Role Management Policy Assignments - List For Scope
Gets role management assignment policies for a resource scope.
GET https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleManagementPolicyAssignments?api-version=2020-10-01URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
scope
|
path | True |
string |
The scope of the role management policy. |
|
api-version
|
query | True |
string |
The API version to use for this operation. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
OK - Returns an array of role management policies. |
|
| Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name | Description |
|---|---|
| user_impersonation | impersonate your user account |
Examples
GetRoleManagementPolicyAssignmentByScope
Sample Request
GET https://management.azure.com/providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicyAssignments?api-version=2020-10-01
Sample Response
{
"value": [
{
"properties": {
"scope": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368",
"roleDefinitionId": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
"policyId": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9",
"effectiveRules": [
{
"enabledRules": [],
"id": "Enablement_Admin_Eligibility",
"ruleType": "RoleManagementPolicyEnablementRule",
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Eligibility",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"isExpirationRequired": true,
"maximumDuration": "P90D",
"id": "Expiration_Admin_Eligibility",
"ruleType": "RoleManagementPolicyExpirationRule",
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Eligibility",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"notificationType": "Email",
"recipientType": "Admin",
"isDefaultRecipientsEnabled": false,
"notificationLevel": "Critical",
"notificationRecipients": [
"admin_admin_eligible@test.com"
],
"id": "Notification_Admin_Admin_Eligibility",
"ruleType": "RoleManagementPolicyNotificationRule",
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Eligibility",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"notificationType": "Email",
"recipientType": "Requestor",
"isDefaultRecipientsEnabled": false,
"notificationLevel": "Critical",
"notificationRecipients": [
"requestor_admin_eligible@test.com"
],
"id": "Notification_Requestor_Admin_Eligibility",
"ruleType": "RoleManagementPolicyNotificationRule",
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Eligibility",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"notificationType": "Email",
"recipientType": "Approver",
"isDefaultRecipientsEnabled": false,
"notificationLevel": "Critical",
"notificationRecipients": [
"approver_admin_eligible@test.com"
],
"id": "Notification_Approver_Admin_Eligibility",
"ruleType": "RoleManagementPolicyNotificationRule",
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Eligibility",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"enabledRules": [
"MultiFactorAuthentication",
"Justification"
],
"id": "Enablement_Admin_Assignment",
"ruleType": "RoleManagementPolicyEnablementRule",
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Assignment",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"isExpirationRequired": false,
"maximumDuration": "P90D",
"id": "Expiration_Admin_Assignment",
"ruleType": "RoleManagementPolicyExpirationRule",
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Assignment",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"notificationType": "Email",
"recipientType": "Admin",
"isDefaultRecipientsEnabled": false,
"notificationLevel": "Critical",
"notificationRecipients": [
"admin_admin_member@test.com"
],
"id": "Notification_Admin_Admin_Assignment",
"ruleType": "RoleManagementPolicyNotificationRule",
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Assignment",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"notificationType": "Email",
"recipientType": "Requestor",
"isDefaultRecipientsEnabled": false,
"notificationLevel": "Critical",
"notificationRecipients": [
"requestor_admin_member@test.com"
],
"id": "Notification_Requestor_Admin_Assignment",
"ruleType": "RoleManagementPolicyNotificationRule",
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Assignment",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"notificationType": "Email",
"recipientType": "Approver",
"isDefaultRecipientsEnabled": false,
"notificationLevel": "Critical",
"notificationRecipients": [
"approver_admin_member@test.com"
],
"id": "Notification_Approver_Admin_Assignment",
"ruleType": "RoleManagementPolicyNotificationRule",
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Assignment",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"setting": {
"isApprovalRequired": true,
"isApprovalRequiredForExtension": false,
"isRequestorJustificationRequired": true,
"approvalMode": "SingleStage",
"approvalStages": [
{
"approvalStageTimeOutInDays": 1,
"isApproverJustificationRequired": true,
"escalationTimeInMinutes": 0,
"primaryApprovers": [
{
"id": "2385b0f3-5fa9-43cf-8ca4-b01dc97298cd",
"description": "amansw_new_group",
"isBackup": false,
"userType": "Group"
},
{
"id": "2f4913c9-d15b-406a-9946-1d66a28f2690",
"description": "amansw_group",
"isBackup": false,
"userType": "Group"
}
],
"isEscalationEnabled": false,
"escalationApprovers": null
}
]
},
"id": "Approval_EndUser_Assignment",
"ruleType": "RoleManagementPolicyApprovalRule",
"target": {
"caller": "EndUser",
"operations": [
"All"
],
"level": "Assignment",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"isEnabled": false,
"claimValue": "",
"id": "AuthenticationContext_EndUser_Assignment",
"ruleType": "RoleManagementPolicyAuthenticationContextRule",
"target": {
"caller": "EndUser",
"operations": [
"All"
],
"level": "Assignment",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"enabledRules": [
