Role Eligibility Schedule Requests - Create

Creates a role eligibility schedule request.

PUT https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleEligibilityScheduleRequests/{roleEligibilityScheduleRequestName}?api-version=2020-10-01-preview

URI Parameters

Name In Required Type Description
roleEligibilityScheduleRequestName
path True
  • string

The name of the role eligibility to create. It can be any valid GUID.

scope
path True
  • string

The scope of the role eligibility schedule request to create. The scope can be any REST resource instance. For example, use '/providers/Microsoft.Subscription/subscriptions/{subscription-id}/' for a subscription, '/providers/Microsoft.Subscription/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}' for a resource group, and '/providers/Microsoft.Subscription/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/{resource-provider}/{resource-type}/{resource-name}' for a resource.

api-version
query True
  • string

The API version to use for this operation.

Request Body

Name Required Type Description
properties.principalId True
  • string

The principal ID.

properties.requestType True

The type of the role assignment schedule request. Eg: SelfActivate, AdminAssign etc

properties.roleDefinitionId True
  • string

The role definition ID.

properties.condition
  • string

The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'

properties.conditionVersion
  • string

Version of the condition. Currently accepted value is '2.0'

properties.justification
  • string

Justification for the role eligibility

properties.scheduleInfo

Schedule info of the role eligibility schedule

properties.targetRoleEligibilityScheduleId
  • string

The resultant role eligibility schedule id or the role eligibility schedule id being updated

properties.targetRoleEligibilityScheduleInstanceId
  • string

The role eligibility schedule instance id being updated

properties.ticketInfo

Ticket Info of the role eligibility

Responses

Name Type Description
201 Created

Created - Returns information about the role eligibility schedule request.

Other Status Codes

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

PutRoleEligibilityScheduleRequest

Sample Request

PUT https://management.azure.com/providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleEligibilityScheduleRequests/64caffb6-55c0-4deb-a585-68e948ea1ad6?api-version=2020-10-01-preview
{
  "properties": {
    "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
    "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
    "requestType": "AdminAssign",
    "scheduleInfo": {
      "startDateTime": "2020-09-09T21:31:27.91Z",
      "expiration": {
        "type": "AfterDuration",
        "endDateTime": null,
        "duration": "P365D"
      }
    },
    "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'",
    "conditionVersion": "1.0"
  }
}

Sample Response

{
  "properties": {
    "targetRoleEligibilityScheduleId": "b1477448-2cc6-4ceb-93b4-54a202a89413",
    "targetRoleEligibilityScheduleInstanceId": null,
    "scope": "/providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f",
    "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
    "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
    "principalType": "User",
    "requestType": "AdminAssign",
    "status": "Provisioned",
    "approvalId": null,
    "scheduleInfo": {
      "startDateTime": "2020-09-09T21:31:27.91Z",
      "expiration": {
        "type": "AfterDuration",
        "endDateTime": null,
        "duration": "P365D"
      }
    },
    "ticketInfo": {
      "ticketNumber": null,
      "ticketSystem": null
    },
    "justification": null,
    "requestorId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
    "createdOn": "2020-09-09T21:32:27.91Z",
    "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'",
    "conditionVersion": "1.0",
    "expandedProperties": {
      "scope": {
        "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f",
        "displayName": "Pay-As-You-Go",
        "type": "subscription"
      },
      "roleDefinition": {
        "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
        "displayName": "Contributor",
        "type": "BuiltInRole"
      },
      "principal": {
        "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
        "displayName": "User Account",
        "email": "user@my-tenant.com",
        "type": "User"
      }
    }
  },
  "name": "64caffb6-55c0-4deb-a585-68e948ea1ad6",
  "id": "/providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleEligibilityScheduleRequests/64caffb6-55c0-4deb-a585-68e948ea1ad6",
  "type": "Microsoft.Authorization/RoleEligibilityScheduleRequests"
}

Definitions

CloudError

An error response from the service.

CloudErrorBody

An error response from the service.

ExpandedProperties
Expiration

Expiration of the role eligibility schedule

Principal

Details of the principal

principalType

The principal type of the assigned principal ID.

RequestType

The type of the role assignment schedule request. Eg: SelfActivate, AdminAssign etc

RoleDefinition

Details of role definition

RoleEligibilityScheduleRequest

Role Eligibility schedule request

ScheduleInfo

Schedule info of the role eligibility schedule

Scope

Details of the resource scope

Status

The status of the role eligibility schedule request.

