az policy assignment identity

Manage a policy assignment's managed identity.

Commands

az policy assignment identity assign Add a system assigned identity to a policy assignment.
az policy assignment identity remove Remove a managed identity from a policy assignment.
az policy assignment identity show Show a policy assignment's managed identity.

az policy assignment identity assign

Add a system assigned identity to a policy assignment.

az policy assignment identity assign --name
[--identity-scope]
[--resource-group]
[--role]
[--scope]

Examples

Add a system assigned managed identity to a policy assignment.

az policy assignment identity assign -g MyResourceGroup -n MyPolicyAssignment

Add a system assigned managed identity to a policy assignment and grant it the 'Contributor' role for the current resource group.

az policy assignment identity assign -g MyResourceGroup -n MyPolicyAssignment --role Contributor --identity-scope /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup

Required Parameters

--name -n

Name of the policy assignment.

Optional Parameters

--identity-scope

Scope that the system assigned identity can access.

--resource-group -g

The resource group where the policy will be applied.

--role

Role name or id that will be assigned to the managed identity.

default value: Contributor
--scope

Scope to which this policy assignment applies.

az policy assignment identity remove

Remove a managed identity from a policy assignment.

az policy assignment identity remove --name
[--resource-group]
[--scope]

Required Parameters

--name -n

Name of the policy assignment.

Optional Parameters

--resource-group -g

The resource group where the policy will be applied.

--scope

Scope to which this policy assignment applies.

az policy assignment identity show

Show a policy assignment's managed identity.

az policy assignment identity show --name
[--resource-group]
[--scope]

Required Parameters

--name -n

Name of the policy assignment.

Optional Parameters

--resource-group -g

The resource group where the policy will be applied.

--scope

Scope to which this policy assignment applies.