你当前正在访问 Microsoft Azure Global Edition 技术文档网站。如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站，请访问 https://docs.azure.cn。

Role Management Policies - List For Scope

参考

Service:: Authorization

API Version:: 2020-10-01

获取资源范围的角色管理策略。

GET https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleManagementPolicies?api-version=2020-10-01

URI 参数

名称	在	必需	类型	说明
scope	path	True	string	角色管理策略的范围。
api-version	query	True	string	要用于此操作的 API 版本。

响应

名称	类型	说明
200 OK	RoleManagementPolicyListResult	正常 - 返回角色管理策略的数组。
Other Status Codes	CloudError	描述操作失败原因的错误响应。

安全性

azure_auth

Azure Active Directory OAuth2 流

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

名称	说明
user_impersonation	模拟用户帐户

示例

GetRoleManagementPolicyByRoleDefinitionFilter

Sample Request

GET https://management.azure.com/providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies?api-version=2020-10-01


/** Samples for RoleManagementPolicies ListForScope. */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/
     * GetRoleManagementPolicyByScope.json
     */
    /**
     * Sample code: GetRoleManagementPolicyByRoleDefinitionFilter.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void
        getRoleManagementPolicyByRoleDefinitionFilter(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.accessManagement().roleAssignments().manager().roleServiceClient().getRoleManagementPolicies()
            .listForScope("providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368",
                com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armauthorization_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/53b1affe357b3bfbb53721d0a2002382a046d3b0/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleManagementPolicyByScope.json
func ExampleRoleManagementPoliciesClient_NewListForScopePager() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armauthorization.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewRoleManagementPoliciesClient().NewListForScopePager("providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368", nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.RoleManagementPolicyListResult = armauthorization.RoleManagementPolicyListResult{
		// 	Value: []*armauthorization.RoleManagementPolicy{
		// 		{
		// 			Name: to.Ptr("570c3619-7688-4b34-b290-2b8bb3ccab2a"),
		// 			Type: to.Ptr("Microsoft.Authorization/RoleManagementPolicies"),
		// 			ID: to.Ptr("/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/570c3619-7688-4b34-b290-2b8bb3ccab2a"),
		// 			Properties: &armauthorization.RoleManagementPolicyProperties{
		// 				EffectiveRules: []armauthorization.RoleManagementPolicyRuleClassification{
		// 					&armauthorization.RoleManagementPolicyEnablementRule{
		// 						ID: to.Ptr("Enablement_Admin_Eligibility"),
		// 						RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyEnablementRule),
		// 						Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 							Caller: to.Ptr("Admin"),
		// 							Level: to.Ptr("Eligibility"),
		// 							Operations: []*string{
		// 								to.Ptr("All")},
		// 							},
		// 							EnabledRules: []*armauthorization.EnablementRules{
		// 							},
		// 						},
		// 						&armauthorization.RoleManagementPolicyExpirationRule{
		// 							ID: to.Ptr("Expiration_Admin_Eligibility"),
		// 							RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyExpirationRule),
		// 							Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 								Caller: to.Ptr("Admin"),
		// 								Level: to.Ptr("Eligibility"),
		// 								Operations: []*string{
		// 									to.Ptr("All")},
		// 								},
		// 								IsExpirationRequired: to.Ptr(true),
		// 								MaximumDuration: to.Ptr("P90D"),
		// 							},
		// 							&armauthorization.RoleManagementPolicyNotificationRule{
		// 								ID: to.Ptr("Notification_Admin_Admin_Eligibility"),
		// 								RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyNotificationRule),
		// 								Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 									Caller: to.Ptr("Admin"),
		// 									Level: to.Ptr("Eligibility"),
		// 									Operations: []*string{
		// 										to.Ptr("All")},
		// 									},
		// 									IsDefaultRecipientsEnabled: to.Ptr(false),
		// 									NotificationLevel: to.Ptr(armauthorization.NotificationLevelCritical),
		// 									NotificationRecipients: []*string{
		// 										to.Ptr("admin_admin_eligible@test.com")},
		// 										NotificationType: to.Ptr(armauthorization.NotificationDeliveryMechanismEmail),
		// 										RecipientType: to.Ptr(armauthorization.RecipientTypeAdmin),
		// 									},
		// 									&armauthorization.RoleManagementPolicyNotificationRule{
		// 										ID: to.Ptr("Notification_Requestor_Admin_Eligibility"),
		// 										RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyNotificationRule),
		// 										Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 											Caller: to.Ptr("Admin"),
		// 											Level: to.Ptr("Eligibility"),
		// 											Operations: []*string{
		// 												to.Ptr("All")},
		// 											},
		// 											IsDefaultRecipientsEnabled: to.Ptr(false),
		// 											NotificationLevel: to.Ptr(armauthorization.NotificationLevelCritical),
		// 											NotificationRecipients: []*string{
		// 												to.Ptr("requestor_admin_eligible@test.com")},
		// 												NotificationType: to.Ptr(armauthorization.NotificationDeliveryMechanismEmail),
		// 												RecipientType: to.Ptr(armauthorization.RecipientTypeRequestor),
		// 											},
		// 											&armauthorization.RoleManagementPolicyNotificationRule{
		// 												ID: to.Ptr("Notification_Approver_Admin_Eligibility"),
		// 												RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyNotificationRule),
		// 												Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 													Caller: to.Ptr("Admin"),
		// 													Level: to.Ptr("Eligibility"),
		// 													Operations: []*string{
		// 														to.Ptr("All")},
		// 													},
		// 													IsDefaultRecipientsEnabled: to.Ptr(false),
		// 													NotificationLevel: to.Ptr(armauthorization.NotificationLevelCritical),
		// 													NotificationRecipients: []*string{
		// 														to.Ptr("approver_admin_eligible@test.com")},
		// 														NotificationType: to.Ptr(armauthorization.NotificationDeliveryMechanismEmail),
		// 														RecipientType: to.Ptr(armauthorization.RecipientTypeApprover),
		// 													},
		// 													&armauthorization.RoleManagementPolicyEnablementRule{
		// 														ID: to.Ptr("Enablement_Admin_Assignment"),
		// 														RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyEnablementRule),
		// 														Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 															Caller: to.Ptr("Admin"),
		// 															Level: to.Ptr("Assignment"),
		// 															Operations: []*string{
		// 																to.Ptr("All")},
		// 															},
		// 															EnabledRules: []*armauthorization.EnablementRules{
		// 																to.Ptr(armauthorization.EnablementRulesMultiFactorAuthentication),
		// 																to.Ptr(armauthorization.EnablementRulesJustification)},
		// 															},
		// 															&armauthorization.RoleManagementPolicyExpirationRule{
		// 																ID: to.Ptr("Expiration_Admin_Assignment"),
		// 																RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyExpirationRule),
		// 																Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																	Caller: to.Ptr("Admin"),
		// 																	Level: to.Ptr("Assignment"),
		// 																	Operations: []*string{
		// 																		to.Ptr("All")},
		// 																	},
		// 																	IsExpirationRequired: to.Ptr(false),
		// 																	MaximumDuration: to.Ptr("P90D"),
		// 																},
		// 																&armauthorization.RoleManagementPolicyNotificationRule{
		// 																	ID: to.Ptr("Notification_Admin_Admin_Assignment"),
		// 																	RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyNotificationRule),
		// 																	Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																		Caller: to.Ptr("Admin"),
		// 																		Level: to.Ptr("Assignment"),
		// 																		Operations: []*string{
		// 																			to.Ptr("All")},
		// 																		},
		// 																		IsDefaultRecipientsEnabled: to.Ptr(false),
		// 																		NotificationLevel: to.Ptr(armauthorization.NotificationLevelCritical),
		// 																		NotificationRecipients: []*string{
		// 																			to.Ptr("admin_admin_member@test.com")},
		// 																			NotificationType: to.Ptr(armauthorization.NotificationDeliveryMechanismEmail),
		// 																			RecipientType: to.Ptr(armauthorization.RecipientTypeAdmin),
		// 																		},
		// 																		&armauthorization.RoleManagementPolicyNotificationRule{
		// 																			ID: to.Ptr("Notification_Requestor_Admin_Assignment"),
		// 																			RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyNotificationRule),
