Role Definitions - List

Reference

Service:: Key Vault

API Version:: 7.3

Get all role definitions that are applicable at scope and above.

GET {vaultBaseUrl}/{scope}/providers/Microsoft.Authorization/roleDefinitions?api-version=7.3

With optional parameters:

GET {vaultBaseUrl}/{scope}/providers/Microsoft.Authorization/roleDefinitions?$filter={$filter}&api-version=7.3

URI Parameters

Name	In	Required	Type	Description
scope	path	True	string	The scope of the role definition.
vaultBaseUrl	path	True	string	The vault name, for example https://myvault.vault.azure.net.
api-version	query	True	string	Client API version.
$filter	query		string	The filter to apply on the operation. Use atScopeAndBelow filter to search below the given scope as well.

Responses

Name	Type	Description
200 OK	RoleDefinitionListResult	OK - Returns an array of role definitions.
Other Status Codes	KeyVaultError	Key Vault error response describing why the operation failed.

Examples

ListRoleDefinitions

Sample Request

HTTP

GET https://myvault.vault.azure.net//keys/providers/Microsoft.Authorization/roleDefinitions?api-version=7.3

Sample Response

Status code:: 200

{
  "value": [
    {
      "properties": {
        "roleName": "Role name",
        "type": "roletype",
        "description": "Role description",
        "assignableScopes": [
          "/keys"
        ],
        "permissions": [
          {
            "actions": [
              "get"
            ],
            "notActions": []
          }
        ]
      },
      "id": "/keys/providers/Microsoft.Authorization/roleDefinitions/roleDefinitionId",
      "type": "Microsoft.Authorization/roleDefinitions",
      "name": "roleDefinitionId"
    }
  ]
}

Definitions

Error	The key vault server error.
KeyVaultError	The key vault error exception.
Permission	Role definition permissions.
RoleDefinition	Role definition.
RoleDefinitionListResult	Role definition list operation result.
RoleDefinitionType	The role definition type.
RoleType	The role type.

Error

The key vault server error.

Name	Type	Description
code	string	The error code.
innererror	Error	The key vault server error.
message	string	The error message.

KeyVaultError

The key vault error exception.

Name	Type	Description
error	Error	The key vault server error.

Permission

Role definition permissions.

Name	Type	Description
actions	string[]	Action permissions that are granted.
dataActions	string[]	Data action permissions that are granted.
notActions	string[]	Action permissions that are excluded but not denied. They may be granted by other role definitions assigned to a principal.
notDataActions	string[]	Data action permissions that are excluded but not denied. They may be granted by other role definitions assigned to a principal.

RoleDefinition

Role definition.

Name	Type	Description
id	string	The role definition ID.
name	string	The role definition name.
properties.assignableScopes	string[]	Role definition assignable scopes.
properties.description	string	The role definition description.
properties.permissions	Permission[]	Role definition permissions.
properties.roleName	string	The role name.
properties.type	RoleType	The role type.
type	RoleDefinitionType	The role definition type.

RoleDefinitionListResult

Role definition list operation result.

Name	Type	Description
nextLink	string	The URL to use for getting the next set of results.
value	RoleDefinition[]	Role definition list.

RoleDefinitionType

The role definition type.

Name	Type	Description
Microsoft.Authorization/roleDefinitions	string

RoleType

The role type.

Name	Type	Description
AKVBuiltInRole	string	Built in role.
CustomRole	string	Custom role.