diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/EligibleChildResources.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/EligibleChildResources.json new file mode 100644 index 000000000000..ad8390f5ec56 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/EligibleChildResources.json @@ -0,0 +1,154 @@ +{ + "swagger": "2.0", + "info": { + "title": "AuthorizationManagementClient", + "version": "2020-10-01", + "description": "Role based access control provides you a way to apply granular level policy administration down to individual resources or resource groups. These operations enable you to manage role assignments. A role assignment grants access to Azure Active Directory users." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/{scope}/providers/Microsoft.Authorization/eligibleChildResources": { + "get": { + "tags": [ + "eligibleChildResources" + ], + "operationId": "EligibleChildResources_Get", + "description": "Get the child resources of a resource on which user has eligible access", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role management policy.", + "x-ms-skip-url-encoding": true + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Use $filter=resourceType+eq+'Subscription' to filter on only resource of type = 'Subscription'. Use $filter=resourceType+eq+'subscription'+or+resourceType+eq+'resourcegroup' to filter on resource of type = 'Subscription' or 'ResourceGroup'" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the role management policy.", + "schema": { + "$ref": "#/definitions/EligibleChildResourcesListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "GetEligibleChildResourcesByScope": { + "$ref": "./examples/GetEligibleChildResourcesByScope.json" + } + } + } + } + }, + "definitions": { + "EligibleChildResourcesListResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/EligibleChildResource" + }, + "description": "Eligible child resource list." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "type": "object", + "description": "Eligible child resources list operation result." + }, + "EligibleChildResource": { + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "The resource scope Id." + }, + "name": { + "type": "string", + "readOnly": true, + "description": "The resource name." + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The resource type." + } + }, + "type": "object", + "description": "Eligible child resource" + }, + "CloudError": { + "x-ms-external": true, + "properties": { + "error": { + "$ref": "#/definitions/CloudErrorBody" + } + }, + "type": "object", + "description": "An error response from the service." + }, + "CloudErrorBody": { + "x-ms-external": true, + "properties": { + "code": { + "type": "string", + "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically." + }, + "message": { + "type": "string", + "description": "A message describing the error, intended to be suitable for display in a user interface." + } + }, + "type": "object", + "description": "An error response from the service." + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/RoleAssignmentSchedule.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/RoleAssignmentSchedule.json new file mode 100644 index 000000000000..63dbf6ac245d --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/RoleAssignmentSchedule.json @@ -0,0 +1,420 @@ +{ + "swagger": "2.0", + "info": { + "title": "AuthorizationManagementClient", + "version": "2020-10-01", + "description": "Role based access control provides you a way to apply granular level policy administration down to individual resources or resource groups. These operations enable you to manage role assignments. A role assignment grants access to Azure Active Directory users." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/{scope}/providers/Microsoft.Authorization/roleAssignmentSchedules/{roleAssignmentScheduleName}": { + "get": { + "tags": [ + "roleAssignmentSchedules" + ], + "operationId": "RoleAssignmentSchedules_Get", + "description": "Get the specified role assignment schedule for a resource scope", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role assignment schedule.", + "x-ms-skip-url-encoding": true + }, + { + "name": "roleAssignmentScheduleName", + "in": "path", + "required": true, + "type": "string", + "description": "The name (guid) of the role assignment schedule to get." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the role assignment schedule.", + "schema": { + "$ref": "#/definitions/RoleAssignmentSchedule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "GetRoleAssignmentScheduleByName": { + "$ref": "./examples/GetRoleAssignmentScheduleByName.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleAssignmentSchedules": { + "get": { + "tags": [ + "roleAssignmentSchedules" + ], + "operationId": "RoleAssignmentSchedules_ListForScope", + "description": "Gets role assignment schedules for a resource scope.