		// 																			Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																				Caller: to.Ptr("Admin"),
		// 																				Level: to.Ptr("Assignment"),
		// 																				Operations: []*string{
		// 																					to.Ptr("All")},
		// 																				},
		// 																				IsDefaultRecipientsEnabled: to.Ptr(false),
		// 																				NotificationLevel: to.Ptr(armauthorization.NotificationLevelCritical),
		// 																				NotificationRecipients: []*string{
		// 																					to.Ptr("requestor_admin_member@test.com")},
		// 																					NotificationType: to.Ptr(armauthorization.NotificationDeliveryMechanismEmail),
		// 																					RecipientType: to.Ptr(armauthorization.RecipientTypeRequestor),
		// 																				},
		// 																				&armauthorization.RoleManagementPolicyNotificationRule{
		// 																					ID: to.Ptr("Notification_Approver_Admin_Assignment"),
		// 																					RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyNotificationRule),
		// 																					Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																						Caller: to.Ptr("Admin"),
		// 																						Level: to.Ptr("Assignment"),
		// 																						Operations: []*string{
		// 																							to.Ptr("All")},
		// 																						},
		// 																						IsDefaultRecipientsEnabled: to.Ptr(false),
		// 																						NotificationLevel: to.Ptr(armauthorization.NotificationLevelCritical),
		// 																						NotificationRecipients: []*string{
		// 																							to.Ptr("approver_admin_member@test.com")},
		// 																							NotificationType: to.Ptr(armauthorization.NotificationDeliveryMechanismEmail),
		// 																							RecipientType: to.Ptr(armauthorization.RecipientTypeApprover),
		// 																						},
		// 																						&armauthorization.RoleManagementPolicyApprovalRule{
		// 																							ID: to.Ptr("Approval_EndUser_Assignment"),
		// 																							RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyApprovalRule),
		// 																							Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																								Caller: to.Ptr("EndUser"),
		// 																								Level: to.Ptr("Assignment"),
		// 																								Operations: []*string{
		// 																									to.Ptr("All")},
		// 																								},
		// 																								Setting: &armauthorization.ApprovalSettings{
		// 																									ApprovalMode: to.Ptr(armauthorization.ApprovalModeSingleStage),
		// 																									ApprovalStages: []*armauthorization.ApprovalStage{
		// 																										{
		// 																											ApprovalStageTimeOutInDays: to.Ptr[int32](1),
		// 																											EscalationTimeInMinutes: to.Ptr[int32](0),
		// 																											IsApproverJustificationRequired: to.Ptr(true),
		// 																											IsEscalationEnabled: to.Ptr(false),
		// 																											PrimaryApprovers: []*armauthorization.UserSet{
		// 																												{
		// 																													Description: to.Ptr("amansw_new_group"),
		// 																													ID: to.Ptr("2385b0f3-5fa9-43cf-8ca4-b01dc97298cd"),
		// 																													IsBackup: to.Ptr(false),
		// 																													UserType: to.Ptr(armauthorization.UserTypeGroup),
		// 																												},
		// 																												{
		// 																													Description: to.Ptr("amansw_group"),
		// 																													ID: to.Ptr("2f4913c9-d15b-406a-9946-1d66a28f2690"),
		// 																													IsBackup: to.Ptr(false),
		// 																													UserType: to.Ptr(armauthorization.UserTypeGroup),
		// 																											}},
		// 																									}},
		// 																									IsApprovalRequired: to.Ptr(true),
		// 																									IsApprovalRequiredForExtension: to.Ptr(false),
		// 																									IsRequestorJustificationRequired: to.Ptr(true),
		// 																								},
		// 																							},
		// 																							&armauthorization.RoleManagementPolicyAuthenticationContextRule{
		// 																								ID: to.Ptr("AuthenticationContext_EndUser_Assignment"),
		// 																								RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyAuthenticationContextRule),
		// 																								Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																									Caller: to.Ptr("EndUser"),
		// 																									Level: to.Ptr("Assignment"),
		// 																									Operations: []*string{
		// 																										to.Ptr("All")},
		// 																									},
		// 																									ClaimValue: to.Ptr(""),
		// 																									IsEnabled: to.Ptr(false),
		// 																								},
		// 																								&armauthorization.RoleManagementPolicyEnablementRule{
		// 																									ID: to.Ptr("Enablement_EndUser_Assignment"),
		// 																									RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyEnablementRule),
		// 																									Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																										Caller: to.Ptr("EndUser"),
		// 																										Level: to.Ptr("Assignment"),
		// 																										Operations: []*string{
		// 																											to.Ptr("All")},
		// 																										},
		// 																										EnabledRules: []*armauthorization.EnablementRules{
		// 																											to.Ptr(armauthorization.EnablementRulesMultiFactorAuthentication),
		// 																											to.Ptr(armauthorization.EnablementRulesJustification),
		// 																											to.Ptr(armauthorization.EnablementRulesTicketing)},
		// 																										},
		// 																										&armauthorization.RoleManagementPolicyExpirationRule{
		// 																											ID: to.Ptr("Expiration_EndUser_Assignment"),
		// 																											RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyExpirationRule),
		// 																											Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																												Caller: to.Ptr("EndUser"),
		// 																												Level: to.Ptr("Assignment"),
		// 																												Operations: []*string{
		// 																													to.Ptr("All")},
		// 																												},
		// 																												IsExpirationRequired: to.Ptr(true),
		// 																												MaximumDuration: to.Ptr("PT7H"),
		// 																											},
		// 																											&armauthorization.RoleManagementPolicyNotificationRule{
		// 																												ID: to.Ptr("Notification_Admin_EndUser_Assignment"),
		// 																												RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyNotificationRule),
		// 																												Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																													Caller: to.Ptr("EndUser"),
		// 																													Level: to.Ptr("Assignment"),
		// 																													Operations: []*string{
		// 																														to.Ptr("All")},
		// 																													},
		// 																													IsDefaultRecipientsEnabled: to.Ptr(false),
		// 																													NotificationLevel: to.Ptr(armauthorization.NotificationLevelCritical),
		// 																													NotificationRecipients: []*string{
		// 																														to.Ptr("admin_enduser_member@test.com")},
		// 																														NotificationType: to.Ptr(armauthorization.NotificationDeliveryMechanismEmail),
		// 																														RecipientType: to.Ptr(armauthorization.RecipientTypeAdmin),
		// 																													},
		// 																													&armauthorization.RoleManagementPolicyNotificationRule{
		// 																														ID: to.Ptr("Notification_Requestor_EndUser_Assignment"),
		// 																														RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyNotificationRule),
		// 																														Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																															Caller: to.Ptr("EndUser"),
		// 																															Level: to.Ptr("Assignment"),
		// 																															Operations: []*string{
		// 																																to.Ptr("All")},
		// 																															},
		// 																															IsDefaultRecipientsEnabled: to.Ptr(false),
		// 																															NotificationLevel: to.Ptr(armauthorization.NotificationLevelCritical),
		// 																															NotificationRecipients: []*string{
		// 																																to.Ptr("requestor_enduser_member@test.com")},
		// 																																NotificationType: to.Ptr(armauthorization.NotificationDeliveryMechanismEmail),
		// 																																RecipientType: to.Ptr(armauthorization.RecipientTypeRequestor),
