שתף באמצעות

az keyvault role assignment

  • Reference

Manage role assignments.

Commands

Name Description Type Status
az keyvault role assignment create

Create a new role assignment for a user, group, or service principal.

 Core GA
az keyvault role assignment delete

Delete a role assignment.

 Core GA
az keyvault role assignment list

List role assignments.

 Core GA

az keyvault role assignment create

Edit
Experimental Preview Deprecated

Create a new role assignment for a user, group, or service principal.

az keyvault role assignment create --role
                                   --scope
                                   [--assignee]
                                   [--assignee-object-id]
                                   [--assignee-principal-type {Application, DirectoryObjectOrGroup, DirectoryRoleTemplate, Everyone, ForeignGroup, Group, MSI, ServicePrincipal, Unknown, User}]
                                   [--hsm-name]
                                   [--id]
                                   [--name]

Examples

Required Parameters

--role
Experimental Preview Deprecated

Role name or id.

--scope
Experimental Preview Deprecated

Scope at which the role assignment or definition applies to, e.g., "/" or "/keys" or "/keys/{keyname}".

Optional Parameters

--assignee
Experimental Preview Deprecated

Represent a user, group, or service principal. supported format: object id, user sign-in name, or service principal name.

--assignee-object-id
Experimental Preview Deprecated

Use this parameter instead of '--assignee' to bypass graph permission issues. This parameter only works with object ids for users, groups, service principals, and managed identities. For managed identities use the principal id. For service principals, use the object id and not the app id.

--assignee-principal-type -t
Experimental Preview Deprecated

The principal type of assignee.

Accepted values: Application, DirectoryObjectOrGroup, DirectoryRoleTemplate, Everyone, ForeignGroup, Group, MSI, ServicePrincipal, Unknown, User
--hsm-name
Experimental Preview Deprecated

Name of the HSM.

--id
Experimental Preview Deprecated

Full URI of the HSM. If specified all other 'Id' arguments should be omitted.

--name -n
Experimental Preview Deprecated

Name of the role assignment.

Global Parameters
--debug
Experimental Preview Deprecated

Increase logging verbosity to show all debug logs.

--help -h
Experimental Preview Deprecated

Show this help message and exit.

--only-show-errors
Experimental Preview Deprecated

Only show errors, suppressing warnings.

--output -o
Experimental Preview Deprecated

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query
Experimental Preview Deprecated

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription
Experimental Preview Deprecated

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose
Experimental Preview Deprecated

Increase logging verbosity. Use --debug for full debug logs.

az keyvault role assignment delete

Edit
Experimental Preview Deprecated

Delete a role assignment.

az keyvault role assignment delete [--assignee]
                                   [--assignee-object-id]
                                   [--hsm-name]
                                   [--id]
                                   [--ids]
                                   [--name]
                                   [--role]
                                   [--scope]

Examples

Required Parameters

Optional Parameters

--assignee
Experimental Preview Deprecated

Represent a user, group, or service principal. supported format: object id, user sign-in name, or service principal name.

--assignee-object-id
Experimental Preview Deprecated

Use this parameter instead of '--assignee' to bypass graph permission issues. This parameter only works with object ids for users, groups, service principals, and managed identities. For managed identities use the principal id. For service principals, use the object id and not the app id.

--hsm-name
Experimental Preview Deprecated

Name of the HSM.

--id
Experimental Preview Deprecated

Full URI of the HSM. If specified all other 'Id' arguments should be omitted.

--ids
Experimental Preview Deprecated

Space-separated role assignment ids.

--name -n
Experimental Preview Deprecated

Name of the role assignment.

--role
Experimental Preview Deprecated

Role name or id.

--scope
Experimental Preview Deprecated

Scope at which the role assignment or definition applies to, e.g., "/" or "/keys" or "/keys/{keyname}".

Global Parameters
--debug
Experimental Preview Deprecated

Increase logging verbosity to show all debug logs.

--help -h
Experimental Preview Deprecated

Show this help message and exit.

--only-show-errors
Experimental Preview Deprecated

Only show errors, suppressing warnings.

--output -o
Experimental Preview Deprecated

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query
Experimental Preview Deprecated

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription
Experimental Preview Deprecated

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose
Experimental Preview Deprecated

Increase logging verbosity. Use --debug for full debug logs.

az keyvault role assignment list

Edit
Experimental Preview Deprecated

List role assignments.

az keyvault role assignment list [--assignee]
                                 [--assignee-object-id]
                                 [--hsm-name]
                                 [--id]
                                 [--role]
                                 [--scope]

Examples

Required Parameters

Optional Parameters

--assignee
Experimental Preview Deprecated

Represent a user, group, or service principal. supported format: object id, user sign-in name, or service principal name.

--assignee-object-id
Experimental Preview Deprecated

Use this parameter instead of '--assignee' to bypass graph permission issues. This parameter only works with object ids for users, groups, service principals, and managed identities. For managed identities use the principal id. For service principals, use the object id and not the app id.

--hsm-name
Experimental Preview Deprecated

Name of the HSM.

--id
Experimental Preview Deprecated

Full URI of the HSM. If specified all other 'Id' arguments should be omitted.

--role
Experimental Preview Deprecated

Role name or id.

--scope
Experimental Preview Deprecated

Scope at which the role assignment or definition applies to, e.g., "/" or "/keys" or "/keys/{keyname}".

Global Parameters
--debug
Experimental Preview Deprecated

Increase logging verbosity to show all debug logs.

--help -h
Experimental Preview Deprecated

Show this help message and exit.

--only-show-errors
Experimental Preview Deprecated

Only show errors, suppressing warnings.

--output -o
Experimental Preview Deprecated

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query
Experimental Preview Deprecated

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription
Experimental Preview Deprecated

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose
Experimental Preview Deprecated

Increase logging verbosity. Use --debug for full debug logs.