az keyvault role definition
Manage role definitions.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az keyvault role definition create |
Create a custom role definition. |
Core | GA |
| az keyvault role definition delete |
Delete a role definition. |
Core | GA |
| az keyvault role definition list |
List role definitions. |
Core | GA |
| az keyvault role definition show |
Show the details of a role definition. |
Core | GA |
| az keyvault role definition update |
Update a role definition. |
Core | GA |
az keyvault role definition create
Create a custom role definition.
az keyvault role definition create --hsm-name
--role-definitionExamples
Create a role by a JSON string.
az keyvault role definition create --hsm-name MyHSM --role-definition '{
"roleName": "My Custom Role",
"description": "The description of the custom rule.",
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.KeyVault/managedHsm/keys/read/action"
],
"notDataActions": []
}'Create a role from a file containing a JSON description.
az keyvault role definition create --hsm-name MyHSM --role-definition @keyvault-role.jsonRequired Parameters
Name of the HSM.
Description of a role as JSON, or a path to a file containing a JSON description.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az keyvault role definition delete
Delete a role definition.
az keyvault role definition delete --hsm-name
[--name]
[--role-id]Required Parameters
Name of the HSM.
Optional Parameters
The role definition name. This is a GUID in the "name" property of a role definition.
The role definition ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az keyvault role definition list
List role definitions.
az keyvault role definition list [--custom-role-only {false, true}]
[--hsm-name]
[--scope]Optional Parameters
Only show custom role definitions.
Name of the HSM.
Scope at which the role assignment or definition applies to, e.g., "/" or "/keys" or "/keys/{keyname}".
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az keyvault role definition show
Show the details of a role definition.
az keyvault role definition show --hsm-name
[--name]
[--role-id]Required Parameters
Name of the HSM.
Optional Parameters
The role definition name. This is a GUID in the "name" property of a role definition.
The role definition ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az keyvault role definition update
Update a role definition.
az keyvault role definition update --hsm-name
--role-definitionExamples
Update a role by a JSON string.
az keyvault role definition update --hsm-name MyHSM --role-definition '{
"roleName": "My Custom Role",
"name": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"id": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"description": "The description of the custom rule.",
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.KeyVault/managedHsm/keys/read/action",
"Microsoft.KeyVault/managedHsm/keys/write/action",
"Microsoft.KeyVault/managedHsm/keys/backup/action",
"Microsoft.KeyVault/managedHsm/keys/create"
],
"notDataActions": []
}'Update a role from a file containing a JSON description.
az keyvault role definition update --hsm-name MyHSM --role-definition @keyvault-role.jsonRequired Parameters
Name of the HSM.
Description of a role as JSON, or a path to a file containing a JSON description.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