TicketInfo

Ticket Info of the role eligibility

Type

Type of the role eligibility schedule expiration

CloudError

An error response from the service.

Name Type Description
error

An error response from the service.

CloudErrorBody

An error response from the service.

Name Type Description
code
  • string

An identifier for the error. Codes are invariant and are intended to be consumed programmatically.

message
  • string

A message describing the error, intended to be suitable for display in a user interface.

ExpandedProperties

Name Type Description
principal

Details of the principal

roleDefinition

Details of role definition

scope

Details of the resource scope

Expiration

Expiration of the role eligibility schedule

Name Type Description
duration
  • string

Duration of the role eligibility schedule in TimeSpan.

endDateTime
  • string

End DateTime of the role eligibility schedule.

type

Type of the role eligibility schedule expiration

Principal

Details of the principal

Name Type Description
displayName
  • string

Display name of the principal

email
  • string

Email id of the principal

id
  • string

Id of the principal

type
  • string

Type of the principal

principalType

The principal type of the assigned principal ID.

Name Type Description
Device
  • string
ForeignGroup
  • string
Group
  • string
ServicePrincipal
  • string
User
  • string

RequestType

The type of the role assignment schedule request. Eg: SelfActivate, AdminAssign etc

Name Type Description
AdminAssign
  • string
AdminExtend
  • string
AdminRemove
  • string
AdminRenew
  • string
AdminUpdate
  • string
SelfActivate
  • string
SelfDeactivate
  • string
SelfExtend
  • string
SelfRenew
  • string

RoleDefinition

Details of role definition

Name Type Description
displayName
  • string

Display name of the role definition

id
  • string

Id of the role definition

type
  • string

Type of the role definition

RoleEligibilityScheduleRequest

Role Eligibility schedule request

Name Type Description
id
  • string

The role eligibility schedule request ID.

name
  • string

The role eligibility schedule request name.

properties.approvalId
  • string

The approvalId of the role eligibility schedule request.

properties.condition
  • string

The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'

properties.conditionVersion
  • string

Version of the condition. Currently accepted value is '2.0'

properties.createdOn
  • string

DateTime when role eligibility schedule request was created

properties.expandedProperties

Additional properties of principal, scope and role definition

properties.justification
  • string

Justification for the role eligibility

properties.principalId
  • string

The principal ID.

properties.principalType

The principal type of the assigned principal ID.

properties.requestType

The type of the role assignment schedule request. Eg: SelfActivate, AdminAssign etc

properties.requestorId
  • string

Id of the user who created this request

properties.roleDefinitionId
  • string

The role definition ID.

properties.scheduleInfo

Schedule info of the role eligibility schedule

properties.scope
  • string

The role eligibility schedule request scope.

properties.status

The status of the role eligibility schedule request.

properties.targetRoleEligibilityScheduleId
  • string

The resultant role eligibility schedule id or the role eligibility schedule id being updated

properties.targetRoleEligibilityScheduleInstanceId
  • string

The role eligibility schedule instance id being updated

properties.ticketInfo

Ticket Info of the role eligibility

type
  • string

The role eligibility schedule request type.

ScheduleInfo

Schedule info of the role eligibility schedule

Name Type Description
expiration

Expiration of the role eligibility schedule

startDateTime
  • string

Start DateTime of the role eligibility schedule.

Scope

Details of the resource scope

Name Type Description
displayName
  • string

Display name of the resource

id
  • string

Scope id of the resource

type
  • string

Type of the resource

Status

The status of the role eligibility schedule request.

Name Type Description
Accepted
  • string
AdminApproved
  • string
AdminDenied
  • string
Canceled
  • string
Denied
  • string
Failed
  • string
FailedAsResourceIsLocked
  • string
Granted
  • string
Invalid
  • string
PendingAdminDecision
  • string
PendingApproval
  • string
PendingApprovalProvisioning
  • string
PendingEvaluation
  • string
PendingExternalProvisioning
  • string
PendingProvisioning
  • string
PendingRevocation
  • string
PendingScheduleCreation
  • string
Provisioned
  • string
ProvisioningStarted
  • string
Revoked
  • string
ScheduleCreated
  • string
TimedOut
  • string

TicketInfo

Ticket Info of the role eligibility

Name Type Description
ticketNumber
  • string

Ticket number for the role eligibility

ticketSystem
  • string

Ticket system name for the role eligibility

Type

Type of the role eligibility schedule expiration

Name Type Description
AfterDateTime
  • string
AfterDuration
  • string
NoExpiration
  • string