Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
- Latest
- 2025-11-01
- 2025-06-01-preview
- 2025-05-01-preview
- 2025-04-01
- 2025-03-01-preview
- 2024-11-01-preview
- 2023-11-01-preview
- 2023-08-01-preview
- 2023-07-01
- 2023-06-01-preview
- 2023-01-01-preview
- 2022-12-01
- 2022-02-01-preview
- 2021-12-01-preview
- 2021-08-01-preview
- 2021-06-01-preview
- 2020-11-01-preview
- 2019-05-01-preview
Bicep resource definition
The registries/scopeMaps resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ContainerRegistry/registries/scopeMaps resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.ContainerRegistry/registries/scopeMaps@2025-05-01-preview' = {
parent: resourceSymbolicName
name: 'string'
properties: {
actions: [
'string'
]
description: 'string'
}
}
Property Values
Microsoft.ContainerRegistry/registries/scopeMaps
| Name | Description | Value |
|---|---|---|
| name | The resource name | string Constraints: Min length = 5 Max length = 50 Pattern = ^[a-zA-Z0-9-_]*$ (required) |
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: registries |
| properties | The properties of the scope map. | ScopeMapProperties |
ScopeMapProperties
| Name | Description | Value |
|---|---|---|
| actions | The list of scoped permissions for registry artifacts. E.g. repositories/repository-name/content/read, repositories/repository-name/metadata/write |
string[] (required) |
| description | The user friendly description of the scope map. | string |
Usage Examples
Bicep Samples
A basic example of deploying Azure Container Registry scope map.
param resourceName string = 'acctest0001'
param location string = 'westeurope'
resource registry 'Microsoft.ContainerRegistry/registries@2021-08-01-preview' = {
name: resourceName
location: location
properties: {
adminUserEnabled: false
anonymousPullEnabled: false
dataEndpointEnabled: false
encryption: {
status: 'disabled'
}
networkRuleBypassOptions: 'AzureServices'
policies: {
exportPolicy: {
status: 'enabled'
}
quarantinePolicy: {
status: 'disabled'
}
retentionPolicy: {
status: 'disabled'
}
trustPolicy: {
status: 'disabled'
}
}
publicNetworkAccess: 'Enabled'
zoneRedundancy: 'Disabled'
}
sku: {
name: 'Premium'
tier: 'Premium'
}
}
resource scopeMap 'Microsoft.ContainerRegistry/registries/scopeMaps@2021-08-01-preview' = {
parent: registry
name: resourceName
properties: {
actions: [
'repositories/testrepo/content/read'
]
description: ''
}
}
ARM template resource definition
The registries/scopeMaps resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ContainerRegistry/registries/scopeMaps resource, add the following JSON to your template.
{
"type": "Microsoft.ContainerRegistry/registries/scopeMaps",
"apiVersion": "2025-05-01-preview",
"name": "string",
"properties": {
"actions": [ "string" ],
"description": "string"
}
}
Property Values
Microsoft.ContainerRegistry/registries/scopeMaps
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2025-05-01-preview' |
| name | The resource name | string Constraints: Min length = 5 Max length = 50 Pattern = ^[a-zA-Z0-9-_]*$ (required) |
| properties | The properties of the scope map. | ScopeMapProperties |
| type | The resource type | 'Microsoft.ContainerRegistry/registries/scopeMaps' |
ScopeMapProperties
| Name | Description | Value |
|---|---|---|
| actions | The list of scoped permissions for registry artifacts. E.g. repositories/repository-name/content/read, repositories/repository-name/metadata/write |
string[] (required) |
| description | The user friendly description of the scope map. | string |
Usage Examples
Terraform (AzAPI provider) resource definition
The registries/scopeMaps resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ContainerRegistry/registries/scopeMaps resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.ContainerRegistry/registries/scopeMaps@2025-05-01-preview"
name = "string"
parent_id = "string"
body = {
properties = {
actions = [
"string"
]
description = "string"
}
}
}
Property Values
Microsoft.ContainerRegistry/registries/scopeMaps
| Name | Description | Value |
|---|---|---|
| name | The resource name | string Constraints: Min length = 5 Max length = 50 Pattern = ^[a-zA-Z0-9-_]*$ (required) |
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: registries |
| properties | The properties of the scope map. | ScopeMapProperties |
| type | The resource type | "Microsoft.ContainerRegistry/registries/scopeMaps@2025-05-01-preview" |
ScopeMapProperties
| Name | Description | Value |
|---|---|---|
| actions | The list of scoped permissions for registry artifacts. E.g. repositories/repository-name/content/read, repositories/repository-name/metadata/write |
string[] (required) |
| description | The user friendly description of the scope map. | string |
Usage Examples
Terraform Samples
A basic example of deploying Azure Container Registry scope map.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
}
}
}
provider "azapi" {
skip_provider_registration = false
}
variable "resource_name" {
type = string
default = "acctest0001"
}
variable "location" {
type = string
default = "westeurope"
}
resource "azapi_resource" "resourceGroup" {
type = "Microsoft.Resources/resourceGroups@2020-06-01"
name = var.resource_name
location = var.location
}
resource "azapi_resource" "registry" {
type = "Microsoft.ContainerRegistry/registries@2021-08-01-preview"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
location = var.location
body = {
properties = {
adminUserEnabled = false
anonymousPullEnabled = false
dataEndpointEnabled = false
encryption = {
status = "disabled"
}
networkRuleBypassOptions = "AzureServices"
policies = {
exportPolicy = {
status = "enabled"
}
quarantinePolicy = {
status = "disabled"
}
retentionPolicy = {
status = "disabled"
}
trustPolicy = {
status = "disabled"
}
}
publicNetworkAccess = "Enabled"
zoneRedundancy = "Disabled"
}
sku = {
name = "Premium"
tier = "Premium"
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "scopeMap" {
type = "Microsoft.ContainerRegistry/registries/scopeMaps@2021-08-01-preview"
parent_id = azapi_resource.registry.id
name = var.resource_name
body = {
properties = {
actions = [
"repositories/testrepo/content/read",
]
description = ""
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}