az role definition

Manage role definitions.

Commands

az role definition create Create a custom role definition.
az role definition delete Delete a role definition.
az role definition list List role definitions.
az role definition update Update a role definition.

az role definition create

Create a custom role definition.

az role definition create --role-definition

Examples

Create a role with read-only access to storage and network resources, and the ability to start or restart VMs.

az role definition create --role-definition {     "Name": "Contoso On-call",     "Description": "Perform VM actions and read storange and network information."     "Actions": [         "Microsoft.Compute//read",         "Microsoft.Compute/virtualMachines/start/action",         "Microsoft.Compute/virtualMachines/restart/action",         "Microsoft.Network//read",         "Microsoft.Storage//read",         "Microsoft.Authorization//read",         "Microsoft.Resources/subscriptions/resourceGroups/read",         "Microsoft.Resources/subscriptions/resourceGroups/resources/read",         "Microsoft.Insights/alertRules/",         "Microsoft.Support/"     ],     "AssignableScopes": ["/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"] }

Create a role from a file containing a JSON description.

az role definition create --role-definition @ad-role.json

Required Parameters

--role-definition
Description of a role as JSON, or a path to a file containing a JSON description.

az role definition delete

Delete a role definition.

az role definition delete --name
[--custom-role-only]
[--resource-group]
[--scope]

Required Parameters

--name -n
The role's name.

Optional Parameters

--custom-role-only
Custom roles only(vs. build-in ones).
--resource-group -g
Use it only if the role or assignment was added at the level of a resource group.
--scope
Scope at which the role assignment or definition applies to, e.g., /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.

az role definition list

List role definitions.

az role definition list [--custom-role-only]
[--name]
[--resource-group]
[--scope]

Optional Parameters

--custom-role-only
Custom roles only(vs. build-in ones).
--name -n
The role's name.
--resource-group -g
Use it only if the role or assignment was added at the level of a resource group.
--scope
Scope at which the role assignment or definition applies to, e.g., /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.

az role definition update

Update a role definition.

az role definition update --role-definition

Required Parameters

--role-definition
Json formatted content which defines the new role.