你当前正在访问 Microsoft Azure Global Edition 技术文档网站。如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站，请访问 https://docs.azure.cn。

Deny Assignments - Get

参考

服务:: Authorization

API 版本:: 2022-04-01

获取指定的拒绝分配。

GET https://management.azure.com/{scope}/providers/Microsoft.Authorization/denyAssignments/{denyAssignmentId}?api-version=2022-04-01

URI 参数

名称	在	必需	类型	说明
denyAssignmentId	path	True	string	要获取的拒绝分配的 ID。
scope	path	True	string	拒绝分配的范围。
api-version	query	True	string	要用于此操作的 API 版本。

响应

名称	类型	说明
200 OK	DenyAssignment	正常 - 返回有关拒绝分配的信息。
Other Status Codes	ErrorResponse	描述操作失败原因的错误响应。

权限

若要调用此 API，必须具备带有以下权限的角色。有关详细信息，请参阅 Azure 内置角色。

Microsoft.Authorization/denyAssignments/read

安全性

azure_auth

Azure Active Directory OAuth2 流

类型: oauth2
流向: implicit
授权 URL: https://login.microsoftonline.com/common/oauth2/authorize

作用域

名称	说明
user_impersonation	模拟用户帐户

示例

Get deny assignment by name

示例请求

GET https://management.azure.com/subscriptions/subId/resourcegroups/rgname/providers/Microsoft.Authorization/denyAssignments/denyAssignmentId?api-version=2022-04-01


/**
 * Samples for DenyAssignments Get.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/
     * GetDenyAssignmentByNameId.json
     */
    /**
     * Sample code: Get deny assignment by name.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void getDenyAssignmentByName(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.accessManagement().roleAssignments().manager().roleServiceClient().getDenyAssignments().getWithResponse(
            "subscriptions/subId/resourcegroups/rgname", "denyAssignmentId", com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential
from azure.mgmt.authorization import AuthorizationManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-authorization
# USAGE
    python get_deny_assignment_by_name_id.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = AuthorizationManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="SUBSCRIPTION_ID",
    )

    response = client.deny_assignments.get(
        scope="subscriptions/subId/resourcegroups/rgname",
        deny_assignment_id="denyAssignmentId",
    )
    print(response)


# x-ms-original-file: specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetDenyAssignmentByNameId.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armauthorization_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v3"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/310a0100f5b020c1900c527a6aa70d21992f078a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetDenyAssignmentByNameId.json
func ExampleDenyAssignmentsClient_Get() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armauthorization.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewDenyAssignmentsClient().Get(ctx, "subscriptions/subId/resourcegroups/rgname", "denyAssignmentId", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.DenyAssignment = armauthorization.DenyAssignment{
	// 	Name: to.Ptr("denyAssignmentId"),
	// 	Type: to.Ptr("Microsoft.Authorization/denyAssignments"),
	// 	ID: to.Ptr("/subscriptions/subId/resourcegroups/rgname/providers/Microsoft.Authorization/denyAssignments/denyAssignmentId"),
	// 	Properties: &armauthorization.DenyAssignmentProperties{
	// 		Description: to.Ptr("Deny assignment description"),
	// 		DenyAssignmentName: to.Ptr("Deny assignment name"),
	// 		DoNotApplyToChildScopes: to.Ptr(false),
	// 		ExcludePrincipals: []*armauthorization.Principal{
	// 			{
	// 				Type: to.Ptr("principalType2"),
	// 				ID: to.Ptr("principalId2"),
	// 		}},
	// 		IsSystemProtected: to.Ptr(true),
	// 		Permissions: []*armauthorization.DenyAssignmentPermission{
	// 			{
	// 				Actions: []*string{
	// 					to.Ptr("action")},
	// 					DataActions: []*string{
	// 					},
	// 					NotActions: []*string{
	// 					},
	// 					NotDataActions: []*string{
	// 					},
	// 			}},
	// 			Principals: []*armauthorization.Principal{
	// 				{
	// 					Type: to.Ptr("principalType1"),
	// 					ID: to.Ptr("principalId1"),
	// 			}},
	// 			Scope: to.Ptr("/subscriptions/subId/resourcegroups/rgname"),
	// 		},
	// 	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Get the specified deny assignment.
 *
 * @summary Get the specified deny assignment.
 * x-ms-original-file: specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetDenyAssignmentByNameId.json
 */
async function getDenyAssignmentByName() {
  const scope = "subscriptions/subId/resourcegroups/rgname";
  const denyAssignmentId = "denyAssignmentId";
  const credential = new DefaultAzureCredential();
  const client = new AuthorizationManagementClient(credential);
  const result = await client.denyAssignments.get(scope, denyAssignmentId);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Authorization;

