az role assignment

Manage role assignments.

Commands

az role assignment create Create a new role assignment for a user, group, or service principal.
az role assignment delete Delete role assignments.
az role assignment list List role assignments.

az role assignment create

Create a new role assignment for a user, group, or service principal.

az role assignment create --assignee
--role
[--resource-group]
[--scope]

Examples

Create role assignment for an assignee.

az role assignment create --assignee sp_name --role a_role

Required Parameters

--assignee
Represent a user, group, or service principal. supported format: object id, user sign-in name, or service principal name.
--role
Role name or id.

Optional Parameters

--resource-group -g
Use it only if the role or assignment was added at the level of a resource group.
--scope
Scope at which the role assignment or definition applies to, e.g., /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.

az role assignment delete

Delete role assignments.

az role assignment delete [--assignee]
[--ids]
[--include-inherited]
[--resource-group]
[--role]
[--scope]

Optional Parameters

--assignee
Represent a user, group, or service principal. supported format: object id, user sign-in name, or service principal name.
--ids
Space separated role assignment ids.
--include-inherited
Include assignments applied on parent scopes.
--resource-group -g
Use it only if the role or assignment was added at the level of a resource group.
--role
Role name or id.
--scope
Scope at which the role assignment or definition applies to, e.g., /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.

az role assignment list

List role assignments.

az role assignment list [--all]
[--assignee]
[--include-groups]
[--include-inherited]
[--resource-group]
[--role]
[--scope]

Optional Parameters

--all
Show all assignments under the current subscription.
--assignee
Represent a user, group, or service principal. supported format: object id, user sign-in name, or service principal name.
--include-groups
Include extra assignments to the groups of which the user is a member(transitively). Supported only for a user principal.
--include-inherited
Include assignments applied on parent scopes.
--resource-group -g
Use it only if the role or assignment was added at the level of a resource group.
--role
Role name or id.
--scope
Scope at which the role assignment or definition applies to, e.g., /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.