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role assignments schedules.", + "x-ms-skip-url-encoding": true + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Use $filter=atScope() to return all role assignment schedules at or above the scope. Use $filter=principalId eq {id} to return all role assignment schedules at, above or below the scope for the specified principal. Use $filter=assignedTo('{userId}') to return all role assignment schedules for the current user. Use $filter=asTarget() to return all role assignment schedules created for the current user." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of role assignments schedules.", + "schema": { + "$ref": "#/definitions/RoleAssignmentScheduleListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "#/definitions/RoleAssignmentScheduleFilter", + "x-ms-examples": { + "GetRoleAssignmentSchedulesByScope": { + "$ref": "./examples/GetRoleAssignmentSchedulesByScope.json" + } + } + } + } + }, + "definitions": { + "RoleAssignmentScheduleFilter": { + "properties": { + "principalId": { + "type": "string", + "description": "Returns role assignment schedule of the specific principal." + }, + "roleDefinitionId": { + "type": "string", + "description": "Returns role assignment schedule of the specific role definition." + }, + "status": { + "type": "string", + "description": "Returns role assignment schedule instances of the specific status." + } + }, + "type": "object", + "description": "Role assignment schedule filter" + }, + "RoleAssignmentScheduleProperties": { + "properties": { + "scope": { + "type": "string", + "description": "The role assignment schedule scope." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition ID." + }, + "principalId": { + "type": "string", + "description": "The principal ID." + }, + "principalType": { + "type": "string", + "description": "The principal type of the assigned principal ID.", + "enum": [ + "User", + "Group", + "ServicePrincipal", + "ForeignGroup", + "Device" + ], + "x-ms-enum": { + "name": "principalType", + "modelAsString": true + } + }, + "roleAssignmentScheduleRequestId": { + "type": "string", + "description": "The id of roleAssignmentScheduleRequest used to create this roleAssignmentSchedule" + }, + "linkedRoleEligibilityScheduleId": { + "type": "string", + "description": "The id of roleEligibilitySchedule used to activated this roleAssignmentSchedule" + }, + "assignmentType": { + "type": "string", + "description": "Assignment type of the role assignment schedule", + "enum": [ + "Activated", + "Assigned" + ], + "x-ms-enum": { + "name": "AssignmentType", + "modelAsString": true + } + }, + "memberType": { + "type": "string", + "description": "Membership type of the role assignment schedule", + "enum": [ + "Inherited", + "Direct", + "Group" + ], + "x-ms-enum": { + "name": "MemberType", + "modelAsString": true + } + }, + "status": { + "type": "string", + "description": "The status of the role assignment schedule.", + "enum": [ + "Accepted", + "PendingEvaluation", + "Granted", + "Denied", + "PendingProvisioning", + "Provisioned", + "PendingRevocation", + "Revoked", + "Canceled", + "Failed", + "PendingApprovalProvisioning", + "PendingApproval", + "FailedAsResourceIsLocked", + "PendingAdminDecision", + "AdminApproved", + "AdminDenied", + "TimedOut", + "ProvisioningStarted", + "Invalid", + "PendingScheduleCreation", + "ScheduleCreated", + "PendingExternalProvisioning" + ], + "x-ms-enum": { + "name": "Status", + "modelAsString": true + } + }, + "startDateTime": { + "type": "string", + "format": "date-time", + "description": "Start DateTime when role assignment schedule" + }, + "endDateTime": { + "type": "string", + "format": "date-time", + "description": "End DateTime when role assignment schedule" + }, + "condition": { + "type": "string", + "description": "The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'" + }, + "conditionVersion": { + "type": "string", + "description": "Version of the condition. Currently accepted value is '2.0'" + }, + "createdOn": { + "type": "string", + "format": "date-time", + "description": "DateTime when role assignment schedule was created" + }, + "updatedOn": { + "type": "string", + "format": "date-time", + "description": "DateTime when role assignment schedule was modified" + }, + "expandedProperties": { + "type": "object", + "description": "Additional properties of principal, scope and role definition", + "$ref": "#/definitions/ExpandedProperties" + } + }, + "type": "object", + "description": "Role assignment schedule properties with scope." + }, + "RoleAssignmentSchedule": { + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "The role assignment schedule Id." + }, + "name": { + "type": "string", + "readOnly": true, + "description": "The role assignment schedule name." + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The role assignment schedule type." + }, + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/RoleAssignmentScheduleProperties", + "description": "Role assignment schedule properties." + } + }, + "type": "object", + "description": "Role Assignment schedule" + }, + "RoleAssignmentScheduleListResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/RoleAssignmentSchedule" + }, + "description": "Role assignment schedule list." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "type": "object", + "description": "Role assignment schedule list operation result." + }, + "CloudError": { + "x-ms-external": true, + "properties": { + "error": { + "$ref": "#/definitions/CloudErrorBody" + } + }, + "type": "object", + "description": "An error response from the service." + }, + "CloudErrorBody": { + "x-ms-external": true, + "properties": { + "code": { + "type": "string", + "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically." + }, + "message": { + "type": "string", + "description": "A message describing the error, intended to be suitable for display in a user interface." + } + }, + "type": "object", + "description": "An error response from the service." + }, + "ExpandedProperties": { + "properties": { + "scope": { + "type": "object", + "description": "Details of the resource scope", + "properties": { + "id": { + "type": "string", + "description": "Scope id of the resource" + }, + "displayName": { + "type": "string", + "description": "Display name of the resource" + }, + "type": { + "type": "string", + "description": "Type of the resource" + } + } + }, + "roleDefinition": { + "type": "object", + "description": "Details of role definition", + "properties": { + "id": { + "type": "string", + "description": "Id of the role definition" + }, + "displayName": { + "type": "string", + "description": "Display name of the role definition" + }, + "type": { + "type": "string", + "description": "Type of the role definition" + } + } + }, + "principal": { + "type": "object", + "description": "Details of the principal", + "properties": { + "id": { + "type": "string", + "description": "Id of the principal" + }, + "displayName": { + "type": "string", + "description": "Display name of the principal" + }, + "email": { + "type": "string", + "description": "Email id of the principal" + }, + "type": { + "type": "string", + "description": "Type of the principal" + } + } + } + }, + "type": "object" + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/RoleAssignmentScheduleInstance.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/RoleAssignmentScheduleInstance.json new file mode 100644 index 000000000000..db3b478005e3 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/RoleAssignmentScheduleInstance.json @@ -0,0 +1,427 @@ +{ + "swagger": "2.0", + "info": { + "title": "AuthorizationManagementClient", + "version": "2020-10-01", + "description": "Role based access control provides you a way to apply granular level policy administration down to individual resources or resource groups. These operations enable you to manage role assignments. A role assignment grants access to Azure Active Directory users." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/{scope}/providers/Microsoft.Authorization/roleAssignmentScheduleInstances": { + "get": { + "tags": [ + "roleAssignmentScheduleInstances" + ], + "operationId": "RoleAssignmentScheduleInstances_ListForScope", + "description": "Gets role assignment schedule instances of a role assignment schedule.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role assignment schedule.", + "x-ms-skip-url-encoding": true + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Use $filter=atScope() to return all role assignment schedules at or above the scope. Use $filter=principalId eq {id} to return all role assignment schedules at, above or below the scope for the specified principal. Use $filter=assignedTo('{userId}') to return all role assignment schedule instances for the user. Use $filter=asTarget() to return all role assignment schedule instances created for the current user." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns array of role assignment schedule instances.", + "schema": { + "$ref": "#/definitions/RoleAssignmentScheduleInstanceListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "#/definitions/RoleAssignmentScheduleInstanceFilter", + "x-ms-examples": { + "GetRoleAssignmentScheduleInstancesByScope": { + "$ref": "./examples/GetRoleAssignmentScheduleInstancesByScope.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleAssignmentScheduleInstances/{roleAssignmentScheduleInstanceName}": { + "get": { + "tags": [ + "roleAssignmentScheduleInstances" + ], + "operationId": "RoleAssignmentScheduleInstances_Get", + "description": "Gets the specified role assignment schedule instance.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role assignments schedules.", + "x-ms-skip-url-encoding": true + }, + { + "name": "roleAssignmentScheduleInstanceName", + "in": "path", + "required": true, + "type": "string", + "description": "The name (hash of schedule name + time) of the role assignment schedule to get." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the role assignment schedule instance.", + "schema": { + "$ref": "#/definitions/RoleAssignmentScheduleInstance" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "GetRoleAssignmentScheduleInstanceByName": { + "$ref": "./examples/GetRoleAssignmentScheduleInstanceByName.json" + } + } + } + } + }, + "definitions": { + "RoleAssignmentScheduleInstanceFilter": { + "properties": { + "principalId": { + "type": "string", + "description": "Returns role assignment schedule instances of the specific principal." + }, + "roleDefinitionId": { + "type": "string", + "description": "Returns role assignment schedule instances of the specific role definition." + }, + "status": { + "type": "string", + "description": "Returns role assignment schedule instances of the specific status." + }, + "roleAssignmentScheduleId": { + "type": "string", + "description": "Returns role assignment schedule instances belonging to a specific role assignment schedule." + } + }, + "type": "object", + "description": "Role assignment schedule instance filter" + }, + "RoleAssignmentScheduleInstanceProperties": { + "properties": { + "scope": { + "type": "string", + "description": "The role assignment schedule scope." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition ID." + }, + "principalId": { + "type": "string", + "description": "The principal ID." + }, + "principalType": { + "type": "string", + "description": "The principal type of the assigned principal ID.", + "enum": [ + "User", + "Group", + "ServicePrincipal", + "ForeignGroup", + "Device" + ], + "x-ms-enum": { + "name": "principalType", + "modelAsString": true + } + }, + "roleAssignmentScheduleId": { + "type": "string", + "description": "Id of the master role assignment schedule" + }, + "originRoleAssignmentId": { + "type": "string", + "description": "Role Assignment Id in external system" + }, + "status": { + "type": "string", + "description": "The status of the role assignment schedule instance.", + "enum": [ + "Accepted", + "PendingEvaluation", + "Granted", + "Denied", + "PendingProvisioning", + "Provisioned", + "PendingRevocation", + "Revoked", + "Canceled", + "Failed", + "PendingApprovalProvisioning", + "PendingApproval", + "FailedAsResourceIsLocked", + "PendingAdminDecision", + "AdminApproved", + "AdminDenied", + "TimedOut", + "ProvisioningStarted", + "Invalid", + "PendingScheduleCreation", + "ScheduleCreated", + "PendingExternalProvisioning" + ], + "x-ms-enum": { + "name": "Status", + "modelAsString": true + } + }, + "startDateTime": { + "type": "string", + "format": "date-time", + "description": "The startDateTime of the role assignment schedule instance" + }, + "endDateTime": { + "type": "string", + "format": "date-time", + "description": "The endDateTime of the role assignment schedule instance" + }, + "linkedRoleEligibilityScheduleId": { + "type": "string", + "description": "roleEligibilityScheduleId used to activate" + }, + "linkedRoleEligibilityScheduleInstanceId": { + "type": "string", + "description": "roleEligibilityScheduleInstanceId linked to this roleAssignmentScheduleInstance" + }, + "assignmentType": { + "type": "string", + "description": "Assignment type of the role assignment schedule", + "enum": [ + "Activated", + "Assigned" + ], + "x-ms-enum": { + "name": "AssignmentType", + "modelAsString": true + } + }, + "memberType": { + "type": "string", + "description": "Membership type of the role assignment schedule", + "enum": [ + "Inherited", + "Direct", + "Group" + ], + "x-ms-enum": { + "name": "MemberType", + "modelAsString": true + } + }, + "condition": { + "type": "string", + "description": "The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'" + }, + "conditionVersion": { + "type": "string", + "description": "Version of the condition. Currently accepted value is '2.0'" + }, + "createdOn": { + "type": "string", + "format": "date-time", + "description": "DateTime when role assignment schedule was created" + }, + "expandedProperties": { + "type": "object", + "description": "Additional properties of principal, scope and role definition", + "$ref": "#/definitions/ExpandedProperties" + } + }, + "type": "object", + "description": "Role assignment schedule properties with scope." + }, + "RoleAssignmentScheduleInstance": { + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "The role assignment schedule instance ID." + }, + "name": { + "type": "string", + "readOnly": true, + "description": "The role assignment schedule instance name." + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The role assignment schedule instance type." + }, + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/RoleAssignmentScheduleInstanceProperties", + "description": "Role assignment schedule instance properties." + } + }, + "type": "object", + "description": "Information about current or upcoming role assignment schedule instance" + }, + "RoleAssignmentScheduleInstanceListResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/RoleAssignmentScheduleInstance" + }, + "description": "Role assignment schedule instance list." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "type": "object", + "description": "Role assignment schedule instance list operation result." + }, + "CloudError": { + "x-ms-external": true, + "properties": { + "error": { + "$ref": "#/definitions/CloudErrorBody" + } + }, + "type": "object", + "description": "An error response from the service." + }, + "CloudErrorBody": { + "x-ms-external": true, + "properties": { + "code": { + "type": "string", + "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically." + }, + "message": { + "type": "string", + "description": "A message describing the error, intended to be suitable for display in a user interface." + } + }, + "type": "object", + "description": "An error response from the service." + }, + "ExpandedProperties": { + "properties": { + "scope": { + "type": "object", + "description": "Details of the resource scope", + "properties": { + "id": { + "type": "string", + "description": "Scope id of the resource" + }, + "displayName": { + "type": "string", + "description": "Display name of the resource" + }, + "type": { + "type": "string", + "description": "Type of the resource" + } + } + }, + "roleDefinition": { + "type": "object", + "description": "Details of role definition", + "properties": { + "id": { + "type": "string", + "description": "Id of the role definition" + }, + "displayName": { + "type": "string", + "description": "Display name of the role definition" + }, + "type": { + "type": "string", + "description": "Type of the role definition" + } + } + }, + "principal": { + "type": "object", + "description": "Details of the principal", + "properties": { + "id": { + "type": "string", + "description": "Id of the principal" + }, + "displayName": { + "type": "string", + "description": "Display name of the principal" + }, + "email": { + "type": "string", + "description": "Email id of the principal" + }, + "type": { + "type": "string", + "description": "Type of the principal" + } + } + } + }, + "type": "object" + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/RoleAssignmentScheduleRequest.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/RoleAssignmentScheduleRequest.json new file mode 100644 index 000000000000..5482d52f453f --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/RoleAssignmentScheduleRequest.json @@ -0,0 +1,641 @@ +{ + "swagger": "2.0", + "info": { + "title": "AuthorizationManagementClient", + "version": "2020-10-01", + "description": "Role based access control provides you a way to apply granular level policy administration down to individual resources or resource groups. These operations enable you to manage role assignments. A role assignment grants access to Azure Active Directory users." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/{scope}/providers/Microsoft.Authorization/roleAssignmentScheduleRequests/{roleAssignmentScheduleRequestName}": { + "put": { + "tags": [ + "RoleAssignmentScheduleRequests" + ], + "operationId": "RoleAssignmentScheduleRequests_Create", + "description": "Creates a role assignment schedule request.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role assignment schedule request to create. The scope can be any REST resource instance. For example, use '/subscriptions/{subscription-id}/' for a subscription, '/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}' for a resource group, and '/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/{resource-provider}/{resource-type}/{resource-name}' for a resource.", + "x-ms-skip-url-encoding": true + }, + { + "name": "roleAssignmentScheduleRequestName", + "in": "path", + "required": true, + "type": "string", + "description": "A GUID for the role assignment to create. The name must be unique and different for each role assignment." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/RoleAssignmentScheduleRequest" + }, + "description": "Parameters for the role assignment schedule request." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the role assignment.", + "schema": { + "$ref": "#/definitions/RoleAssignmentScheduleRequest" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "PutRoleAssignmentScheduleRequest": { + "$ref": "./examples/PutRoleAssignmentScheduleRequest.json" + } + } + }, + "get": { + "tags": [ + "RoleAssignmentScheduleRequests" + ], + "operationId": "RoleAssignmentScheduleRequests_Get", + "description": "Get the specified role assignment schedule request.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role assignment schedule request.", + "x-ms-skip-url-encoding": true + }, + { + "name": "roleAssignmentScheduleRequestName", + "in": "path", + "required": true, + "type": "string", + "description": "The name (guid) of the role assignment schedule request to get." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the role assignment schedule request.", + "schema": { + "$ref": "#/definitions/RoleAssignmentScheduleRequest" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "GetRoleAssignmentScheduleRequestByName": { + "$ref": "./examples/GetRoleAssignmentScheduleRequestByName.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleAssignmentScheduleRequests": { + "get": { + "tags": [ + "RoleAssignmentScheduleRequests" + ], + "operationId": "RoleAssignmentScheduleRequests_ListForScope", + "description": "Gets role assignment schedule requests for a scope.