// Generated from example definition: specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetDenyAssignmentByNameId.json
// this example is just showing the usage of "DenyAssignments_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this DenyAssignmentResource created on azure
// for more information of creating DenyAssignmentResource, please refer to the document of DenyAssignmentResource
string scope = "subscriptions/subId/resourcegroups/rgname";
string denyAssignmentId = "denyAssignmentId";
ResourceIdentifier denyAssignmentResourceId = DenyAssignmentResource.CreateResourceIdentifier(scope, denyAssignmentId);
DenyAssignmentResource denyAssignment = client.GetDenyAssignmentResource(denyAssignmentResourceId);

// invoke the operation
DenyAssignmentResource result = await denyAssignment.GetAsync();

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
DenyAssignmentData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

示例响应

状态代码:: 200

{
  "properties": {
    "denyAssignmentName": "Deny assignment name",
    "description": "Deny assignment description",
    "permissions": [
      {
        "actions": [
          "action"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      }
    ],
    "scope": "/subscriptions/subId/resourcegroups/rgname",
    "doNotApplyToChildScopes": false,
    "principals": [
      {
        "id": "principalId1",
        "type": "principalType1"
      }
    ],
    "excludePrincipals": [
      {
        "id": "principalId2",
        "type": "principalType2"
      }
    ],
    "isSystemProtected": true
  },
  "id": "/subscriptions/subId/resourcegroups/rgname/providers/Microsoft.Authorization/denyAssignments/denyAssignmentId",
  "type": "Microsoft.Authorization/denyAssignments",
  "name": "denyAssignmentId"
}

定义

名称	说明
DenyAssignment	拒绝分配
DenyAssignmentPermission	拒绝分配权限。
ErrorAdditionalInfo	资源管理错误附加信息。
ErrorDetail	错误详细信息。
ErrorResponse	错误响应
Principal	上次修改它的实体的名称

DenyAssignment

拒绝分配

名称	类型	说明
id	string	拒绝分配 ID。
name	string	拒绝分配名称。
properties.condition	string	拒绝分配的条件。这会限制可分配给的资源。例如： @Resource[Microsoft.Storage/storageAccounts/blobServices/containers：ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
properties.conditionVersion	string	条件的版本。
properties.createdBy	string	创建分配的用户的 ID
properties.createdOn	string	创建时间
properties.denyAssignmentName	string	拒绝分配的显示名称。
properties.description	string	拒绝分配的说明。
properties.doNotApplyToChildScopes	boolean	确定拒绝分配是否适用于子范围。默认值为 false。
properties.excludePrincipals	Principal[]	拒绝赋值不适用于的主体数组。
properties.isSystemProtected	boolean	指定此拒绝分配是否由 Azure 创建，且无法编辑或删除。
properties.permissions	DenyAssignmentPermission[]	拒绝分配拒绝的权限数组。
properties.principals	Principal[]	拒绝赋值适用的主体数组。
properties.scope	string	拒绝分配范围。
properties.updatedBy	string	更新分配的用户的 ID
properties.updatedOn	string	更新时间
type	string	拒绝分配类型。

DenyAssignmentPermission

拒绝分配权限。

名称	类型	说明
actions	string[]	拒绝分配不向其授予访问权限的操作。
condition	string	拒绝分配权限的条件。这会限制其应用的资源。
conditionVersion	string	条件的版本。
dataActions	string[]	拒绝分配不向其授予访问权限的数据操作。
notActions	string[]	要排除的拒绝分配不授予访问权限的操作。
notDataActions	string[]	要排除的数据操作，拒绝分配不会授予访问权限。

ErrorAdditionalInfo

资源管理错误附加信息。

名称	类型	说明
info	object	其他信息。
type	string	其他信息类型。

ErrorDetail

错误详细信息。

名称	类型	说明
additionalInfo	ErrorAdditionalInfo[]	错误附加信息。
code	string	错误代码。
details	ErrorDetail[]	错误详细信息。
message	string	错误消息。
target	string	错误目标。

ErrorResponse

错误响应

名称	类型	说明
error	ErrorDetail	错误对象。

Principal

上次修改它的实体的名称

名称	类型	说明
displayName	string	已更改的主体的名称
email	string	主体Email
id	string	已更改的主体的 ID
type	string	主体的类型，例如用户、组等