RoleAssignment Type Definition

[This topic is pre-release documentation and is subject to change.]

Role Assignments are used in the RBAC Management APIs to manage user and group assignments to built-in Roles. Resource set descriptions enable fine-grained resource access control.

Properties

Property names appended with asterisks* are required.

RoleAssignment properties

Property JSON type Description
tenantId string Hub name (readonly)
assignmentName* string Name of the assignment(readonly)
displayName Dictionary<string,string> Localized display name for the assignment
description Dictionary<string,string> Localized description for the assignment
provisioningState string Assignment provisioning state: ["Provisioning" | "Succeeded" | "Expiring" | "Deleting" | "HumanIntervention" | "Failed" ]
role* string Built-in role ["Admin" | "Reader" | "ManageAdmin" | "ManageReader" | "DataAdmin" | "DataReader"]
principals* AssignmentPrincipal[] Assignment principal instance data (see below)
profiles ResourceSetDescription Profiles set for the assignment (see below)
interactions ResourceSetDescription Interactions set for the assignment (see below)
links ResourceSetDescription Links set for the assignment (see below)
kpis ResourceSetDescription KPIs set for the assignment (see below)
sasPolicies ResourceSetDescription SAS policies set for the assignment (see below)
connectors ResourceSetDescription Connectors set for the assignment (see below)
views ResourceSetDescription Views set for the assignment (see below)
relationships ResourceSetDescription Relationships set for the assignment (see below)
relationshipLinks ResourceSetDescription RelationshipLinks set for the assignment (see below)
widgetTypes ResourceSetDescription Widget set for the assignment (see below)
roleAssignments ResourceSetDescription Role assignment access that is set for the assignment (see below)
conflationPolicies ResourceSetDescription Conflation policies set for the assignment (see below)
segments ResourceSetDescription Segments that are set for the assignment (see below)


AssignmentPrincipal properties

Property JSON type Description
principalId* string ID of the principal being assigned to
principalType* string Type of the principal ID ["User" | "Group" | "ServicePrincipal"]
principalMetadata Dictionary<string,object>[] Other metadata for the principal


ResourceSetDescripion properties

Property JSON type Description
Elements string[] Elements included in the assignment set
Exceptions string[] Elements excluded from the assignment set

By default, elements not explicitly included in Elements are excluded from the assignment. However, if Elements is set to "*", then all scopes are included, except those elements explicitly listed in Exceptions. This enables the scenario "allow access to everything except the following specific elements".


JSON example

{ 
    "AssignmentName": "Assignment579", 
    "ProvisioningState": "Provisioning", 
    "Role": "Admin", 
    "tenantId": "sdkTestHub",
    "Principals": [ 
        { 
            "PrincipalId": "73fa56dd-f043-4619-bde4-13733d6926f4", 
            "PrincipalType": "User", 
            "PrincipalMetadata": null 
        }, 
        { 
            "PrincipalId": "8d8a7776-fe6d-42ba-9ff8-b0018aa79095", 
            "PrincipalType": "User", 
            "PrincipalMetadata": null 
        } 
    ], 
}