您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

Policy Assignments - Create By Id

Creates or updates a policy assignment.
This operation creates or updates the policy assignment with the given ID. Policy assignments made on a scope apply to all resources contained in that scope. For example, when you assign a policy to a resource group that policy applies to all resources in the group. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'.

PUT https://management.azure.com/{policyAssignmentId}?api-version=2018-05-01

URI Parameters

Name In Required Type Description
policyAssignmentId
path True
  • string

The ID of the policy assignment to create. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.

api-version
query True
  • string

The API version to use for the operation.

Request Body

Name Type Description
identity

The managed identity associated with the policy assignment.

location
  • string

The location of the policy assignment. Only required when utilizing managed identity.

properties.description
  • string

This message will be part of response in case of policy violation.

properties.displayName
  • string

The display name of the policy assignment.

properties.metadata
  • object

The policy assignment metadata.

properties.notScopes
  • string[]

The policy's excluded scopes.

properties.parameters
  • object

Required if a parameter is used in policy rule.

properties.policyDefinitionId
  • string

The ID of the policy definition or policy set definition being assigned.

properties.scope
  • string

The scope for the policy assignment.

sku

The policy sku. This property is optional, obsolete, and will be ignored.

Responses

Name Type Description
201 Created

Created - Returns information about the policy assignment.

Other Status Codes

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

Create or update policy assignment by ID
Create or update policy assignment with a managed identity by ID

Create or update policy assignment by ID

Sample Request

PUT https://management.azure.com/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage?api-version=2018-05-01
{
  "properties": {
    "displayName": "Enforce storage account SKU",
    "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created",
    "metadata": {
      "assignedBy": "Cheapskate Boss"
    },
    "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
    "parameters": {
      "listOfAllowedSKUs": {
        "value": [
          "Standard_GRS",
          "Standard_LRS"
        ]
      }
    }
  }
}

Sample Response

{
  "properties": {
    "displayName": "Enforce storage account SKU",
    "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created",
    "metadata": {
      "assignedBy": "Cheapskate Boss"
    },
    "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
    "notScopes": [],
    "parameters": {
      "listOfAllowedSKUs": {
        "value": [
          "Standard_GRS",
          "Standard_LRS"
        ]
      }
    }
  },
  "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage",
  "type": "Microsoft.Authorization/policyAssignments",
  "name": "LowCostStorage"
}

Create or update policy assignment with a managed identity by ID

Sample Request

PUT https://management.azure.com/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage?api-version=2018-05-01
{
  "identity": {
    "type": "SystemAssigned"
  },
  "location": "eastus",
  "properties": {
    "displayName": "Enforce storage account SKU",
    "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created",
    "metadata": {
      "assignedBy": "Cheapskate Boss"
    },
    "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
    "parameters": {
      "listOfAllowedSKUs": {
        "value": [
          "Standard_GRS",
          "Standard_LRS"
        ]
      }
    }
  }
}

Sample Response

{
  "properties": {
    "displayName": "Enforce storage account SKU",
    "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created",
    "metadata": {
      "assignedBy": "Cheapskate Boss"
    },
    "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
    "notScopes": [],
    "parameters": {
      "listOfAllowedSKUs": {
        "value": [
          "Standard_GRS",
          "Standard_LRS"
        ]
      }
    }
  },
  "identity": {
    "type": "SystemAssigned",
    "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a",
    "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135"
  },
  "location": "eastus",
  "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage",
  "type": "Microsoft.Authorization/policyAssignments",
  "name": "LowCostStorage"
}

Definitions

ErrorResponse

Error response indicates Azure Resource Manager is not able to process the incoming request. The reason is provided in the error message.

Identity

Identity for the resource.

PolicyAssignment

The policy assignment.

PolicySku

The policy sku. This property is optional, obsolete, and will be ignored.

ResourceIdentityType

The identity type.

ErrorResponse

Error response indicates Azure Resource Manager is not able to process the incoming request. The reason is provided in the error message.

Name Type Description
errorCode
  • string

Error code.

errorMessage
  • string

Error message indicating why the operation failed.

httpStatus
  • string

Http status code.

Identity

Identity for the resource.

Name Type Description
principalId
  • string

The principal ID of the resource identity.

tenantId
  • string

The tenant ID of the resource identity.

type

The identity type.

PolicyAssignment

The policy assignment.

Name Type Description
id
  • string

The ID of the policy assignment.

identity

The managed identity associated with the policy assignment.

location
  • string

The location of the policy assignment. Only required when utilizing managed identity.

name
  • string

The name of the policy assignment.

properties.description
  • string

This message will be part of response in case of policy violation.

properties.displayName
  • string

The display name of the policy assignment.

properties.metadata
  • object

The policy assignment metadata.

properties.notScopes
  • string[]

The policy's excluded scopes.

properties.parameters
  • object

Required if a parameter is used in policy rule.

properties.policyDefinitionId
  • string

The ID of the policy definition or policy set definition being assigned.

properties.scope
  • string

The scope for the policy assignment.

sku

The policy sku. This property is optional, obsolete, and will be ignored.

type
  • string

The type of the policy assignment.

PolicySku

The policy sku. This property is optional, obsolete, and will be ignored.

Name Type Description
name
  • string

The name of the policy sku. Possible values are A0 and A1.

tier
  • string

The policy sku tier. Possible values are Free and Standard.

ResourceIdentityType

The identity type.

Name Type Description
None
  • string
SystemAssigned
  • string