		// 																															},
		// 																															&armauthorization.RoleManagementPolicyNotificationRule{
		// 																																ID: to.Ptr("Notification_Approver_EndUser_Assignment"),
		// 																																RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyNotificationRule),
		// 																																Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																																	Caller: to.Ptr("EndUser"),
		// 																																	Level: to.Ptr("Assignment"),
		// 																																	Operations: []*string{
		// 																																		to.Ptr("All")},
		// 																																	},
		// 																																	IsDefaultRecipientsEnabled: to.Ptr(true),
		// 																																	NotificationLevel: to.Ptr(armauthorization.NotificationLevelCritical),
		// 																																	NotificationType: to.Ptr(armauthorization.NotificationDeliveryMechanismEmail),
		// 																																	RecipientType: to.Ptr(armauthorization.RecipientTypeApprover),
		// 																															}},
		// 																															IsOrganizationDefault: to.Ptr(false),
		// 																															LastModifiedBy: &armauthorization.Principal{
		// 																																DisplayName: to.Ptr("Admin"),
		// 																															},
		// 																															LastModifiedDateTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-17T02:54:27.167Z"); return t}()),
		// 																															PolicyProperties: &armauthorization.PolicyProperties{
		// 																																Scope: &armauthorization.PolicyPropertiesScope{
		// 																																	Type: to.Ptr("subscription"),
		// 																																	DisplayName: to.Ptr("Pay-As-You-Go"),
		// 																																	ID: to.Ptr("/subscriptions/129ff972-28f8-46b8-a726-e497be039368"),
		// 																																},
		// 																															},
		// 																															Rules: []armauthorization.RoleManagementPolicyRuleClassification{
		// 																																&armauthorization.RoleManagementPolicyEnablementRule{
		// 																																	ID: to.Ptr("Enablement_Admin_Eligibility"),
		// 																																	RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyEnablementRule),
		// 																																	Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																																		Caller: to.Ptr("Admin"),
		// 																																		Level: to.Ptr("Eligibility"),
		// 																																		Operations: []*string{
		// 																																			to.Ptr("All")},
		// 																																		},
		// 																																		EnabledRules: []*armauthorization.EnablementRules{
		// 																																		},
		// 																																	},
		// 																																	&armauthorization.RoleManagementPolicyExpirationRule{
		// 																																		ID: to.Ptr("Expiration_Admin_Eligibility"),
		// 																																		RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyExpirationRule),
		// 																																		Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																																			Caller: to.Ptr("Admin"),
		// 																																			Level: to.Ptr("Eligibility"),
		// 																																			Operations: []*string{
		// 																																				to.Ptr("All")},
		// 																																			},
		// 																																			IsExpirationRequired: to.Ptr(true),
		// 																																			MaximumDuration: to.Ptr("P90D"),
		// 																																		},
		// 																																		&armauthorization.RoleManagementPolicyNotificationRule{
		// 																																			ID: to.Ptr("Notification_Admin_Admin_Eligibility"),
		// 																																			RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyNotificationRule),
		// 																																			Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																																				Caller: to.Ptr("Admin"),
		// 																																				Level: to.Ptr("Eligibility"),
		// 																																				Operations: []*string{
		// 																																					to.Ptr("All")},
		// 																																				},
		// 																																				IsDefaultRecipientsEnabled: to.Ptr(false),
		// 																																				NotificationLevel: to.Ptr(armauthorization.NotificationLevelCritical),
		// 																																				NotificationRecipients: []*string{
		// 																																					to.Ptr("admin_admin_eligible@test.com")},
		// 																																					NotificationType: to.Ptr(armauthorization.NotificationDeliveryMechanismEmail),
		// 																																					RecipientType: to.Ptr(armauthorization.RecipientTypeAdmin),
		// 																																				},
		// 																																				&armauthorization.RoleManagementPolicyNotificationRule{
		// 																																					ID: to.Ptr("Notification_Requestor_Admin_Eligibility"),
		// 																																					RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyNotificationRule),
		// 																																					Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																																						Caller: to.Ptr("Admin"),
		// 																																						Level: to.Ptr("Eligibility"),
		// 																																						Operations: []*string{
		// 																																							to.Ptr("All")},
		// 																																						},
		// 																																						IsDefaultRecipientsEnabled: to.Ptr(false),
		// 																																						NotificationLevel: to.Ptr(armauthorization.NotificationLevelCritical),
		// 																																						NotificationRecipients: []*string{
		// 																																							to.Ptr("requestor_admin_eligible@test.com")},
		// 																																							NotificationType: to.Ptr(armauthorization.NotificationDeliveryMechanismEmail),
		// 																																							RecipientType: to.Ptr(armauthorization.RecipientTypeRequestor),
		// 																																						},
		// 																																						&armauthorization.RoleManagementPolicyNotificationRule{
		// 																																							ID: to.Ptr("Notification_Approver_Admin_Eligibility"),
		// 																																							RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyNotificationRule),
		// 																																							Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																																								Caller: to.Ptr("Admin"),
		// 																																								Level: to.Ptr("Eligibility"),
		// 																																								Operations: []*string{
		// 																																									to.Ptr("All")},
		// 																																								},
		// 																																								IsDefaultRecipientsEnabled: to.Ptr(false),
		// 																																								NotificationLevel: to.Ptr(armauthorization.NotificationLevelCritical),
		// 																																								NotificationRecipients: []*string{
		// 																																									to.Ptr("approver_admin_eligible@test.com")},
		// 																																									NotificationType: to.Ptr(armauthorization.NotificationDeliveryMechanismEmail),
		// 																																									RecipientType: to.Ptr(armauthorization.RecipientTypeApprover),
		// 																																								},
		// 																																								&armauthorization.RoleManagementPolicyEnablementRule{
		// 																																									ID: to.Ptr("Enablement_Admin_Assignment"),
		// 																																									RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyEnablementRule),
		// 																																									Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																																										Caller: to.Ptr("Admin"),
		// 																																										Level: to.Ptr("Assignment"),
		// 																																										Operations: []*string{
		// 																																											to.Ptr("All")},
		// 																																										},
		// 																																										EnabledRules: []*armauthorization.EnablementRules{
		// 																																											to.Ptr(armauthorization.EnablementRulesMultiFactorAuthentication),
		// 																																											to.Ptr(armauthorization.EnablementRulesJustification)},
		// 																																										},
