Role Definitions - Get

參考

Service:: Authorization

API Version:: 2022-04-01

依名稱 (GUID) 取得角色定義。

GET https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionId}?api-version=2022-04-01

URI 參數

名稱	位於	必要	類型	Description
roleDefinitionId	path	True	string	角色定義的識別碼。
scope	path	True	string	角色定義的範圍。
api-version	query	True	string	用於此作業的 API 版本。

回應

名稱	類型	Description
200 OK	RoleDefinition	確定 - 傳回角色定義的相關信息。
Other Status Codes	ErrorResponse	描述作業失敗原因的錯誤回應。

權限

若要呼叫此 API，您必須獲指派具有下列權限的角色。如需詳細資訊，請參閱 Azure 內建角色。

Microsoft.Authorization/roleDefinitions/read

安全性

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

名稱	Description
user_impersonation	模擬您的用戶帳戶

範例

Get role definition by name

Sample Request

GET https://management.azure.com/scope/providers/Microsoft.Authorization/roleDefinitions/roleDefinitionId?api-version=2022-04-01


/** Samples for RoleDefinitions Get. */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/
     * GetRoleDefinitionByName.json
     */
    /**
     * Sample code: Get role definition by name.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void getRoleDefinitionByName(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.accessManagement().roleAssignments().manager().roleServiceClient().getRoleDefinitions()
            .getWithResponse("scope", "roleDefinitionId", com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential
from azure.mgmt.authorization import AuthorizationManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-authorization
# USAGE
    python get_role_definition_by_name.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = AuthorizationManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="SUBSCRIPTION_ID",
    )

    response = client.role_definitions.get(
        scope="scope",
        role_definition_id="roleDefinitionId",
    )
    print(response)


# x-ms-original-file: specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetRoleDefinitionByName.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armauthorization_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/53b1affe357b3bfbb53721d0a2002382a046d3b0/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetRoleDefinitionByName.json
func ExampleRoleDefinitionsClient_Get() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armauthorization.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewRoleDefinitionsClient().Get(ctx, "scope", "roleDefinitionId", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.RoleDefinition = armauthorization.RoleDefinition{
	// 	Name: to.Ptr("roleDefinitionId"),
	// 	Type: to.Ptr("Microsoft.Authorization/roleDefinitions"),
	// 	ID: to.Ptr("/subscriptions/subID/providers/Microsoft.Authorization/roleDefinitions/roleDefinitionId"),
	// 	Properties: &armauthorization.RoleDefinitionProperties{
	// 		RoleType: to.Ptr("roletype"),
	// 		Description: to.Ptr("Role description"),
	// 		AssignableScopes: []*string{
	// 			to.Ptr("/subscriptions/subId")},
	// 			Permissions: []*armauthorization.Permission{
	// 				{
	// 					Actions: []*string{
	// 						to.Ptr("action")},
	// 						DataActions: []*string{
	// 							to.Ptr("dataAction")},
	// 							NotActions: []*string{
	// 							},
	// 							NotDataActions: []*string{
	// 							},
	// 					}},
	// 					RoleName: to.Ptr("Role name"),
	// 				},
	// 			}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Get role definition by name (GUID).
 *
 * @summary Get role definition by name (GUID).
 * x-ms-original-file: specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetRoleDefinitionByName.json
 */
async function getRoleDefinitionByName() {
  const subscriptionId =
    process.env["AUTHORIZATION_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
  const scope = "scope";
  const roleDefinitionId = "roleDefinitionId";
  const credential = new DefaultAzureCredential();
  const client = new AuthorizationManagementClient(credential, subscriptionId);
  const result = await client.roleDefinitions.get(scope, roleDefinitionId);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Authorization;

// Generated from example definition: specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetRoleDefinitionByName.json
// this example is just showing the usage of "RoleDefinitions_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this AuthorizationRoleDefinitionResource created on azure
// for more information of creating AuthorizationRoleDefinitionResource, please refer to the document of AuthorizationRoleDefinitionResource
string scope = "scope";
ResourceIdentifier roleDefinitionId = new ResourceIdentifier("roleDefinitionId");
ResourceIdentifier authorizationRoleDefinitionResourceId = AuthorizationRoleDefinitionResource.CreateResourceIdentifier(scope, roleDefinitionId);
AuthorizationRoleDefinitionResource authorizationRoleDefinition = client.GetAuthorizationRoleDefinitionResource(authorizationRoleDefinitionResourceId);

// invoke the operation
AuthorizationRoleDefinitionResource result = await authorizationRoleDefinition.GetAsync();

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
AuthorizationRoleDefinitionData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "properties": {
    "roleName": "Role name",
    "type": "roletype",
    "description": "Role description",
    "assignableScopes": [
      "/subscriptions/subId"
    ],
    "permissions": [
      {
        "actions": [
          "action"
        ],
        "notActions": [],
        "dataActions": [
          "dataAction"
        ],
        "notDataActions": []
      }
    ]
  },
  "id": "/subscriptions/subID/providers/Microsoft.Authorization/roleDefinitions/roleDefinitionId",
  "type": "Microsoft.Authorization/roleDefinitions",
  "name": "roleDefinitionId"
}

定義

名稱	Description
ErrorAdditionalInfo	資源管理錯誤其他資訊。
ErrorDetail	錯誤詳細數據。
ErrorResponse	錯誤回應
Permission	角色定義許可權。
RoleDefinition	角色定義。

ErrorAdditionalInfo

資源管理錯誤其他資訊。

名稱	類型	Description
info	object	其他資訊。
type	string	其他信息類型。

ErrorDetail

錯誤詳細數據。

名稱	類型	Description
additionalInfo	ErrorAdditionalInfo[]	錯誤其他資訊。
code	string	錯誤碼。
details	ErrorDetail[]	錯誤詳細資料。
message	string	錯誤訊息。
target	string	錯誤目標。

ErrorResponse

錯誤回應

名稱	類型	Description
error	ErrorDetail	error 物件。

Permission

角色定義許可權。

名稱	類型	Description
actions	string[]	允許的動作。
dataActions	string[]	允許的數據動作。
notActions	string[]	拒絕的動作。
notDataActions	string[]	拒絕的數據動作。

RoleDefinition

角色定義。

名稱	類型	Description
id	string	角色定義識別碼。
name	string	角色定義名稱。
properties.assignableScopes	string[]	角色定義可指派的範圍。
properties.createdBy	string	建立指派的使用者標識碼
properties.createdOn	string	建立時間
properties.description	string	角色定義描述。
properties.permissions	Permission[]	角色定義許可權。
properties.roleName	string	角色名稱。
properties.type	string	角色類型。
properties.updatedBy	string	更新指派的使用者標識碼
properties.updatedOn	string	更新時間
type	string	角色定義類型。