c0-4deb-a585-68e948ea1ad6",
  "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleEligibilityScheduleRequests/64caffb6-55c0-4deb-a585-68e948ea1ad6",
  "type": "Microsoft.Authorization/RoleEligibilityScheduleRequests"
}

Definitioner

Name	Description
CloudError	Ett felsvar från tjänsten.
CloudErrorBody	Ett felsvar från tjänsten.
ExpandedProperties	Utökad information om resurs, roll och huvudnamn
Expiration	Förfallodatum för behörighetsschemat för rollen
Principal	Information om huvudkontot
principalType	Huvudtypen för det tilldelade huvudkontots ID.
RequestType	Typ av begäran om rolltilldelningsschema. T.ex. SelfActivate, AdminAssign osv.
RoleDefinition	Information om rolldefinition
RoleEligibilityScheduleRequest	Begäran om schema för rollberättigande
ScheduleInfo	Schemainformation om schemat för rollberättigande
Scope	Information om resursomfånget
Status	Status för begäran om schema för rollberättigande.
TicketInfo	Biljettinformation om rollberättigandet
Type	Typ av förfallodatum för rollberättigande

CloudError

Ett felsvar från tjänsten.

Name	Typ	Description
error	CloudErrorBody	Ett felsvar från tjänsten.

CloudErrorBody

Ett felsvar från tjänsten.

Name	Typ	Description
code	string	En identifierare för felet. Koder är invarianta och är avsedda att användas programmatiskt.
message	string	Ett meddelande som beskriver felet, avsett att vara lämpligt för visning i ett användargränssnitt.

ExpandedProperties

Utökad information om resurs, roll och huvudnamn

Name	Typ	Description
principal	Principal	Information om huvudkontot
roleDefinition	RoleDefinition	Information om rolldefinition
scope	Scope	Information om resursomfånget

Expiration

Förfallodatum för behörighetsschemat för rollen

Name	Typ	Description
duration	string	Varaktighet för schemat för rollberättigande i TimeSpan.
endDateTime	string	End DateTime för behörighetsschemat för rollen.
type	Type	Typ av förfallodatum för rollberättigande

Principal

Information om huvudkontot

Name	Typ	Description
displayName	string	Huvudkontots visningsnamn
email	string	Email id för huvudkontot
id	string	ID för huvudkontot
type	string	Typ av huvudkonto

principalType

Huvudtypen för det tilldelade huvudkontots ID.

Name	Typ	Description
Device	string
ForeignGroup	string
Group	string
ServicePrincipal	string
User	string

RequestType

Typ av begäran om rolltilldelningsschema. T.ex. SelfActivate, AdminAssign osv.

Name	Typ	Description
AdminAssign	string
AdminExtend	string
AdminRemove	string
AdminRenew	string
AdminUpdate	string
SelfActivate	string
SelfDeactivate	string
SelfExtend	string
SelfRenew	string

RoleDefinition

Information om rolldefinition

Name	Typ	Description
displayName	string	Visningsnamn för rolldefinitionen
id	string	ID för rolldefinitionen
type	string	Typ av rolldefinition