az dt role-assignment
Note
This reference is part of the azure-iot extension for the Azure CLI (version 2.46.0 or higher). The extension will automatically install the first time you run an az dt role-assignment command. Learn more about extensions.
Manage RBAC role assignments for a Digital Twins instance.
Note that in order to perform role assignments, the logged in principal needs permissions such as Owner or User Access Administrator at the assigned scope.
This command group is provided for convenience. For more complex role assignment scenarios use the 'az role assignment' command group.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az dt role-assignment create |
Assign a user, group or service principal to a role against a Digital Twins instance. |
Extension | GA |
| az dt role-assignment delete |
Remove a user, group or service principal role assignment from a Digital Twins instance. |
Extension | GA |
| az dt role-assignment list |
List the existing role assignments of a Digital Twins instance. |
Extension | GA |
az dt role-assignment create
Assign a user, group or service principal to a role against a Digital Twins instance.
Note that in order to perform role assignments, the logged in principal needs permissions such as Owner or User Access Administrator at the assigned scope.
az dt role-assignment create --assignee
--dt-name
--role
[--resource-group]Examples
Assign a user (by email) the built-in Digital Twins Owner role against a target instance.
az dt role-assignment create -n {instance_name} --assignee "owneruser@microsoft.com" --role "Azure Digital Twins Data Owner"Assign a user (by object Id) the built-in Digital Twins Reader role against a target instance.
az dt role-assignment create -n {instance_name} --assignee "97a89267-0966-4054-a156-b7d86ef8e216" --role "Azure Digital Twins Data Reader"Assign a service principal a custom role against a target instance.
az dt role-assignment create -n {instance_name} --assignee {service_principal_name_or_id} --role {role_name_or_id}Required Parameters
Represent a user, group, or service principal. supported format: object id, user sign-in name, or service principal name.
Digital Twins instance name.
Role name or Id.
Optional Parameters
Digital Twins instance resource group. You can configure the default group using az configure --defaults group={name}.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az dt role-assignment delete
Remove a user, group or service principal role assignment from a Digital Twins instance.
Note that in order to perform role assignments, the logged in principal needs permissions such as Owner or User Access Administrator at the assigned scope.
az dt role-assignment delete --dt-name
[--assignee]
[--resource-group]
[--role]Examples
Remove a user from a specific role assignment of a Digital Twins instance.
az dt role-assignment delete -n {instance_name} --assignee "removeuser@microsoft.com" --role "Azure Digital Twins Data Reader"Remove a user from all assigned roles of a Digital Twins instance.
az dt role-assignment delete -n {instance_name} --assignee "removeuser@microsoft.com"Required Parameters
Digital Twins instance name.
Optional Parameters
Represent a user, group, or service principal. supported format: object id, user sign-in name, or service principal name.
Digital Twins instance resource group. You can configure the default group using az configure --defaults group={name}.
Role name or Id.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az dt role-assignment list
List the existing role assignments of a Digital Twins instance.
az dt role-assignment list --dt-name
[--include-inherited {false, true}]
[--resource-group]
[--role]Examples
List the role assignments on a target instance.
az dt role-assignment list -n {instance_name}List the role assignments on a target instance and filter by role.
az dt role-assignment list -n {instance_name} --role {role_name_or_id}Required Parameters
Digital Twins instance name.
Optional Parameters
Include assignments applied on parent scopes.
Digital Twins instance resource group. You can configure the default group using az configure --defaults group={name}.
Role name or Id.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
