Hämta den angivna neka tilldelningen.
GET https://management.azure.com/{scope}/providers/Microsoft.Authorization/denyAssignments/{denyAssignmentId}?api-version=2022-04-01
URI-parametrar
Name |
I |
Obligatorisk |
Typ |
Description |
denyAssignmentId
|
path |
True
|
string
|
ID:t för den nekande tilldelning som ska hämtas.
|
scope
|
path |
True
|
string
|
Omfånget för neka tilldelningen.
|
api-version
|
query |
True
|
string
|
Den API-version som ska användas för den här åtgärden.
|
Svar
Name |
Typ |
Description |
200 OK
|
DenyAssignment
|
OK – Returnerar information om nekandetilldelningen.
|
Other Status Codes
|
ErrorResponse
|
Felsvar som beskriver varför åtgärden misslyckades.
|
Behörigheter
För att anropa detta API måste du ha tilldelats en roll som har följande behörigheter. Mer information finns i Inbyggda roller i Azure.
Microsoft.Authorization/denyAssignments/read
Säkerhet
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name |
Description |
user_impersonation
|
personifiera ditt användarkonto
|
Exempel
Get deny assignment by name
Sample Request
GET https://management.azure.com/subscriptions/subId/resourcegroups/rgname/providers/Microsoft.Authorization/denyAssignments/denyAssignmentId?api-version=2022-04-01
/** Samples for DenyAssignments Get. */
public final class Main {
/*
* x-ms-original-file:
* specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/
* GetDenyAssignmentByNameId.json
*/
/**
* Sample code: Get deny assignment by name.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void getDenyAssignmentByName(com.azure.resourcemanager.AzureResourceManager azure) {
azure.accessManagement().roleAssignments().manager().roleServiceClient().getDenyAssignments().getWithResponse(
"subscriptions/subId/resourcegroups/rgname", "denyAssignmentId", com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.authorization import AuthorizationManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-authorization
# USAGE
python get_deny_assignment_by_name_id.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = AuthorizationManagementClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.deny_assignments.get(
scope="subscriptions/subId/resourcegroups/rgname",
deny_assignment_id="denyAssignmentId",
)
print(response)
# x-ms-original-file: specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetDenyAssignmentByNameId.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armauthorization_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v3"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/310a0100f5b020c1900c527a6aa70d21992f078a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetDenyAssignmentByNameId.json
func ExampleDenyAssignmentsClient_Get() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armauthorization.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDenyAssignmentsClient().Get(ctx, "subscriptions/subId/resourcegroups/rgname", "denyAssignmentId", nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.DenyAssignment = armauthorization.DenyAssignment{
// Name: to.Ptr("denyAssignmentId"),
// Type: to.Ptr("Microsoft.Authorization/denyAssignments"),
// ID: to.Ptr("/subscriptions/subId/resourcegroups/rgname/providers/Microsoft.Authorization/denyAssignments/denyAssignmentId"),
// Properties: &armauthorization.DenyAssignmentProperties{
// Description: to.Ptr("Deny assignment description"),
// DenyAssignmentName: to.Ptr("Deny assignment name"),
// DoNotApplyToChildScopes: to.Ptr(false),
// ExcludePrincipals: []*armauthorization.Principal{
// {
// Type: to.Ptr("principalType2"),
// ID: to.Ptr("principalId2"),
// }},
// IsSystemProtected: to.Ptr(true),
// Permissions: []*armauthorization.DenyAssignmentPermission{
// {
// Actions: []*string{
// to.Ptr("action")},
// DataActions: []*string{
// },
// NotActions: []*string{
// },
// NotDataActions: []*string{
// },
// }},
// Principals: []*armauthorization.Principal{
// {
// Type: to.Ptr("principalType1"),
// ID: to.Ptr("principalId1"),
// }},
// Scope: to.Ptr("/subscriptions/subId/resourcegroups/rgname"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Get the specified deny assignment.
*
* @summary Get the specified deny assignment.