"MultiFactorAuthentication",
"Justification",
"Ticketing"
],
"id": "Enablement_EndUser_Assignment",
"ruleType": "RoleManagementPolicyEnablementRule",
"target": {
"caller": "EndUser",
"operations": [
"All"
],
"level": "Assignment",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"isExpirationRequired": true,
"maximumDuration": "PT7H",
"id": "Expiration_EndUser_Assignment",
"ruleType": "RoleManagementPolicyExpirationRule",
"target": {
"caller": "EndUser",
"operations": [
"All"
],
"level": "Assignment",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"notificationType": "Email",
"recipientType": "Admin",
"isDefaultRecipientsEnabled": false,
"notificationLevel": "Critical",
"notificationRecipients": [
"admin_enduser_member@test.com"
],
"id": "Notification_Admin_EndUser_Assignment",
"ruleType": "RoleManagementPolicyNotificationRule",
"target": {
"caller": "EndUser",
"operations": [
"All"
],
"level": "Assignment",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"notificationType": "Email",
"recipientType": "Requestor",
"isDefaultRecipientsEnabled": false,
"notificationLevel": "Critical",
"notificationRecipients": [
"requestor_enduser_member@test.com"
],
"id": "Notification_Requestor_EndUser_Assignment",
"ruleType": "RoleManagementPolicyNotificationRule",
"target": {
"caller": "EndUser",
"operations": [
"All"
],
"level": "Assignment",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
},
{
"notificationType": "Email",
"recipientType": "Approver",
"isDefaultRecipientsEnabled": true,
"notificationLevel": "Critical",
"notificationRecipients": null,
"id": "Notification_Approver_EndUser_Assignment",
"ruleType": "RoleManagementPolicyNotificationRule",
"target": {
"caller": "EndUser",
"operations": [
"All"
],
"level": "Assignment",
"targetObjects": null,
"inheritableSettings": null,
"enforcedSettings": null
}
}
],
"policyAssignmentProperties": {
"scope": {
"id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368",
"displayName": "Pay-As-You-Go",
"type": "subscription"
},
"roleDefinition": {
"id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
"displayName": "FHIR Data Converter",
"type": "BuiltInRole"
},
"policy": {
"id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9",
"lastModifiedBy": {
"id": null,
"displayName": "Admin",
"type": null,
"email": null
},
"lastModifiedDateTime": null
}
}
},
"name": "b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
"id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicyAssignment/b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
"type": "Microsoft.Authorization/RoleManagementPolicyAssignment"
}
]
}Definitions
| Name | Description |
|---|---|
|
Cloud |
An error response from the service. |
|
Cloud |
An error response from the service. |
| Policy |
Details of the policy |
|
Policy |
Expanded info of resource scope, role definition and policy |
| Principal |
The name of the entity last modified it |
|
Role |
Details of role definition |
|
Role |
Role management policy |
|
Role |
Role management policy assignment list operation result. |
| Scope |
Details of the resource scope |
CloudError
An error response from the service.
| Name | Type | Description |
|---|---|---|
| error |
An error response from the service. |
CloudErrorBody
An error response from the service.
| Name | Type | Description |
|---|---|---|
| code |
string |
An identifier for the error. Codes are invariant and are intended to be consumed programmatically. |
| message |
string |
A message describing the error, intended to be suitable for display in a user interface. |
Policy
Details of the policy
| Name | Type | Description |
|---|---|---|
| id |
string |
Id of the policy |
| lastModifiedBy |
The name of the entity last modified it |
|
| lastModifiedDateTime |
string |
The last modified date time. |
PolicyAssignmentProperties
Expanded info of resource scope, role definition and policy
| Name | Type | Description |
|---|---|---|
| policy |
Details of the policy |
|
| roleDefinition |
Details of role definition |
|
| scope |
Details of the resource scope |
Principal
The name of the entity last modified it
| Name | Type | Description |
|---|---|---|
| displayName |
string |
The name of the principal made changes |
|
string |
Email of principal |
|
| id |
string |
The id of the principal made changes |
| type |
string |
Type of principal such as user , group etc |
RoleDefinition
Details of role definition
| Name | Type | Description |
|---|---|---|
| displayName |
string |
Display name of the role definition |
| id |
string |
Id of the role definition |
| type |
string |
Type of the role definition |
RoleManagementPolicyAssignment
Role management policy
| Name | Type | Description |
|---|---|---|
| id |
string |
The role management policy Id. |
| name |
string |
The role management policy name. |
| properties.effectiveRules |
Role |
The readonly computed rule applied to the policy. |
| properties.policyAssignmentProperties |
Additional properties of scope, role definition and policy |
|
| properties.policyId |
string |
The policy id role management policy assignment. |
| properties.roleDefinitionId |
string |
The role definition of management policy assignment. |
| properties.scope |
string |
The role management policy scope. |
| type |
string |
The role management policy type. |
RoleManagementPolicyAssignmentListResult
Role management policy assignment list operation result.
| Name | Type | Description |
|---|---|---|
| nextLink |
string |
The URL to use for getting the next set of results. |
| value |
Role management policy assignment list. |
Scope
Details of the resource scope
| Name | Type | Description |
|---|---|---|
| displayName |
string |
Display name of the resource |
| id |
string |
Scope id of the resource |
| type |
string |
Type of the resource |