		// 																																										&armauthorization.RoleManagementPolicyExpirationRule{
		// 																																											ID: to.Ptr("Expiration_Admin_Assignment"),
		// 																																											RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyExpirationRule),
		// 																																											Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																																												Caller: to.Ptr("Admin"),
		// 																																												Level: to.Ptr("Assignment"),
		// 																																												Operations: []*string{
		// 																																													to.Ptr("All")},
		// 																																												},
		// 																																												IsExpirationRequired: to.Ptr(false),
		// 																																												MaximumDuration: to.Ptr("P90D"),
		// 																																											},
		// 																																											&armauthorization.RoleManagementPolicyNotificationRule{
		// 																																												ID: to.Ptr("Notification_Admin_Admin_Assignment"),
		// 																																												RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyNotificationRule),
		// 																																												Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																																													Caller: to.Ptr("Admin"),
		// 																																													Level: to.Ptr("Assignment"),
		// 																																													Operations: []*string{
		// 																																														to.Ptr("All")},
		// 																																													},
		// 																																													IsDefaultRecipientsEnabled: to.Ptr(false),
		// 																																													NotificationLevel: to.Ptr(armauthorization.NotificationLevelCritical),
		// 																																													NotificationRecipients: []*string{
		// 																																														to.Ptr("admin_admin_member@test.com")},
		// 																																														NotificationType: to.Ptr(armauthorization.NotificationDeliveryMechanismEmail),
		// 																																														RecipientType: to.Ptr(armauthorization.RecipientTypeAdmin),
		// 																																													},
		// 																																													&armauthorization.RoleManagementPolicyNotificationRule{
		// 																																														ID: to.Ptr("Notification_Requestor_Admin_Assignment"),
		// 																																														RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyNotificationRule),
		// 																																														Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																																															Caller: to.Ptr("Admin"),
		// 																																															Level: to.Ptr("Assignment"),
		// 																																															Operations: []*string{
		// 																																																to.Ptr("All")},
		// 																																															},
		// 																																															IsDefaultRecipientsEnabled: to.Ptr(false),
		// 																																															NotificationLevel: to.Ptr(armauthorization.NotificationLevelCritical),
		// 																																															NotificationRecipients: []*string{
		// 																																																to.Ptr("requestor_admin_member@test.com")},
		// 																																																NotificationType: to.Ptr(armauthorization.NotificationDeliveryMechanismEmail),
		// 																																																RecipientType: to.Ptr(armauthorization.RecipientTypeRequestor),
		// 																																															},
		// 																																															&armauthorization.RoleManagementPolicyNotificationRule{
		// 																																																ID: to.Ptr("Notification_Approver_Admin_Assignment"),
		// 																																																RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyNotificationRule),
		// 																																																Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																																																	Caller: to.Ptr("Admin"),
		// 																																																	Level: to.Ptr("Assignment"),
		// 																																																	Operations: []*string{
		// 																																																		to.Ptr("All")},
		// 																																																	},
		// 																																																	IsDefaultRecipientsEnabled: to.Ptr(false),
		// 																																																	NotificationLevel: to.Ptr(armauthorization.NotificationLevelCritical),
		// 																																																	NotificationRecipients: []*string{
		// 																																																		to.Ptr("approver_admin_member@test.com")},
		// 																																																		NotificationType: to.Ptr(armauthorization.NotificationDeliveryMechanismEmail),
		// 																																																		RecipientType: to.Ptr(armauthorization.RecipientTypeApprover),
		// 																																																	},
		// 																																																	&armauthorization.RoleManagementPolicyApprovalRule{
		// 																																																		ID: to.Ptr("Approval_EndUser_Assignment"),
		// 																																																		RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyApprovalRule),
		// 																																																		Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																																																			Caller: to.Ptr("EndUser"),
		// 																																																			Level: to.Ptr("Assignment"),
		// 																																																			Operations: []*string{
		// 																																																				to.Ptr("All")},
		// 																																																			},
		// 																																																			Setting: &armauthorization.ApprovalSettings{
		// 																																																				ApprovalMode: to.Ptr(armauthorization.ApprovalModeSingleStage),
		// 																																																				ApprovalStages: []*armauthorization.ApprovalStage{
		// 																																																					{
		// 																																																						ApprovalStageTimeOutInDays: to.Ptr[int32](1),
		// 																																																						EscalationTimeInMinutes: to.Ptr[int32](0),
		// 																																																						IsApproverJustificationRequired: to.Ptr(true),
		// 																																																						IsEscalationEnabled: to.Ptr(false),
		// 																																																						PrimaryApprovers: []*armauthorization.UserSet{
		// 																																																							{
		// 																																																								Description: to.Ptr("amansw_new_group"),
		// 																																																								ID: to.Ptr("2385b0f3-5fa9-43cf-8ca4-b01dc97298cd"),
		// 																																																								IsBackup: to.Ptr(false),
		// 																																																								UserType: to.Ptr(armauthorization.UserTypeGroup),
		// 																																																							},
		// 																																																							{
		// 																																																								Description: to.Ptr("amansw_group"),
		// 																																																								ID: to.Ptr("2f4913c9-d15b-406a-9946-1d66a28f2690"),
		// 																																																								IsBackup: to.Ptr(false),
		// 																																																								UserType: to.Ptr(armauthorization.UserTypeGroup),
		// 																																																						}},
		// 																																																				}},
		// 																																																				IsApprovalRequired: to.Ptr(true),
		// 																																																				IsApprovalRequiredForExtension: to.Ptr(false),
		// 																																																				IsRequestorJustificationRequired: to.Ptr(true),
		// 																																																			},
		// 																																																		},
		// 																																																		&armauthorization.RoleManagementPolicyAuthenticationContextRule{
		// 																																																			ID: to.Ptr("AuthenticationContext_EndUser_Assignment"),
		// 																																																			RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyAuthenticationContextRule),
