speech

rest api role assignment

This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Role Assignments - Get

Get a role assignment by scope and name.

URI Parameters

Permissions.

To call this API, you must be assigned a role that has the following permissions. For more information, see Azure built-in roles .

Microsoft.Authorization/roleAssignments/read

Azure Active Directory OAuth2 Flow

Type: oauth2 Flow: implicit Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Get role assignment by scope and name

Sample request.

To use the Azure SDK library in your project, see this documentation . To provide feedback on this code sample, open a GitHub issue

Sample response

Definitions, error additional info.

The resource management error additional info.

Error Detail

The error detail.

Error Response

Error response

Principal Type

The principal type of the assigned principal ID.

Role Assignment

Role Assignments

Additional resources

Navigation Menu

Search code, repositories, users, issues, pull requests..., provide feedback.

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly.

To see all available qualifiers, see our documentation .

  • Notifications You must be signed in to change notification settings

role-assignments-rest.md

Latest commit, file metadata and controls, assign azure roles using the rest api.

[!INCLUDE Azure RBAC definition grant access ] This article describes how to assign roles using the REST API.

Prerequisites

[!INCLUDE Azure role assignment prerequisites ]

You must use the following versions:

  • 2015-07-01 or later to assign an Azure role
  • 2018-09-01-preview or later to assign an Azure role to a new service principal

For more information, see API versions of Azure RBAC REST APIs .

Assign an Azure role

To assign a role, use the Role Assignments - Create REST API and specify the security principal, role definition, and scope. To call this API, you must have access to the Microsoft.Authorization/roleAssignments/write action, such as Role Based Access Control Administrator .

Use the Role Definitions - List REST API or see Built-in roles to get the identifier for the role definition you want to assign.

Use a GUID tool to generate a unique identifier that will be used for the role assignment identifier. The identifier has the format: 00000000-0000-0000-0000-000000000000

Start with the following request and body:

Within the URI, replace {scope} with the scope for the role assignment.

[!div class="mx-tableFixed"] Scope Type providers/Microsoft.Management/managementGroups/{groupId1} Management group subscriptions/{subscriptionId1} Subscription subscriptions/{subscriptionId1}/resourceGroups/myresourcegroup1 Resource group subscriptions/{subscriptionId1}/resourceGroups/myresourcegroup1/providers/microsoft.web/sites/mysite1 Resource

In the previous example, microsoft.web is a resource provider that refers to an App Service instance. Similarly, you can use any other resource providers and specify the scope. For more information, see Azure Resource providers and types and supported Azure resource provider operations .

Replace {roleAssignmentId} with the GUID identifier of the role assignment.

Within the request body, replace {scope} with the same scope as in the URI.

Replace {roleDefinitionId} with the role definition identifier.

Replace {principalId} with the object identifier of the user, group, or service principal that will be assigned the role.

The following request and body assigns the Backup Reader role to a user at subscription scope:

The following shows an example of the output:

New service principal

If you create a new service principal and immediately try to assign a role to that service principal, that role assignment can fail in some cases. For example, if you create a new managed identity and then try to assign a role to that service principal, the role assignment might fail. The reason for this failure is likely a replication delay. The service principal is created in one region; however, the role assignment might occur in a different region that hasn't replicated the service principal yet.

To address this scenario, use the Role Assignments - Create REST API and set the principalType property to ServicePrincipal . You must also set the apiVersion to 2018-09-01-preview or later. 2022-04-01 is the first stable version.

  • List Azure role assignments using the REST API
  • Deploy resources with Resource Manager templates and Resource Manager REST API
  • Azure REST API Reference
  • Create or update Azure custom roles using the REST API

COMMENTS

  1. Assign Azure roles using the REST API

    Learn more about [Authorization Role Assignments Operations]. How to [Create,Create By Id,Delete,Delete By Id,Get,Get By Id,List For Resource,List For Resource.

  2. Role Assignments

    Learn more about Authorization service - Create or update a role assignment by scope and name.

  3. Role Assignments

    Get a role assignment by scope and name. GET https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}?api …

  4. role-assignments-list-rest.md

    List Azure role assignments using the REST API - Azure RBAC Learn how to determine what resources users, groups, service principals, or managed identities have access …

  5. azure management api

    List Azure role assignments using the REST API - Azure RBAC. Currently it is not feasible to retrieve the role assignments via Azure Resource Graph. Alternatively, you can make use of Azure PowerShell or Azure CLI. Get …

  6. azure-docs/articles/role-based-access-control/role-assignments …

    To assign a role, use the Role Assignments - Create REST API and specify the security principal, role definition, and scope. To call this API, you must have access to the …