您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

Policy Assignments - List For Resource

Retrieves all policy assignments that apply to a resource.
This operation retrieves the list of all policy assignments associated with the specified resource in the given resource group and subscription that match the optional given $filter. Valid values for $filter are: 'atScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the resource, including those that apply directly or from all containing scopes, as well as any applied to resources contained within the resource. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the resource, which is everything in the unfiltered list except those applied to resources contained within the resource. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the resource. Three parameters plus the resource name are used to identify a specific resource. If the resource is not part of a parent resource (the more common case), the parent resource path should not be provided (or provided as ''). For example a web app could be specified as ({resourceProviderNamespace} == 'Microsoft.Web', {parentResourcePath} == '', {resourceType} == 'sites', {resourceName} == 'MyWebApp'). If the resource is part of a parent resource, then all parameters should be provided. For example a virtual machine DNS name could be specified as ({resourceProviderNamespace} == 'Microsoft.Compute', {parentResourcePath} == 'virtualMachines/MyVirtualMachine', {resourceType} == 'domainNames', {resourceName} == 'MyComputerName'). A convenient alternative to providing the namespace and type name separately is to provide both in the {resourceType} parameter, format: ({resourceProviderNamespace} == '', {parentResourcePath} == '', {resourceType} == 'Microsoft.Web/sites', {resourceName} == 'MyWebApp').

GET https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/policyAssignments?api-version=2019-06-01
GET https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/policyAssignments?$filter={$filter}&api-version=2019-06-01

URI Parameters

Name In Required Type Description
subscriptionId
path True
  • string

The ID of the target subscription.

resourceGroupName
path True
  • string

The name of the resource group containing the resource.

Regex pattern: ^[-\w\._\(\)]+$

resourceProviderNamespace
path True
  • string

The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines)

parentResourcePath
path True
  • string

The parent resource path. Use empty string if there is none.

resourceType
path True
  • string

The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites).

resourceName
path True
  • string

The name of the resource.

$filter
query
  • string

The filter to apply on the operation. Valid values for $filter are: 'atScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed.

api-version
query True
  • string

The API version to use for the operation.

Responses

Name Type Description
200 OK

OK - Returns an array of policy assignments.

Other Status Codes

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

List all policy assignments that apply to a resource

Sample Request

GET https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourcegroups/TestResourceGroup/providers/Microsoft.Compute/virtualMachines/MyTestVm/domainNames/MyTestComputer.cloudapp.net/providers/Microsoft.Authorization/policyAssignments?api-version=2019-06-01

Sample Response

{
  "value": [
    {
      "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement",
      "type": "Microsoft.Authorization/policyAssignments",
      "name": "TestCostManagement",
      "location": "eastus",
      "identity": {
        "type": "SystemAssigned",
        "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a",
        "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135"
      },
      "properties": {
        "displayName": "VM Cost Management",
        "description": "Minimize the risk of accidental cost overruns",
        "metadata": {
          "category": "Cost Management"
        },
        "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/vmSkus",
        "parameters": {
          "allowedSkus": {
            "type": "Array"
          }
        },
        "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup",
        "notScopes": []
      },
      "sku": {
        "name": "A0",
        "tier": "Free"
      }
    },
    {
      "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement",
      "type": "Microsoft.Authorization/policyAssignments",
      "name": "TestTagEnforcement",
      "properties": {
        "displayName": "Enforces a tag key and value",
        "description": "Ensure a given tag key and value are present on all resources",
        "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue",
        "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup",
        "notScopes": []
      },
      "sku": {
        "name": "A0",
        "tier": "Free"
      }
    }
  ]
}

Definitions

enforcementMode

The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.

ErrorResponse

Error response indicates Azure Resource Manager is not able to process the incoming request. The reason is provided in the error message.

Identity

Identity for the resource.

PolicyAssignment

The policy assignment.

PolicyAssignmentListResult

List of policy assignments.

PolicySku

The policy sku. This property is optional, obsolete, and will be ignored.

ResourceIdentityType

The identity type.

enforcementMode

The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.

Name Type Description
Default
  • string

The policy effect is enforced during resource creation or update.

DoNotEnforce
  • string

The policy effect is not enforced during resource creation or update.

ErrorResponse

Error response indicates Azure Resource Manager is not able to process the incoming request. The reason is provided in the error message.

Name Type Description
errorCode
  • string

Error code.

errorMessage
  • string

Error message indicating why the operation failed.

httpStatus
  • string

Http status code.

Identity

Identity for the resource.

Name Type Description
principalId
  • string

The principal ID of the resource identity.

tenantId
  • string

The tenant ID of the resource identity.

type

The identity type.

PolicyAssignment

The policy assignment.

Name Type Description
id
  • string

The ID of the policy assignment.

identity

The managed identity associated with the policy assignment.

location
  • string

The location of the policy assignment. Only required when utilizing managed identity.

name
  • string

The name of the policy assignment.

properties.description
  • string

This message will be part of response in case of policy violation.

properties.displayName
  • string

The display name of the policy assignment.

properties.enforcementMode

The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.

properties.metadata
  • object

The policy assignment metadata.

properties.notScopes
  • string[]

The policy's excluded scopes.

properties.parameters
  • object

Required if a parameter is used in policy rule.

properties.policyDefinitionId
  • string

The ID of the policy definition or policy set definition being assigned.

properties.scope
  • string

The scope for the policy assignment.

sku

The policy sku. This property is optional, obsolete, and will be ignored.

type
  • string

The type of the policy assignment.

PolicyAssignmentListResult

List of policy assignments.

Name Type Description
nextLink
  • string

The URL to use for getting the next set of results.

value

An array of policy assignments.

PolicySku

The policy sku. This property is optional, obsolete, and will be ignored.

Name Type Description
name
  • string

The name of the policy sku. Possible values are A0 and A1.

tier
  • string

The policy sku tier. Possible values are Free and Standard.

ResourceIdentityType

The identity type.

Name Type Description
None
  • string
SystemAssigned
  • string