		// 																																																			Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																																																				Caller: to.Ptr("EndUser"),
		// 																																																				Level: to.Ptr("Assignment"),
		// 																																																				Operations: []*string{
		// 																																																					to.Ptr("All")},
		// 																																																				},
		// 																																																				ClaimValue: to.Ptr(""),
		// 																																																				IsEnabled: to.Ptr(false),
		// 																																																			},
		// 																																																			&armauthorization.RoleManagementPolicyEnablementRule{
		// 																																																				ID: to.Ptr("Enablement_EndUser_Assignment"),
		// 																																																				RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyEnablementRule),
		// 																																																				Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																																																					Caller: to.Ptr("EndUser"),
		// 																																																					Level: to.Ptr("Assignment"),
		// 																																																					Operations: []*string{
		// 																																																						to.Ptr("All")},
		// 																																																					},
		// 																																																					EnabledRules: []*armauthorization.EnablementRules{
		// 																																																						to.Ptr(armauthorization.EnablementRulesMultiFactorAuthentication),
		// 																																																						to.Ptr(armauthorization.EnablementRulesJustification),
		// 																																																						to.Ptr(armauthorization.EnablementRulesTicketing)},
		// 																																																					},
		// 																																																					&armauthorization.RoleManagementPolicyExpirationRule{
		// 																																																						ID: to.Ptr("Expiration_EndUser_Assignment"),
		// 																																																						RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyExpirationRule),
		// 																																																						Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																																																							Caller: to.Ptr("EndUser"),
		// 																																																							Level: to.Ptr("Assignment"),
		// 																																																							Operations: []*string{
		// 																																																								to.Ptr("All")},
		// 																																																							},
		// 																																																							IsExpirationRequired: to.Ptr(true),
		// 																																																							MaximumDuration: to.Ptr("PT7H"),
		// 																																																						},
		// 																																																						&armauthorization.RoleManagementPolicyNotificationRule{
		// 																																																							ID: to.Ptr("Notification_Admin_EndUser_Assignment"),
		// 																																																							RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyNotificationRule),
		// 																																																							Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																																																								Caller: to.Ptr("EndUser"),
		// 																																																								Level: to.Ptr("Assignment"),
		// 																																																								Operations: []*string{
		// 																																																									to.Ptr("All")},
		// 																																																								},
		// 																																																								IsDefaultRecipientsEnabled: to.Ptr(false),
		// 																																																								NotificationLevel: to.Ptr(armauthorization.NotificationLevelCritical),
		// 																																																								NotificationRecipients: []*string{
		// 																																																									to.Ptr("admin_enduser_member@test.com")},
		// 																																																									NotificationType: to.Ptr(armauthorization.NotificationDeliveryMechanismEmail),
		// 																																																									RecipientType: to.Ptr(armauthorization.RecipientTypeAdmin),
		// 																																																								},
		// 																																																								&armauthorization.RoleManagementPolicyNotificationRule{
		// 																																																									ID: to.Ptr("Notification_Requestor_EndUser_Assignment"),
		// 																																																									RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyNotificationRule),
		// 																																																									Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																																																										Caller: to.Ptr("EndUser"),
		// 																																																										Level: to.Ptr("Assignment"),
		// 																																																										Operations: []*string{
		// 																																																											to.Ptr("All")},
		// 																																																										},
		// 																																																										IsDefaultRecipientsEnabled: to.Ptr(false),
		// 																																																										NotificationLevel: to.Ptr(armauthorization.NotificationLevelCritical),
		// 																																																										NotificationRecipients: []*string{
		// 																																																											to.Ptr("requestor_enduser_member@test.com")},
		// 																																																											NotificationType: to.Ptr(armauthorization.NotificationDeliveryMechanismEmail),
		// 																																																											RecipientType: to.Ptr(armauthorization.RecipientTypeRequestor),
		// 																																																										},
		// 																																																										&armauthorization.RoleManagementPolicyNotificationRule{
		// 																																																											ID: to.Ptr("Notification_Approver_EndUser_Assignment"),
		// 																																																											RuleType: to.Ptr(armauthorization.RoleManagementPolicyRuleTypeRoleManagementPolicyNotificationRule),
		// 																																																											Target: &armauthorization.RoleManagementPolicyRuleTarget{
		// 																																																												Caller: to.Ptr("EndUser"),
		// 																																																												Level: to.Ptr("Assignment"),
		// 																																																												Operations: []*string{
		// 																																																													to.Ptr("All")},
		// 																																																												},
		// 																																																												IsDefaultRecipientsEnabled: to.Ptr(true),
		// 																																																												NotificationLevel: to.Ptr(armauthorization.NotificationLevelCritical),
		// 																																																												NotificationType: to.Ptr(armauthorization.NotificationDeliveryMechanismEmail),
		// 																																																												RecipientType: to.Ptr(armauthorization.RecipientTypeApprover),
		// 																																																										}},
		// 																																																										Scope: to.Ptr("/subscriptions/129ff972-28f8-46b8-a726-e497be039368"),
		// 																																																									},
		// 																																																							}},
		// 																																																						}
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Gets role management policies for a resource scope.
 *
 * @summary Gets role management policies for a resource scope.
 * x-ms-original-file: specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleManagementPolicyByScope.json
 */
async function getRoleManagementPolicyByRoleDefinitionFilter() {
  const subscriptionId =
    process.env["AUTHORIZATION_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
  const scope =
    "providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368";
  const credential = new DefaultAzureCredential();
  const client = new AuthorizationManagementClient(credential, subscriptionId);
  const resArray = new Array();
  for await (let item of client.roleManagementPolicies.listForScope(scope)) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Authorization;

