Role Eligibility Schedules - List For Scope

Référence

Service:: Authorization

Version d'API:: 2020-10-01

Obtient les planifications d’éligibilité des rôles pour une étendue de ressource.

GET https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleEligibilitySchedules?api-version=2020-10-01

Avec des paramètres facultatifs:

GET https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleEligibilitySchedules?$filter={$filter}&api-version=2020-10-01

Paramètres URI

Nom	Dans	Obligatoire	Type	Description
scope	path	True	string	Étendue des calendriers d’éligibilité des rôles.
api-version	query	True	string	Version de l’API à utiliser pour cette opération.
$filter	query		string	Filtre à appliquer à l’opération. Utilisez $filter=atScope() pour renvoyer toutes les planifications d’éligibilité des rôles au niveau ou au-delà de l’étendue. Utilisez $filter=principalId eq {id} pour renvoyer toutes les planifications d’éligibilité de rôle au niveau, au-dessus ou au-dessous de l’étendue du principal spécifié. Utilisez $filter=assignedTo('{userId}') pour retourner toutes les planifications d’éligibilité des rôles pour l’utilisateur. Utilisez $filter=asTarget() pour retourner toutes les planifications d’éligibilité aux rôles créées pour l’utilisateur actuel.

Réponses

Nom	Type	Description
200 OK	RoleEligibilityScheduleListResult	OK : retourne un tableau de planifications d’éligibilité des rôles.
Other Status Codes	CloudError	Réponse d’erreur décrivant la raison de l’échec de l’opération.

Sécurité

azure_auth

Flux OAuth2 Azure Active Directory

Type: oauth2
Flux: implicit
URL d’autorisation: https://login.microsoftonline.com/common/oauth2/authorize

Étendues

Nom	Description
user_impersonation	Emprunter l’identité de votre compte d’utilisateur

Exemples

GetRoleEligibilitySchedulesByScope

Exemple de requête

GET https://management.azure.com/providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleEligibilitySchedules?$filter=assignedTo('a3bb8764-cb92-4276-9d2a-ca1e895e55ea')&api-version=2020-10-01


/** Samples for RoleEligibilitySchedules ListForScope. */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/
     * GetRoleEligibilitySchedulesByScope.json
     */
    /**
     * Sample code: GetRoleEligibilitySchedulesByScope.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void getRoleEligibilitySchedulesByScope(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.accessManagement().roleAssignments().manager().roleServiceClient().getRoleEligibilitySchedules()
            .listForScope("providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f",
                "assignedTo('a3bb8764-cb92-4276-9d2a-ca1e895e55ea')", com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armauthorization_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/53b1affe357b3bfbb53721d0a2002382a046d3b0/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleEligibilitySchedulesByScope.json
func ExampleRoleEligibilitySchedulesClient_NewListForScopePager() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armauthorization.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewRoleEligibilitySchedulesClient().NewListForScopePager("providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", &armauthorization.RoleEligibilitySchedulesClientListForScopeOptions{Filter: to.Ptr("assignedTo('a3bb8764-cb92-4276-9d2a-ca1e895e55ea')")})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.RoleEligibilityScheduleListResult = armauthorization.RoleEligibilityScheduleListResult{
		// 	Value: []*armauthorization.RoleEligibilitySchedule{
		// 		{
		// 			Name: to.Ptr("b1477448-2cc6-4ceb-93b4-54a202a89413"),
		// 			Type: to.Ptr("Microsoft.Authorization/RoleEligibilitySchedules"),
		// 			ID: to.Ptr("/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleEligibilitySchedules/b1477448-2cc6-4ceb-93b4-54a202a89413"),
		// 			Properties: &armauthorization.RoleEligibilityScheduleProperties{
		// 				Condition: to.Ptr("@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'"),
		// 				ConditionVersion: to.Ptr("1.0"),
		// 				CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-09T21:33:06.300Z"); return t}()),
		// 				EndDateTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-09T21:32:28.490Z"); return t}()),
		// 				ExpandedProperties: &armauthorization.ExpandedProperties{
		// 					Principal: &armauthorization.ExpandedPropertiesPrincipal{
		// 						Type: to.Ptr("User"),
		// 						DisplayName: to.Ptr("User Account"),
		// 						Email: to.Ptr("user@my-tenant.com"),
		// 						ID: to.Ptr("a3bb8764-cb92-4276-9d2a-ca1e895e55ea"),
		// 					},
		// 					RoleDefinition: &armauthorization.ExpandedPropertiesRoleDefinition{
		// 						Type: to.Ptr("BuiltInRole"),
		// 						DisplayName: to.Ptr("Contributor"),
		// 						ID: to.Ptr("/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608"),
		// 					},
		// 					Scope: &armauthorization.ExpandedPropertiesScope{
		// 						Type: to.Ptr("subscription"),
		// 						DisplayName: to.Ptr("Pay-As-You-Go"),
		// 						ID: to.Ptr("/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f"),
		// 					},
		// 				},
		// 				MemberType: to.Ptr(armauthorization.MemberTypeDirect),
		// 				PrincipalID: to.Ptr("a3bb8764-cb92-4276-9d2a-ca1e895e55ea"),
		// 				PrincipalType: to.Ptr(armauthorization.PrincipalTypeUser),
		// 				RoleDefinitionID: to.Ptr("/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"),
		// 				RoleEligibilityScheduleRequestID: to.Ptr("/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleEligibilityScheduleRequests/64caffb6-55c0-4deb-a585-68e948ea1ad6"),
		// 				Scope: to.Ptr("/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f"),
		// 				StartDateTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-09T21:33:14.557Z"); return t}()),
		// 				Status: to.Ptr(armauthorization.StatusProvisioned),
		// 				UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-09T22:27:00.513Z"); return t}()),
		// 			},
		// 	}},
		// }
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Gets role eligibility schedules for a resource scope.
 *
 * @summary Gets role eligibility schedules for a resource scope.
 * x-ms-original-file: specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleEligibilitySchedulesByScope.json
 */
async function getRoleEligibilitySchedulesByScope() {
  const subscriptionId =
    process.env["AUTHORIZATION_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
  const scope =
    "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f";
  const filter = "assignedTo('a3bb8764-cb92-4276-9d2a-ca1e895e55ea')";
  const options = {
    filter,
  };
  const credential = new DefaultAzureCredential();
  const client = new AuthorizationManagementClient(credential, subscriptionId);
  const resArray = new Array();
  for await (let item of client.roleEligibilitySchedules.listForScope(scope, options)) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Authorization;

