你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站，请访问 https://docs.azure.cn。

Role Definitions - Create Or Update

服务:

Authorization

API 版本:

2022-04-01

创建或更新角色定义。

PUT https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionId}?api-version=2022-04-01

URI 参数

名称	在	必需	类型	说明
roleDefinitionId	path	True	string	角色定义的 ID。
scope	path	True	string	角色定义的范围。
api-version	query	True	string	要用于此操作的 API 版本。

请求正文

名称	类型	说明
properties.assignableScopes	string[]	角色定义可分配的范围。
properties.description	string	角色定义说明。
properties.permissions	Permission[]	角色定义权限。
properties.roleName	string	角色名称。
properties.type	string	角色类型。

响应

名称	类型	说明
201 Created	RoleDefinition	正常 - 返回有关角色定义的信息。
Other Status Codes	ErrorResponse	描述操作失败原因的错误响应。

安全性

azure_auth

Azure Active Directory OAuth2 流

类型: oauth2
流向: implicit
授权 URL: https://login.microsoftonline.com/common/oauth2/authorize

作用域

名称	说明
user_impersonation	模拟用户帐户

示例

Create role definition

示例请求

HTTP

PUT https://management.azure.com/scope/providers/Microsoft.Authorization/roleDefinitions/roleDefinitionId?api-version=2022-04-01

{}

Java

import com.azure.resourcemanager.authorization.fluent.models.RoleDefinitionInner;

/**
 * Samples for RoleDefinitions CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/PutRoleDefinition
     * .json
     */
    /**
     * Sample code: Create role definition.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createRoleDefinition(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.accessManagement().roleAssignments().manager().roleServiceClient().getRoleDefinitions()
            .createOrUpdateWithResponse("scope", "roleDefinitionId", new RoleDefinitionInner(),
                com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armauthorization_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/53b1affe357b3bfbb53721d0a2002382a046d3b0/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/PutRoleDefinition.json
func ExampleRoleDefinitionsClient_CreateOrUpdate() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armauthorization.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewRoleDefinitionsClient().CreateOrUpdate(ctx, "scope", "roleDefinitionId", armauthorization.RoleDefinition{}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a role definition.
 *
 * @summary Creates or updates a role definition.
 * x-ms-original-file: specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/PutRoleDefinition.json
 */
async function createRoleDefinition() {
  const subscriptionId =
    process.env["AUTHORIZATION_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
  const scope = "scope";
  const roleDefinitionId = "roleDefinitionId";
  const roleDefinition = {};
  const credential = new DefaultAzureCredential();
  const client = new AuthorizationManagementClient(credential, subscriptionId);
  const result = await client.roleDefinitions.createOrUpdate(
    scope,
    roleDefinitionId,
    roleDefinition
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Authorization;

// Generated from example definition: specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/PutRoleDefinition.json
// this example is just showing the usage of "RoleDefinitions_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this AuthorizationRoleDefinitionResource created on azure
// for more information of creating AuthorizationRoleDefinitionResource, please refer to the document of AuthorizationRoleDefinitionResource
string scope = "scope";
ResourceIdentifier roleDefinitionId = new ResourceIdentifier("roleDefinitionId");
ResourceIdentifier authorizationRoleDefinitionResourceId = AuthorizationRoleDefinitionResource.CreateResourceIdentifier(scope, roleDefinitionId);
AuthorizationRoleDefinitionResource authorizationRoleDefinition = client.GetAuthorizationRoleDefinitionResource(authorizationRoleDefinitionResourceId);

// invoke the operation
AuthorizationRoleDefinitionData data = new AuthorizationRoleDefinitionData();
ArmOperation<AuthorizationRoleDefinitionResource> lro = await authorizationRoleDefinition.UpdateAsync(WaitUntil.Completed, data);
AuthorizationRoleDefinitionResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
AuthorizationRoleDefinitionData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

示例响应

状态代码:

201

{
  "properties": {
    "roleName": "Role name",
    "type": "roletype",
    "description": "Role description",
    "assignableScopes": [
      "/subscriptions/subId"
    ],
    "permissions": [
      {
        "actions": [
          "action"
        ],
        "notActions": [],
        "dataActions": [
          "dataAction"
        ],
        "notDataActions": []
      }
    ]
  },
  "id": "/subscriptions/subID/providers/Microsoft.Authorization/roleDefinitions/roleDefinitionId",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "roleDefinitionId"
}

定义

名称	说明
ErrorAdditionalInfo	资源管理错误附加信息。
ErrorDetail	错误详细信息。
ErrorResponse	错误响应
Permission	角色定义权限。
RoleDefinition	角色定义。

ErrorAdditionalInfo

资源管理错误附加信息。

名称	类型	说明
info	object	其他信息。
type	string	其他信息类型。

ErrorDetail

错误详细信息。

名称	类型	说明
additionalInfo	ErrorAdditionalInfo[]	错误附加信息。
code	string	错误代码。
details	ErrorDetail[]	错误详细信息。
message	string	错误消息。
target	string	错误目标。

ErrorResponse

错误响应

名称	类型	说明
error	ErrorDetail	错误对象。

Permission

角色定义权限。

名称	类型	说明
actions	string[]	允许的操作。
dataActions	string[]	允许的数据操作。
notActions	string[]	拒绝的操作。
notDataActions	string[]	拒绝数据操作。

RoleDefinition

角色定义。

名称	类型	说明
id	string	角色定义 ID。
name	string	角色定义名称。
properties.assignableScopes	string[]	角色定义可分配的范围。
properties.createdBy	string	创建分配的用户的 ID
properties.createdOn	string	创建时间
properties.description	string	角色定义说明。
properties.permissions	Permission[]	角色定义权限。
properties.roleName	string	角色名称。
properties.type	string	角色类型。
properties.updatedBy	string	更新分配的用户的 ID
properties.updatedOn	string	更新时间
type	string	角色定义类型。