// Generated from example definition: specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleManagementPolicyByScope.json
// this example is just showing the usage of "RoleManagementPolicies_ListForScope" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this ArmResource created on azure
// for more information of creating ArmResource, please refer to the document of ArmResource

// get the collection of this RoleManagementPolicyResource
string scope = "providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368";
ResourceIdentifier scopeId = new ResourceIdentifier(string.Format("/{0}", scope));
RoleManagementPolicyCollection collection = client.GetRoleManagementPolicies(scopeId);

// invoke the operation and iterate over the result
await foreach (RoleManagementPolicyResource item in collection.GetAllAsync())
{
    // the variable item is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    RoleManagementPolicyData resourceData = item.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

Console.WriteLine($"Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "value": [
    {
      "properties": {
        "scope": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368",
        "displayName": null,
        "description": null,
        "isOrganizationDefault": false,
        "lastModifiedDateTime": "2021-03-17T02:54:27.167+00:00",
        "lastModifiedBy": {
          "id": null,
          "displayName": "Admin",
          "type": null,
          "email": null
        },
        "rules": [
          {
            "enabledRules": [],
            "id": "Enablement_Admin_Eligibility",
            "ruleType": "RoleManagementPolicyEnablementRule",
            "target": {
              "caller": "Admin",
              "operations": [
                "All"
              ],
              "level": "Eligibility",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "isExpirationRequired": true,
            "maximumDuration": "P90D",
            "id": "Expiration_Admin_Eligibility",
            "ruleType": "RoleManagementPolicyExpirationRule",
            "target": {
              "caller": "Admin",
              "operations": [
                "All"
              ],
              "level": "Eligibility",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "notificationType": "Email",
            "recipientType": "Admin",
            "isDefaultRecipientsEnabled": false,
            "notificationLevel": "Critical",
            "notificationRecipients": [
              "admin_admin_eligible@test.com"
            ],
            "id": "Notification_Admin_Admin_Eligibility",
            "ruleType": "RoleManagementPolicyNotificationRule",
            "target": {
              "caller": "Admin",
              "operations": [
                "All"
              ],
              "level": "Eligibility",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "notificationType": "Email",
            "recipientType": "Requestor",
            "isDefaultRecipientsEnabled": false,
            "notificationLevel": "Critical",
            "notificationRecipients": [
              "requestor_admin_eligible@test.com"
            ],
            "id": "Notification_Requestor_Admin_Eligibility",
            "ruleType": "RoleManagementPolicyNotificationRule",
            "target": {
              "caller": "Admin",
              "operations": [
                "All"
              ],
              "level": "Eligibility",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "notificationType": "Email",
            "recipientType": "Approver",
            "isDefaultRecipientsEnabled": false,
            "notificationLevel": "Critical",
            "notificationRecipients": [
              "approver_admin_eligible@test.com"
            ],
            "id": "Notification_Approver_Admin_Eligibility",
            "ruleType": "RoleManagementPolicyNotificationRule",
            "target": {
              "caller": "Admin",
              "operations": [
                "All"
              ],
              "level": "Eligibility",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "enabledRules": [
              "MultiFactorAuthentication",
              "Justification"
            ],
            "id": "Enablement_Admin_Assignment",
            "ruleType": "RoleManagementPolicyEnablementRule",
            "target": {
              "caller": "Admin",
              "operations": [
                "All"
              ],
              "level": "Assignment",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "isExpirationRequired": false,
            "maximumDuration": "P90D",
            "id": "Expiration_Admin_Assignment",
            "ruleType": "RoleManagementPolicyExpirationRule",
            "target": {
              "caller": "Admin",
              "operations": [
                "All"
              ],
              "level": "Assignment",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "notificationType": "Email",
            "recipientType": "Admin",
            "isDefaultRecipientsEnabled": false,
            "notificationLevel": "Critical",
            "notificationRecipients": [
              "admin_admin_member@test.com"
            ],
            "id": "Notification_Admin_Admin_Assignment",
            "ruleType": "RoleManagementPolicyNotificationRule",
            "target": {
              "caller": "Admin",
              "operations": [
                "All"
              ],
              "level": "Assignment",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "notificationType": "Email",
            "recipientType": "Requestor",
            "isDefaultRecipientsEnabled": false,
            "notificationLevel": "Critical",
            "notificationRecipients": [
              "requestor_admin_member@test.com"
            ],
            "id": "Notification_Requestor_Admin_Assignment",
            "ruleType": "RoleManagementPolicyNotificationRule",
            "target": {
              "caller": "Admin",
              "operations": [
                "All"
              ],
              "level": "Assignment",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "notificationType": "Email",
            "recipientType": "Approver",
            "isDefaultRecipientsEnabled": false,
            "notificationLevel": "Critical",
            "notificationRecipients": [
              "approver_admin_member@test.com"
            ],
            "id": "Notification_Approver_Admin_Assignment",
            "ruleType": "RoleManagementPolicyNotificationRule",
            "target": {
              "caller": "Admin",
              "operations": [
                "All"
              ],
              "level": "Assignment",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "setting": {
              "isApprovalRequired": true,
              "isApprovalRequiredForExtension": false,
              "isRequestorJustificationRequired": true,
              "approvalMode": "SingleStage",
              "approvalStages": [
                {
                  "approvalStageTimeOutInDays": 1,
                  "isApproverJustificationRequired": true,
                  "escalationTimeInMinutes": 0,
                  "primaryApprovers": [
                    {
                      "id": "2385b0f3-5fa9-43cf-8ca4-b01dc97298cd",
                      "description": "amansw_new_group",
                      "isBackup": false,
                      "userType": "Group"
                    },
                    {
                      "id": "2f4913c9-d15b-406a-9946-1d66a28f2690",
                      "description": "amansw_group",
                      "isBackup": false,
                      "userType": "Group"
                    }
                  ],
                  "isEscalationEnabled": false,
                  "escalationApprovers": null
                }
              ]
            },
            "id": "Approval_EndUser_Assignment",
            "ruleType": "RoleManagementPolicyApprovalRule",
            "target": {
              "caller": "EndUser",
              "operations": [
                "All"
              ],
              "level": "Assignment",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "isEnabled": false,
            "claimValue": "",
            "id": "AuthenticationContext_EndUser_Assignment",
            "ruleType": "RoleManagementPolicyAuthenticationContextRule",
            "target": {
              "caller": "EndUser",
              "operations": [
                "All"
              ],
              "level": "Assignment",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "enabledRules": [
              "MultiFactorAuthentication",
              "Justification",
              "Ticketing"
            ],
            "id": "Enablement_EndUser_Assignment",
            "ruleType": "RoleManagementPolicyEnablementRule",
            "target": {
              "caller": "EndUser",
              "operations": [
                "All"
              ],
              "level": "Assignment",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "isExpirationRequired": true,
            "maximumDuration": "PT7H",
            "id": "Expiration_EndUser_Assignment",
            "ruleType": "RoleManagementPolicyExpirationRule",
            "target": {
              "caller": "EndUser",
              "operations": [
                "All"
              ],
              "level": "Assignment",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "notificationType": "Email",
            "recipientType": "Admin",
            "isDefaultRecipientsEnabled": false,
            "notificationLevel": "Critical",
            "notificationRecipients": [
              "admin_enduser_member@test.com"
            ],
            "id": "Notification_Admin_EndUser_Assignment",
            "ruleType": "RoleManagementPolicyNotificationRule",
            "target": {
              "caller": "EndUser",
              "operations": [
                "All"
              ],
              "level": "Assignment",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "notificationType": "Email",
            "recipientType": "Requestor",
            "isDefaultRecipientsEnabled": false,
            "notificationLevel": "Critical",
            "notificationRecipients": [
              "requestor_enduser_member@test.com"
            ],
            "id": "Notification_Requestor_EndUser_Assignment",
            "ruleType": "RoleManagementPolicyNotificationRule",
            "target": {
              "caller": "EndUser",
              "operations": [
                "All"
              ],
              "level": "Assignment",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "notificationType": "Email",
            "recipientType": "Approver",
            "isDefaultRecipientsEnabled": true,
