Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Create (or update, or delete) role based on template:
- ```sh
- az role definition create --role-definition "~/CustomRoles/ReaderSupportRole.json"
- az role definition update --role-definition "~/CustomRoles/ReaderSupportRole.json"
- az role definition delete --name "Reader Support Tickets"
- ```
- template:
- ```json
- {
- "Name": "Reader Support Tickets",
- "IsCustom": true,
- "Description": "View everything in the subscription and also open support tickets.",
- "Actions": [
- "*/read",
- "Microsoft.Support/*"
- ],
- "NotActions": [],
- "DataActions": [],
- "NotDataActions": [],
- "AssignableScopes": [
- "/subscriptions/00000000-0000-0000-0000-000000000000"
- ]
- }
- ```
- List cutom roles:
- ```sh
- az role definition list --custom-role-only true
- ```
- What roles does a user have:
- ```sh
- az role assignment list --all --assignee richard.cowin@hansard.com
- ```
- Grant access to user / group:
- ```sh
- az role assignment create --role "Virtual Machine Contributor" --assignee patlong@contoso.com --resource-group pharma-sales --include-groups
- az role assignment create --role "Virtual Machine Contributor" \
- --assignee-object-id xxx-yyy-zzz \
- --scope /subscriptions/00000000-000000-000000-000000
- ```
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement