Role Assignments - Delete

참조

서비스:: Authorization

API 버전:: 2022-04-01

scope 및 이름으로 역할 할당을 삭제합니다.

DELETE https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}?api-version=2022-04-01

선택적 매개 변수:

DELETE https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}?api-version=2022-04-01&tenantId={tenantId}

URI 매개 변수

Name	In(다음 안에)	필수	형식	Description
roleAssignmentName	path	True	string	역할 할당의 이름입니다. 유효한 GUID일 수 있습니다.
scope	path	True	string	작업 또는 리소스의 scope. 유효한 범위는 구독(형식: '/subscriptions/{subscriptionId}'), 리소스 그룹(형식: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}' 또는 리소스(형식: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceProviderNamespace}/]{resourceType}/{resourceName}'입니다.
api-version	query	True	string	이 작업에 사용할 API 버전입니다.
tenantId	query		string	테넌트 간 요청에 대한 테넌트 ID

응답

Name	형식	Description
200 OK	RoleAssignment	삭제된 역할 할당을 반환합니다.
204 No Content		역할 할당이 이미 삭제되었거나 존재하지 않습니다.
Other Status Codes	ErrorResponse	작업이 실패한 이유를 설명하는 오류 응답입니다.

사용 권한

이 API를 호출하려면 다음 권한이 있는 역할을 할당받아야 합니다. 자세한 정보는 Azure 기본 제공 역할을 참조하세요.

Microsoft.Authorization/roleAssignments/delete

보안

azure_auth

Azure Active Directory OAuth2 Flow

형식: oauth2
Flow: implicit
권한 부여 URL: https://login.microsoftonline.com/common/oauth2/authorize

범위

Name	Description
user_impersonation	사용자 계정 가장

예제

Delete role assignment

샘플 요청

DELETE https://management.azure.com/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/b0f43c54-e787-4862-89b1-a653fa9cf747?api-version=2022-04-01


/**
 * Samples for RoleAssignments Delete.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/
     * RoleAssignments_Delete.json
     */
    /**
     * Sample code: Delete role assignment.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void deleteRoleAssignment(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.accessManagement().roleAssignments().manager().roleServiceClient().getRoleAssignments()
            .deleteWithResponse("subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2",
                "b0f43c54-e787-4862-89b1-a653fa9cf747", null, com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential
from azure.mgmt.authorization import AuthorizationManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-authorization
# USAGE
    python role_assignments_delete.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = AuthorizationManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="SUBSCRIPTION_ID",
    )

    response = client.role_assignments.delete(
        scope="subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2",
        role_assignment_name="b0f43c54-e787-4862-89b1-a653fa9cf747",
    )
    print(response)


# x-ms-original-file: specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_Delete.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armauthorization_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v3"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/310a0100f5b020c1900c527a6aa70d21992f078a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_Delete.json
func ExampleRoleAssignmentsClient_Delete() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armauthorization.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewRoleAssignmentsClient().Delete(ctx, "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2", "b0f43c54-e787-4862-89b1-a653fa9cf747", &armauthorization.RoleAssignmentsClientDeleteOptions{TenantID: nil})
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.RoleAssignment = armauthorization.RoleAssignment{
	// 	Name: to.Ptr("b0f43c54-e787-4862-89b1-a653fa9cf747"),
	// 	Type: to.Ptr("Microsoft.Authorization/roleAssignments"),
	// 	ID: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/b0f43c54-e787-4862-89b1-a653fa9cf747"),
	// 	Properties: &armauthorization.RoleAssignmentProperties{
	// 		PrincipalID: to.Ptr("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
	// 		PrincipalType: to.Ptr(armauthorization.PrincipalTypeUser),
	// 		RoleDefinitionID: to.Ptr("/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
	// 		Scope: to.Ptr("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2"),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Delete a role assignment by scope and name.
 *
 * @summary Delete a role assignment by scope and name.
 * x-ms-original-file: specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_Delete.json
 */
async function deleteRoleAssignment() {
  const scope = "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2";
  const roleAssignmentName = "b0f43c54-e787-4862-89b1-a653fa9cf747";
  const credential = new DefaultAzureCredential();
  const client = new AuthorizationManagementClient(credential);
  const result = await client.roleAssignments.delete(scope, roleAssignmentName);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Authorization.Models;
using Azure.ResourceManager.Authorization;

// Generated from example definition: specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_Delete.json
// this example is just showing the usage of "RoleAssignments_Delete" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this RoleAssignmentResource created on azure
// for more information of creating RoleAssignmentResource, please refer to the document of RoleAssignmentResource
string scope = "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2";
string roleAssignmentName = "b0f43c54-e787-4862-89b1-a653fa9cf747";
ResourceIdentifier roleAssignmentResourceId = RoleAssignmentResource.CreateResourceIdentifier(scope, roleAssignmentName);
RoleAssignmentResource roleAssignment = client.GetRoleAssignmentResource(roleAssignmentResourceId);

// invoke the operation
ArmOperation<RoleAssignmentResource> lro = await roleAssignment.DeleteAsync(WaitUntil.Completed);
RoleAssignmentResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
RoleAssignmentData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

샘플 응답

상태 코드:: 200

{
  "properties": {
    "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
    "principalType": "User",
    "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2"
  },
  "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/b0f43c54-e787-4862-89b1-a653fa9cf747",
  "type": "Microsoft.Authorization/roleAssignments",
  "name": "b0f43c54-e787-4862-89b1-a653fa9cf747"
}

상태 코드:: 204

정의

Name	Description
ErrorAdditionalInfo	리소스 관리 오류 추가 정보입니다.
ErrorDetail	오류 세부 정보입니다.
ErrorResponse	오류 응답
PrincipalType	할당된 보안 주체 ID의 보안 주체 유형입니다.
RoleAssignment	역할 할당

ErrorAdditionalInfo

리소스 관리 오류 추가 정보입니다.

Name	형식	Description
info	object	추가 정보입니다.
type	string	추가 정보 유형입니다.

ErrorDetail

오류 세부 정보입니다.

Name	형식	Description
additionalInfo	ErrorAdditionalInfo[]	오류 추가 정보입니다.
code	string	오류 코드입니다.
details	ErrorDetail[]	오류 세부 정보입니다.
message	string	오류 메시지입니다.
target	string	오류 대상입니다.

ErrorResponse

오류 응답

Name	형식	Description
error	ErrorDetail	Error 개체.

PrincipalType

할당된 보안 주체 ID의 보안 주체 유형입니다.

Name	형식	Description
Device	string
ForeignGroup	string
Group	string
ServicePrincipal	string
User	string

RoleAssignment

역할 할당

Name	형식	Default value	Description
id	string		역할 할당 ID입니다.
name	string		역할 할당 이름입니다.
properties.condition	string		역할 할당에 대한 조건입니다. 이렇게 하면 할당할 수 있는 리소스가 제한됩니다. 예: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
properties.conditionVersion	string		조건의 버전입니다. 현재 허용되는 유일한 값은 '2.0'입니다.
properties.createdBy	string		할당을 만든 사용자의 ID
properties.createdOn	string		만든 시간
properties.delegatedManagedIdentityResourceId	string		위임된 관리 ID 리소스의 ID
properties.description	string		역할 할당에 대한 설명
properties.principalId	string		보안 주체 ID입니다.
properties.principalType	PrincipalType	User	할당된 보안 주체 ID의 보안 주체 유형입니다.
properties.roleDefinitionId	string		역할 정의 ID입니다.
properties.scope	string		역할 할당 scope.
properties.updatedBy	string		할당을 업데이트한 사용자의 ID
properties.updatedOn	string		업데이트된 시간
type	string		역할 할당 유형입니다.