            "notificationLevel": "Critical",
            "notificationRecipients": null,
            "id": "Notification_Approver_EndUser_Assignment",
            "ruleType": "RoleManagementPolicyNotificationRule",
            "target": {
              "caller": "EndUser",
              "operations": [
                "All"
              ],
              "level": "Assignment",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          }
        ],
        "effectiveRules": [
          {
            "enabledRules": [],
            "id": "Enablement_Admin_Eligibility",
            "ruleType": "RoleManagementPolicyEnablementRule",
            "target": {
              "caller": "Admin",
              "operations": [
                "All"
              ],
              "level": "Eligibility",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "isExpirationRequired": true,
            "maximumDuration": "P90D",
            "id": "Expiration_Admin_Eligibility",
            "ruleType": "RoleManagementPolicyExpirationRule",
            "target": {
              "caller": "Admin",
              "operations": [
                "All"
              ],
              "level": "Eligibility",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "notificationType": "Email",
            "recipientType": "Admin",
            "isDefaultRecipientsEnabled": false,
            "notificationLevel": "Critical",
            "notificationRecipients": [
              "admin_admin_eligible@test.com"
            ],
            "id": "Notification_Admin_Admin_Eligibility",
            "ruleType": "RoleManagementPolicyNotificationRule",
            "target": {
              "caller": "Admin",
              "operations": [
                "All"
              ],
              "level": "Eligibility",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "notificationType": "Email",
            "recipientType": "Requestor",
            "isDefaultRecipientsEnabled": false,
            "notificationLevel": "Critical",
            "notificationRecipients": [
              "requestor_admin_eligible@test.com"
            ],
            "id": "Notification_Requestor_Admin_Eligibility",
            "ruleType": "RoleManagementPolicyNotificationRule",
            "target": {
              "caller": "Admin",
              "operations": [
                "All"
              ],
              "level": "Eligibility",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "notificationType": "Email",
            "recipientType": "Approver",
            "isDefaultRecipientsEnabled": false,
            "notificationLevel": "Critical",
            "notificationRecipients": [
              "approver_admin_eligible@test.com"
            ],
            "id": "Notification_Approver_Admin_Eligibility",
            "ruleType": "RoleManagementPolicyNotificationRule",
            "target": {
              "caller": "Admin",
              "operations": [
                "All"
              ],
              "level": "Eligibility",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "enabledRules": [
              "MultiFactorAuthentication",
              "Justification"
            ],
            "id": "Enablement_Admin_Assignment",
            "ruleType": "RoleManagementPolicyEnablementRule",
            "target": {
              "caller": "Admin",
              "operations": [
                "All"
              ],
              "level": "Assignment",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "isExpirationRequired": false,
            "maximumDuration": "P90D",
            "id": "Expiration_Admin_Assignment",
            "ruleType": "RoleManagementPolicyExpirationRule",
            "target": {
              "caller": "Admin",
              "operations": [
                "All"
              ],
              "level": "Assignment",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "notificationType": "Email",
            "recipientType": "Admin",
            "isDefaultRecipientsEnabled": false,
            "notificationLevel": "Critical",
            "notificationRecipients": [
              "admin_admin_member@test.com"
            ],
            "id": "Notification_Admin_Admin_Assignment",
            "ruleType": "RoleManagementPolicyNotificationRule",
            "target": {
              "caller": "Admin",
              "operations": [
                "All"
              ],
              "level": "Assignment",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "notificationType": "Email",
            "recipientType": "Requestor",
            "isDefaultRecipientsEnabled": false,
            "notificationLevel": "Critical",
            "notificationRecipients": [
              "requestor_admin_member@test.com"
            ],
            "id": "Notification_Requestor_Admin_Assignment",
            "ruleType": "RoleManagementPolicyNotificationRule",
            "target": {
              "caller": "Admin",
              "operations": [
                "All"
              ],
              "level": "Assignment",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "notificationType": "Email",
            "recipientType": "Approver",
            "isDefaultRecipientsEnabled": false,
            "notificationLevel": "Critical",
            "notificationRecipients": [
              "approver_admin_member@test.com"
            ],
            "id": "Notification_Approver_Admin_Assignment",
            "ruleType": "RoleManagementPolicyNotificationRule",
            "target": {
              "caller": "Admin",
              "operations": [
                "All"
              ],
              "level": "Assignment",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "setting": {
              "isApprovalRequired": true,
              "isApprovalRequiredForExtension": false,
              "isRequestorJustificationRequired": true,
              "approvalMode": "SingleStage",
              "approvalStages": [
                {
                  "approvalStageTimeOutInDays": 1,
                  "isApproverJustificationRequired": true,
                  "escalationTimeInMinutes": 0,
                  "primaryApprovers": [
                    {
                      "id": "2385b0f3-5fa9-43cf-8ca4-b01dc97298cd",
                      "description": "amansw_new_group",
                      "isBackup": false,
                      "userType": "Group"
                    },
                    {
                      "id": "2f4913c9-d15b-406a-9946-1d66a28f2690",
                      "description": "amansw_group",
                      "isBackup": false,
                      "userType": "Group"
                    }
                  ],
                  "isEscalationEnabled": false,
                  "escalationApprovers": null
                }
              ]
            },
            "id": "Approval_EndUser_Assignment",
            "ruleType": "RoleManagementPolicyApprovalRule",
            "target": {
              "caller": "EndUser",
              "operations": [
                "All"
              ],
              "level": "Assignment",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "isEnabled": false,
            "claimValue": "",
            "id": "AuthenticationContext_EndUser_Assignment",
            "ruleType": "RoleManagementPolicyAuthenticationContextRule",
            "target": {
              "caller": "EndUser",
              "operations": [
                "All"
              ],
              "level": "Assignment",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "enabledRules": [
              "MultiFactorAuthentication",
              "Justification",
              "Ticketing"
            ],
            "id": "Enablement_EndUser_Assignment",
            "ruleType": "RoleManagementPolicyEnablementRule",
            "target": {
              "caller": "EndUser",
              "operations": [
                "All"
              ],
              "level": "Assignment",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "isExpirationRequired": true,
            "maximumDuration": "PT7H",
            "id": "Expiration_EndUser_Assignment",
            "ruleType": "RoleManagementPolicyExpirationRule",
            "target": {
              "caller": "EndUser",
              "operations": [
                "All"
              ],
              "level": "Assignment",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "notificationType": "Email",
            "recipientType": "Admin",
            "isDefaultRecipientsEnabled": false,
            "notificationLevel": "Critical",
            "notificationRecipients": [
              "admin_enduser_member@test.com"
            ],
            "id": "Notification_Admin_EndUser_Assignment",
            "ruleType": "RoleManagementPolicyNotificationRule",
            "target": {
              "caller": "EndUser",
              "operations": [
                "All"
              ],
              "level": "Assignment",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "notificationType": "Email",
            "recipientType": "Requestor",
            "isDefaultRecipientsEnabled": false,
            "notificationLevel": "Critical",
            "notificationRecipients": [
              "requestor_enduser_member@test.com"
            ],
            "id": "Notification_Requestor_EndUser_Assignment",
            "ruleType": "RoleManagementPolicyNotificationRule",
            "target": {
              "caller": "EndUser",
              "operations": [
                "All"
              ],
              "level": "Assignment",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          },
          {
            "notificationType": "Email",
            "recipientType": "Approver",
            "isDefaultRecipientsEnabled": true,
            "notificationLevel": "Critical",
            "notificationRecipients": null,
            "id": "Notification_Approver_EndUser_Assignment",
            "ruleType": "RoleManagementPolicyNotificationRule",
            "target": {
              "caller": "EndUser",
              "operations": [
                "All"
              ],
              "level": "Assignment",
              "targetObjects": null,
              "inheritableSettings": null,
              "enforcedSettings": null
            }
          }
        ],
        "policyProperties": {
          "scope": {
            "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368",
            "displayName": "Pay-As-You-Go",
            "type": "subscription"
          }
        }
      },
      "name": "570c3619-7688-4b34-b290-2b8bb3ccab2a",
      "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/570c3619-7688-4b34-b290-2b8bb3ccab2a",
      "type": "Microsoft.Authorization/RoleManagementPolicies"
    }
  ]
}

