Set-​Azure​Rm​Role​Definition

Modifies a custom role in Azure RBAC. Provide the modified role definition either as a JSON file or as a PSRoleDefinition. First, use the Get-AzureRmRoleDefinition command to retrieve the custom role that you wish to modify. Then, modify the properties that you wish to change. Finally, save the role definition using this command.

Syntax

Set-AzureRmRoleDefinition
   -InputFile <String>
   [-InformationAction <ActionPreference>]
   [-InformationVariable <String>]
Set-AzureRmRoleDefinition
   [-InformationAction <ActionPreference>]
   [-InformationVariable <String>]
   -Role <PSRoleDefinition>

Description

The Set-AzureRmRoleDefinition cmdlet updates an existing custom role in Azure Role-Based Access Control. Provide the updated role definition as an input to the command as a JSON file or a PSRoleDefinition object. The role definition for the updated custom role MUST contain the Id and all other required properties of the role even if they are not updated: DisplayName, Description, Actions, AssignableScopes. NotActions is optional.

Following is a sample updated role definition json for Set-AzureRmRoleDefinition

{ "Id": "52a6cc13-ff92-47a8-a39b-2a8205c3087e", "Name": "Updated Role", "Description": "Can monitor all resources and start and restart virtual machines", "Actions": [ "*/read", "Microsoft.ClassicCompute/virtualmachines/restart/action", "Microsoft.ClassicCompute/virtualmachines/start/action" ] "AssignableScopes": ["/subscriptions/4004a9fd-d58e-48dc-aeb2-4a4aec58606f"] }

Examples

-------------------------- Update using PSRoleDefinitionObject --------------------------

@{paragraph=PS C:\>}

PS C:\> $roleDef = Get-AzureRmRoleDefinition "Contoso On-Call"
          PS C:\> $roleDef.Actions.Add("Microsoft.ClassicCompute/virtualmachines/start/action")
          PS C:\> $roleDef.Description = "Can monitor all resources and start and restart virtual machines"
          PS C:\> $roleDef.AssignableScopes = @("/subscriptions/eb910d4f-edbf-429b-94F6-d76bae7ff401", "/subscriptions/a846d197-5eac-45c7-b885-a6227fe6d388")

          PS C:\> New-AzureRmRoleDefinition -Role $roleDef

-------------------------- Create using JSON file --------------------------

@{paragraph=PS C:\>}

PS C:\> Set-AzureRmRoleDefinition -InputFile C:\Temp\roleDefinition.json

Required Parameters

-InputFile

File name containing a single json role definition to be updated. Only include the properties that are to be updated in the JSON. Id property is Required.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Role

Role definition object to be updated

Type:PSRoleDefinition
Position:Named
Default value:None
Accept pipeline input:True (ByValue)
Accept wildcard characters:False

Optional Parameters

-InformationAction

Specifies how this cmdlet responds to an information event.The acceptable values for this parameter are:- Continue

  • Ignore
  • Inquire
  • SilentlyContinue
  • Stop
  • Suspend
Type:ActionPreference
Aliases:infa
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-InformationVariable

Specifies an information variable.

Type:String
Aliases:iv
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Notes

Keywords: azure, azurerm, arm, resource, management, manager, resource, group, template, deployment