Share via


az policy assignment identity

Manage a policy assignment's managed identity.

Commands

Name Description Type Status
az policy assignment identity assign

Add a system assigned identity or a user assigned identity to a policy assignment.

Core GA
az policy assignment identity remove

Remove a managed identity from a policy assignment.

Core GA
az policy assignment identity show

Show a policy assignment's managed identity.

Core GA

az policy assignment identity assign

Add a system assigned identity or a user assigned identity to a policy assignment.

az policy assignment identity assign --name
                                     [--identity-scope]
                                     [--resource-group]
                                     [--role]
                                     [--scope]
                                     [--system-assigned]
                                     [--user-assigned]

Examples

Add a system assigned managed identity to a policy assignment.

az policy assignment identity assign --system-assigned -g MyResourceGroup -n MyPolicyAssignment

Add a system assigned managed identity to a policy assignment and grant it the 'Contributor' role for the current resource group.

az policy assignment identity assign --system-assigned -g MyResourceGroup -n MyPolicyAssignment --role Contributor --identity-scope /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup

Add a user assigned managed identity to a policy assignment.

az policy assignment identity assign --user-assigned MyAssignedId -g MyResourceGroup -n MyPolicyAssignment

Required Parameters

--name -n

Name of the policy assignment.

Optional Parameters

--identity-scope

Scope that the system assigned identity can access.

--resource-group -g

The resource group where the policy will be applied.

--role

Role name or id that will be assigned to the managed identity.

Default value: Contributor
--scope

Scope at which this policy assignment subcommand applies. Defaults to current context subscription.

--system-assigned

Provide this flag to use system assigned identity for policy assignment. Check out help for more examples.

--user-assigned

UserAssigned Identity Id to be used for policy assignment. Check out help for more examples.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az policy assignment identity remove

Remove a managed identity from a policy assignment.

az policy assignment identity remove --name
                                     [--resource-group]
                                     [--scope]

Required Parameters

--name -n

Name of the policy assignment.

Optional Parameters

--resource-group -g

The resource group where the policy will be applied.

--scope

Scope at which this policy assignment subcommand applies. Defaults to current context subscription.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az policy assignment identity show

Show a policy assignment's managed identity.

az policy assignment identity show --name
                                   [--resource-group]
                                   [--scope]

Examples

Show a policy assignment's managed identity. (autogenerated)

az policy assignment identity show --name MyPolicyAssignment --scope '/providers/Microsoft.Management/managementGroups/MyManagementGroup'

Required Parameters

--name -n

Name of the policy assignment.

Optional Parameters

--resource-group -g

The resource group where the policy will be applied.

--scope

Scope at which this policy assignment subcommand applies. Defaults to current context subscription.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.