定义

名称	说明
CloudError	来自服务的错误响应。
CloudErrorBody	来自服务的错误响应。
PolicyProperties	资源范围的扩展信息
Principal	上次修改它的实体的名称
RoleManagementPolicy	角色管理策略
RoleManagementPolicyListResult	角色管理策略列表操作结果。
Scope	资源范围的详细信息

CloudError

来自服务的错误响应。

名称	类型	说明
error	CloudErrorBody	来自服务的错误响应。

CloudErrorBody

来自服务的错误响应。

名称	类型	说明
code	string	错误的标识符。代码是固定的，旨在以编程方式使用。
message	string	描述错误的消息，该消息适用于在用户界面中显示。

PolicyProperties

资源范围的扩展信息

名称	类型	说明
scope	Scope	资源范围的详细信息

Principal

上次修改它的实体的名称

名称	类型	说明
displayName	string	已更改的主体的名称
email	string	主体Email
id	string	已更改的主体的 ID
type	string	主体的类型，例如用户、组等

RoleManagementPolicy

角色管理策略

名称	类型	说明
id	string	角色管理策略 ID。
name	string	角色管理策略名称。
properties.description	string	角色管理策略说明。
properties.displayName	string	角色管理策略显示名称。
properties.effectiveRules	RoleManagementPolicyRule[]	应用于策略的只读计算规则。
properties.isOrganizationDefault	boolean	角色管理策略是默认策略。
properties.lastModifiedBy	Principal	上次修改它的实体的名称
properties.lastModifiedDateTime	string	上次修改的日期时间。
properties.policyProperties	PolicyProperties	范围的其他属性
properties.rules	RoleManagementPolicyRule[]	应用于策略的规则。
properties.scope	string	角色管理策略范围。
type	string	角色管理策略类型。

RoleManagementPolicyListResult

角色管理策略列表操作结果。

名称	类型	说明
nextLink	string	用于获取下一组结果的 URL。
value	RoleManagementPolicy[]	角色管理策略列表。

Scope

资源范围的详细信息

名称	类型	说明
displayName	string	资源的显示名称
id	string	资源的范围 ID
type	string	资源的类型

Role Management Policies - List For Scope

URI 参数

响应

安全性

azure_auth

Scopes

示例

GetRoleManagementPolicyByRoleDefinitionFilter

Sample Request

Sample Response

定义

CloudError

CloudErrorBody

PolicyProperties

Principal

RoleManagementPolicy

RoleManagementPolicyListResult

Scope

其他资源