{ "swagger": "2.0", "info": { "title": "AuthorizationManagementClient", "version": "2018-09-01-preview", "description": "Role based access control provides you a way to apply granular level policy administration down to individual resources or resource groups. These operations enable you to manage role assignments. A role assignment grants access to Azure Active Directory users." }, "host": "management.azure.com", "schemes": [ "https" ], "consumes": [ "application/json" ], "produces": [ "application/json" ], "security": [ { "azure_auth": [ "user_impersonation" ] } ], "securityDefinitions": { "azure_auth": { "type": "oauth2", "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", "flow": "implicit", "description": "Azure Active Directory OAuth2 Flow", "scopes": { "user_impersonation": "impersonate your user account" } } }, "paths": { "/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/roleAssignments": { "get": { "tags": [ "RoleAssignments" ], "operationId": "RoleAssignments_ListForResource", "description": "Gets role assignments for a resource.", "parameters": [ { "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" }, { "$ref": "#/parameters/ResourceProviderNamespaceParameter" }, { "name": "parentResourcePath", "in": "path", "required": true, "type": "string", "description": "The parent resource identity.", "x-ms-skip-url-encoding": true }, { "name": "resourceType", "in": "path", "required": true, "type": "string", "description": "The resource type of the resource.", "x-ms-skip-url-encoding": true }, { "name": "resourceName", "in": "path", "required": true, "type": "string", "description": "The name of the resource to get role assignments for." }, { "name": "$filter", "in": "query", "required": false, "type": "string", "description": "The filter to apply on the operation. Use $filter=atScope() to return all role assignments at or above the scope. Use $filter=principalId eq {id} to return all role assignments at, above or below the scope for the specified principal." }, { "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" }, { "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" } ], "responses": { "200": { "description": "OK - Returns an array of role assignments.", "schema": { "$ref": "#/definitions/RoleAssignmentListResult" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" } } }, "x-ms-pageable": { "nextLinkName": "nextLink" }, "x-ms-odata": "#/definitions/RoleAssignmentFilter", "x-ms-examples": { "List role assignments for resource": { "$ref": "./examples/GetRoleAssignmentsForResource.json" } } } }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Authorization/roleAssignments": { "get": { "tags": [ "RoleAssignments" ], "operationId": "RoleAssignments_ListForResourceGroup", "description": "Gets role assignments for a resource group.", "parameters": [ { "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" }, { "name": "$filter", "in": "query", "required": false, "type": "string", "description": "The filter to apply on the operation. Use $filter=atScope() to return all role assignments at or above the scope. Use $filter=principalId eq {id} to return all role assignments at, above or below the scope for the specified principal." }, { "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" }, { "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" } ], "responses": { "200": { "description": "OK - Returns an array of role assignments.", "schema": { "$ref": "#/definitions/RoleAssignmentListResult" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" } } }, "x-ms-pageable": { "nextLinkName": "nextLink" }, "x-ms-odata": "#/definitions/RoleAssignmentFilter", "x-ms-examples": { "List role assignments for resource group": { "$ref": "./examples/GetRoleAssignmentsForResourceGroup.json" } } } }, "/{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}": { "delete": { "tags": [ "RoleAssignments" ], "operationId": "RoleAssignments_Delete", "description": "Deletes a role assignment.", "parameters": [ { "name": "scope", "in": "path", "required": true, "type": "string", "description": "The scope of the role assignment to delete.", "x-ms-skip-url-encoding": true }, { "name": "roleAssignmentName", "in": "path", "required": true, "type": "string", "description": "The name of the role assignment to delete." }, { "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" } ], "responses": { "200": { "description": "OK - Returns information about the role assignment.", "schema": { "$ref": "#/definitions/RoleAssignment" } }, "204": { "description": "Role assignment already deleted or does not exist." }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" } } }, "x-ms-examples": { "Delete role assignment by name": { "$ref": "./examples/DeleteRoleAssignmentByName.json" } } }, "put": { "tags": [ "RoleAssignments" ], "operationId": "RoleAssignments_Create", "description": "Creates a role assignment.", "parameters": [ { "name": "scope", "in": "path", "required": true, "type": "string", "description": "The scope of the role assignment to create. The scope can be any REST resource instance. For example, use '/subscriptions/{subscription-id}/' for a subscription, '/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}' for a resource group, and '/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/{resource-provider}/{resource-type}/{resource-name}' for a resource.", "x-ms-skip-url-encoding": true }, { "name": "roleAssignmentName", "in": "path", "required": true, "type": "string", "description": "A GUID for the role assignment to create. The name must be unique and different for each role assignment." }, { "name": "parameters", "in": "body", "required": true, "schema": { "$ref": "#/definitions/RoleAssignmentCreateParameters" }, "description": "Parameters for the role assignment." }, { "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" } ], "responses": { "201": { "description": "Created - Returns information about the role assignment.", "schema": { "$ref": "#/definitions/RoleAssignment" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" } } }, "x-ms-examples": { "Create role assignment": { "$ref": "./examples/PutRoleAssignment.json" } } }, "get": { "tags": [ "RoleAssignments" ], "operationId": "RoleAssignments_Get", "description": "Get the specified role assignment.", "parameters": [ { "name": "scope", "in": "path", "required": true, "type": "string", "description": "The scope of the role assignment.", "x-ms-skip-url-encoding": true }, { "name": "roleAssignmentName", "in": "path", "required": true, "type": "string", "description": "The name of the role assignment to get." }, { "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" } ], "responses": { "200": { "description": "OK - Returns information about the role assignment.", "schema": { "$ref": "#/definitions/RoleAssignment" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" } } }, "x-ms-examples": { "Get role assignment by name": { "$ref": "./examples/GetRoleAssignmentByName.json" } } } }, "/{roleId}": { "delete": { "tags": [ "RoleAssignments" ], "operationId": "RoleAssignments_DeleteById", "description": "Deletes a role assignment.", "parameters": [ { "name": "roleId", "in": "path", "required": true, "type": "string", "description": "The ID of the role assignment to delete.", "x-ms-skip-url-encoding": true }, { "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" } ], "responses": { "200": { "description": "OK - Returns information about the role assignment.", "schema": { "$ref": "#/definitions/RoleAssignment" } }, "204": { "description": "Role assignment already deleted or does not exist." }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" } } }, "x-ms-examples": { "Delete role assignment by ID": { "$ref": "./examples/DeleteRoleAssignmentById.json" } } }, "put": { "tags": [ "RoleAssignments" ], "operationId": "RoleAssignments_CreateById", "description": "Creates a role assignment by ID.", "parameters": [ { "name": "roleId", "in": "path", "required": true, "type": "string", "description": "The ID of the role assignment to create.", "x-ms-skip-url-encoding": true }, { "name": "parameters", "in": "body", "required": true, "schema": { "$ref": "#/definitions/RoleAssignmentCreateParameters" }, "description": "Parameters for the role assignment." }, { "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" } ], "responses": { "201": { "description": "Created - Returns the role assignment.", "schema": { "$ref": "#/definitions/RoleAssignment" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" } } }, "x-ms-examples": { "Create role assignment by ID": { "$ref": "./examples/PutRoleAssignmentById.json" } } }, "get": { "tags": [ "RoleAssignments" ], "operationId": "RoleAssignments_GetById", "description": "Gets a role assignment by ID.", "parameters": [ { "name": "roleId", "in": "path", "required": true, "type": "string", "description": "The ID of the role assignment to get.", "x-ms-skip-url-encoding": true }, { "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" } ], "responses": { "200": { "description": "OK - Returns the role assignment.", "schema": { "$ref": "#/definitions/RoleAssignment" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" } } }, "x-ms-examples": { "Get role assignment by ID": { "$ref": "./examples/GetRoleAssignmentById.json" } } } }, "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleAssignments": { "get": { "tags": [ "RoleAssignments" ], "operationId": "RoleAssignments_List", "description": "Gets all role assignments for the subscription.", "parameters": [ { "name": "$filter", "in": "query", "required": false, "type": "string", "description": "The filter to apply on the operation. Use $filter=atScope() to return all role assignments at or above the scope. Use $filter=principalId eq {id} to return all role assignments at, above or below the scope for the specified principal." }, { "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" }, { "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" } ], "responses": { "200": { "description": "OK - Returns an array of role assignments.", "schema": { "$ref": "#/definitions/RoleAssignmentListResult" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" } } }, "x-ms-pageable": { "nextLinkName": "nextLink" }, "x-ms-odata": "#/definitions/RoleAssignmentFilter", "x-ms-examples": { "List role assignments for subscription": { "$ref": "./examples/GetAllRoleAssignments.json" } } } }, "/{scope}/providers/Microsoft.Authorization/roleAssignments": { "get": { "tags": [ "RoleAssignments" ], "operationId": "RoleAssignments_ListForScope", "description": "Gets role assignments for a scope.", "parameters": [ { "name": "scope", "in": "path", "required": true, "type": "string", "description": "The scope of the role assignments.", "x-ms-skip-url-encoding": true }, { "name": "$filter", "in": "query", "required": false, "type": "string", "description": "The filter to apply on the operation. Use $filter=atScope() to return all role assignments at or above the scope. Use $filter=principalId eq {id} to return all role assignments at, above or below the scope for the specified principal." }, { "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" } ], "responses": { "200": { "description": "OK - Returns an array of role assignments.", "schema": { "$ref": "#/definitions/RoleAssignmentListResult" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" } } }, "x-ms-pageable": { "nextLinkName": "nextLink" }, "x-ms-odata": "#/definitions/RoleAssignmentFilter", "x-ms-examples": { "List role assignments for scope": { "$ref": "./examples/GetRoleAssignmentByScope.json" } } } } }, "definitions": { "RoleAssignmentFilter": { "properties": { "principalId": { "type": "string", "description": "Returns role assignment of the specific principal." }, "canDelegate": { "type": "boolean", "description": "The Delegation flag for the role assignment" } }, "description": "Role Assignments filter" }, "RoleAssignmentPropertiesWithScope": { "properties": { "scope": { "type": "string", "description": "The role assignment scope." }, "roleDefinitionId": { "type": "string", "description": "The role definition ID." }, "principalId": { "type": "string", "description": "The principal ID." }, "principalType": { "type": "string", "description": "The principal type of the assigned principal ID.", "enum": [ "User", "Group", "ServicePrincipal", "ForeignGroup" ], "x-ms-enum": { "name": "PrincipalType", "modelAsString": true } }, "canDelegate": { "type": "boolean", "description": "The Delegation flag for the role assignment" } }, "description": "Role assignment properties with scope." }, "RoleAssignment": { "properties": { "id": { "type": "string", "readOnly": true, "description": "The role assignment ID." }, "name": { "type": "string", "readOnly": true, "description": "The role assignment name." }, "type": { "type": "string", "readOnly": true, "description": "The role assignment type." }, "properties": { "x-ms-client-flatten": true, "$ref": "#/definitions/RoleAssignmentPropertiesWithScope", "description": "Role assignment properties." } }, "description": "Role Assignments" }, "RoleAssignmentListResult": { "properties": { "value": { "type": "array", "items": { "$ref": "#/definitions/RoleAssignment" }, "description": "Role assignment list." }, "nextLink": { "type": "string", "description": "The URL to use for getting the next set of results." } }, "description": "Role assignment list operation result." }, "RoleAssignmentProperties": { "properties": { "roleDefinitionId": { "type": "string", "description": "The role definition ID used in the role assignment." }, "principalId": { "type": "string", "description": "The principal ID assigned to the role. This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group." }, "principalType": { "type": "string", "description": "The principal type of the assigned principal ID.", "enum": [ "User", "Group", "ServicePrincipal", "ForeignGroup" ], "x-ms-enum": { "name": "PrincipalType", "modelAsString": true } }, "canDelegate": { "type": "boolean", "description": "The delegation flag used for creating a role assignment" } }, "required": [ "roleDefinitionId", "principalId" ], "description": "Role assignment properties." }, "RoleAssignmentCreateParameters": { "properties": { "properties": { "x-ms-client-flatten": true, "$ref": "#/definitions/RoleAssignmentProperties", "description": "Role assignment properties." } }, "required": [ "properties" ], "description": "Role assignment create parameters." } }, "parameters": { "ResourceProviderNamespaceParameter": { "name": "resourceProviderNamespace", "in": "path", "required": true, "type": "string", "description": "The namespace of the resource provider.", "x-ms-skip-url-encoding": true, "x-ms-parameter-location": "method" } } }