* x-ms-original-file: specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetDenyAssignmentByNameId.json
*/
async function getDenyAssignmentByName() {
const scope = "subscriptions/subId/resourcegroups/rgname";
const denyAssignmentId = "denyAssignmentId";
const credential = new DefaultAzureCredential();
const client = new AuthorizationManagementClient(credential);
const result = await client.denyAssignments.get(scope, denyAssignmentId);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Authorization;
// Generated from example definition: specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetDenyAssignmentByNameId.json
// this example is just showing the usage of "DenyAssignments_Get" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ArmResource created on azure
// for more information of creating ArmResource, please refer to the document of ArmResource
// get the collection of this DenyAssignmentResource
string scope = "subscriptions/subId/resourcegroups/rgname";
ResourceIdentifier scopeId = new ResourceIdentifier(string.Format("/{0}", scope));
DenyAssignmentCollection collection = client.GetDenyAssignments(scopeId);
// invoke the operation
string denyAssignmentId = "denyAssignmentId";
NullableResponse<DenyAssignmentResource> response = await collection.GetIfExistsAsync(denyAssignmentId);
DenyAssignmentResource result = response.HasValue ? response.Value : null;
if (result == null)
{
Console.WriteLine($"Succeeded with null as result");
}
else
{
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
DenyAssignmentData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"properties": {
"denyAssignmentName": "Deny assignment name",
"description": "Deny assignment description",
"permissions": [
{
"actions": [
"action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"scope": "/subscriptions/subId/resourcegroups/rgname",
"doNotApplyToChildScopes": false,
"principals": [
{
"id": "principalId1",
"type": "principalType1"
}
],
"excludePrincipals": [
{
"id": "principalId2",
"type": "principalType2"
}
],
"isSystemProtected": true
},
"id": "/subscriptions/subId/resourcegroups/rgname/providers/Microsoft.Authorization/denyAssignments/denyAssignmentId",
"type": "Microsoft.Authorization/denyAssignments",
"name": "denyAssignmentId"
}
Definitioner
DenyAssignment
Nekandeåtgärder
Name |
Typ |
Description |
id
|
string
|
Neka tilldelnings-ID.
|
name
|
string
|
Namnet på nekad tilldelning.
|
properties.condition
|
string
|
Villkoren för neka-tilldelningen. Detta begränsar de resurser som den kan tilldelas till. t.ex. @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"
|
properties.conditionVersion
|
string
|
Version av villkoret.
|
properties.createdBy
|
string
|
ID för användaren som skapade tilldelningen
|
properties.createdOn
|
string
|
Tiden då den skapades
|
properties.denyAssignmentName
|
string
|
Visningsnamnet för deny-tilldelningen.
|
properties.description
|
string
|
Beskrivningen av neka tilldelningen.
|
properties.doNotApplyToChildScopes
|
boolean
|
Avgör om neka-tilldelningen gäller för underordnade omfång. Standardvärdet är falskt.
|
properties.excludePrincipals
|
Principal[]
|
Matris med huvudkonton som nekandetilldelningen inte gäller för.
|
properties.isSystemProtected
|
boolean
|
Anger om den här nekandetilldelningen har skapats av Azure och inte kan redigeras eller tas bort.
|
properties.permissions
|
DenyAssignmentPermission[]
|
En matris med behörigheter som nekas av nekandetilldelningen.
|
properties.principals
|
Principal[]
|
Matris med huvudkonton som neka-tilldelningen gäller för.
|
properties.scope
|
string
|
Tilldelningsomfånget nekas.
|
properties.updatedBy
|
string
|
ID för användaren som uppdaterade tilldelningen
|
properties.updatedOn
|
string
|
Tidpunkt då den uppdaterades
|
type
|
string
|
Tilldelningstypen Neka.
|
DenyAssignmentPermission
Neka tilldelningsbehörigheter.
Name |
Typ |
Description |
actions
|
string[]
|
Åtgärder som nekandetilldelningen inte beviljar åtkomst till.
|
condition
|
string
|
Villkoren för behörigheten Neka tilldelning. Detta begränsar de resurser som den gäller för.
|
conditionVersion
|
string
|
Version av villkoret.
|
dataActions
|
string[]
|
Dataåtgärder som nekandetilldelningen inte beviljar åtkomst till.
|
notActions
|
string[]
|
Åtgärder som ska undantas från den nekande tilldelningen beviljar inte åtkomst.
|
notDataActions
|
string[]
|
Dataåtgärder som ska undantas från den nekande tilldelningen beviljar inte åtkomst.
|
ErrorAdditionalInfo
Ytterligare information om resurshanteringsfelet.
Name |
Typ |
Description |
info
|
object
|
Ytterligare information.
|
type
|
string
|
Den ytterligare informationstypen.
|
ErrorDetail
Felinformationen.
Name |
Typ |
Description |
additionalInfo
|
ErrorAdditionalInfo[]
|
Ytterligare information om felet.
|
code
|
string
|
Felkoden.
|
details
|
ErrorDetail[]
|
Felinformationen.
|
message
|
string
|
Felmeddelandet.
|
target
|
string
|
Felmålet.
|
ErrorResponse
Felsvar
Principal
Namnet på entiteten ändrade den senast
Name |
Typ |
Description |
displayName
|
string
|
Namnet på huvudkontot har gjort ändringar
|
email
|
string
|
Email av huvudkontot
|
id
|
string
|
ID:t för huvudkontot har gjort ändringar
|
type
|
string
|
Typ av huvudnamn, till exempel användare, grupp osv.
|