// Generated from example definition: specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleEligibilitySchedulesByScope.json
// this example is just showing the usage of "RoleEligibilitySchedules_ListForScope" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this ArmResource created on azure
// for more information of creating ArmResource, please refer to the document of ArmResource

// get the collection of this RoleEligibilityScheduleResource
string scope = "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f";
ResourceIdentifier scopeId = new ResourceIdentifier(string.Format("/{0}", scope));
RoleEligibilityScheduleCollection collection = client.GetRoleEligibilitySchedules(scopeId);

// invoke the operation and iterate over the result
string filter = "assignedTo('a3bb8764-cb92-4276-9d2a-ca1e895e55ea')";
await foreach (RoleEligibilityScheduleResource item in collection.GetAllAsync(filter: filter))
{
    // the variable item is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    RoleEligibilityScheduleData resourceData = item.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

Console.WriteLine($"Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Exemple de réponse

Code d’état:: 200

{
  "value": [
    {
      "properties": {
        "scope": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f",
        "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
        "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
        "principalType": "User",
        "status": "Provisioned",
        "roleEligibilityScheduleRequestId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleEligibilityScheduleRequests/64caffb6-55c0-4deb-a585-68e948ea1ad6",
        "startDateTime": "2020-09-09T21:33:14.557Z",
        "endDateTime": "2021-09-09T21:32:28.49Z",
        "memberType": "Direct",
        "createdOn": "2020-09-09T21:33:06.3Z",
        "updatedOn": "2020-09-09T22:27:00.513Z",
        "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'",
        "conditionVersion": "1.0",
        "expandedProperties": {
          "scope": {
            "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f",
            "displayName": "Pay-As-You-Go",
            "type": "subscription"
          },
          "roleDefinition": {
            "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
            "displayName": "Contributor",
            "type": "BuiltInRole"
          },
          "principal": {
            "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
            "displayName": "User Account",
            "email": "user@my-tenant.com",
            "type": "User"
          }
        }
      },
      "name": "b1477448-2cc6-4ceb-93b4-54a202a89413",
      "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleEligibilitySchedules/b1477448-2cc6-4ceb-93b4-54a202a89413",
      "type": "Microsoft.Authorization/RoleEligibilitySchedules"
    }
  ]
}

Définitions

Nom	Description
CloudError	Réponse d’erreur du service.
CloudErrorBody	Réponse d’erreur du service.
ExpandedProperties
MemberType	Type d’appartenance de la planification d’éligibilité au rôle
Principal	Détails du principal
principalType	Type principal de l’ID principal attribué.
RoleDefinition	Détails de la définition de rôle
RoleEligibilitySchedule	Planification d’éligibilité des rôles
RoleEligibilityScheduleListResult	résultat de l’opération de liste de planification d’éligibilité de rôle.
Scope	Détails de l’étendue des ressources
Status	Status de la planification d’éligibilité des rôles.

CloudError

Réponse d’erreur du service.

Nom	Type	Description
error	CloudErrorBody	Réponse d’erreur du service.

CloudErrorBody

Réponse d’erreur du service.

Nom	Type	Description
code	string	Identificateur de l'erreur. Les codes sont invariants et sont destinés à être consommés par programmation.
message	string	Message décrivant l’erreur, destiné à être adapté à l’affichage dans une interface utilisateur.

ExpandedProperties

Nom	Type	Description
principal	Principal	Détails du principal
roleDefinition	RoleDefinition	Détails de la définition de rôle
scope	Scope	Détails de l’étendue des ressources

MemberType

Type d’appartenance de la planification d’éligibilité au rôle

Nom	Type	Description
Direct	string
Group	string
Inherited	string

Principal

Détails du principal

Nom	Type	Description
displayName	string	Nom d’affichage du principal
email	string	id Email du principal
id	string	ID du principal
type	string	Type du principal

principalType

Type principal de l’ID principal attribué.

Nom	Type	Description
Device	string
ForeignGroup	string
Group	string
ServicePrincipal	string
User	string

RoleDefinition

Détails de la définition de rôle

Nom	Type	Description
displayName	string	Nom d’affichage de la définition de rôle
id	string	ID de la définition de rôle
type	string	Type de la définition de rôle