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role assignments schedule requests.", + "x-ms-skip-url-encoding": true + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Use $filter=atScope() to return all role assignment schedule requests at or above the scope. Use $filter=principalId eq {id} to return all role assignment schedule requests at, above or below the scope for the specified principal. Use $filter=asRequestor() to return all role assignment schedule requests requested by the current user. Use $filter=asTarget() to return all role assignment schedule requests created for the current user. Use $filter=asApprover() to return all role assignment schedule requests where the current user is an approver." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of role assignments schedule requests.", + "schema": { + "$ref": "#/definitions/RoleAssignmentScheduleRequestListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "#/definitions/RoleAssignmentScheduleRequestFilter", + "x-ms-examples": { + "GetRoleAssignmentScheduleRequestByScope": { + "$ref": "./examples/GetRoleAssignmentScheduleRequestByScope.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleAssignmentScheduleRequests/{roleAssignmentScheduleRequestName}/cancel": { + "post": { + "tags": [ + "RoleAssignmentScheduleRequests" + ], + "operationId": "RoleAssignmentScheduleRequests_Cancel", + "description": "Cancels a pending role assignment schedule request.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role assignment request to cancel.", + "x-ms-skip-url-encoding": true + }, + { + "name": "roleAssignmentScheduleRequestName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the role assignment request to cancel." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns success." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "CancelRoleAssignmentScheduleRequestByName": { + "$ref": "./examples/CancelRoleAssignmentScheduleRequestByName.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleAssignmentScheduleRequests/{roleAssignmentScheduleRequestName}/validate": { + "post": { + "tags": [ + "RoleAssignmentScheduleRequests" + ], + "operationId": "RoleAssignmentScheduleRequests_Validate", + "description": "Validates a new role assignment schedule request.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role assignment request to validate.", + "x-ms-skip-url-encoding": true + }, + { + "name": "roleAssignmentScheduleRequestName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the role assignment request to validate." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/RoleAssignmentScheduleRequest" + }, + "description": "Parameters for the role assignment schedule request." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the role assignment request.", + "schema": { + "$ref": "#/definitions/RoleAssignmentScheduleRequest" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "ValidateRoleAssignmentScheduleRequestByName": { + "$ref": "./examples/ValidateRoleAssignmentScheduleRequestByName.json" + } + } + } + } + }, + "definitions": { + "RoleAssignmentScheduleRequestFilter": { + "properties": { + "principalId": { + "type": "string", + "description": "Returns role assignment requests of the specific principal." + }, + "roleDefinitionId": { + "type": "string", + "description": "Returns role assignment requests of the specific role definition." + }, + "requestorId": { + "type": "string", + "description": "Returns role assignment requests created by specific principal." + }, + "status": { + "type": "string", + "description": "Returns role assignment requests of specific status." + } + }, + "type": "object", + "description": "Role assignment schedule request filter" + }, + "RoleAssignmentScheduleRequestProperties": { + "properties": { + "scope": { + "type": "string", + "readOnly": true, + "description": "The role assignment schedule request scope." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition ID." + }, + "principalId": { + "type": "string", + "description": "The principal ID." + }, + "principalType": { + "type": "string", + "readOnly": true, + "description": "The principal type of the assigned principal ID.", + "enum": [ + "User", + "Group", + "ServicePrincipal", + "ForeignGroup", + "Device" + ], + "x-ms-enum": { + "name": "principalType", + "modelAsString": true + } + }, + "requestType": { + "type": "string", + "description": "The type of the role assignment schedule request. Eg: SelfActivate, AdminAssign etc", + "enum": [ + "AdminAssign", + "AdminRemove", + "AdminUpdate", + "AdminExtend", + "AdminRenew", + "SelfActivate", + "SelfDeactivate", + "SelfExtend", + "SelfRenew" + ], + "x-ms-enum": { + "name": "RequestType", + "modelAsString": true + } + }, + "status": { + "type": "string", + "readOnly": true, + "description": "The status of the role assignment schedule request.", + "enum": [ + "Accepted", + "PendingEvaluation", + "Granted", + "Denied", + "PendingProvisioning", + "Provisioned", + "PendingRevocation", + "Revoked", + "Canceled", + "Failed", + "PendingApprovalProvisioning", + "PendingApproval", + "FailedAsResourceIsLocked", + "PendingAdminDecision", + "AdminApproved", + "AdminDenied", + "TimedOut", + "ProvisioningStarted", + "Invalid", + "PendingScheduleCreation", + "ScheduleCreated", + "PendingExternalProvisioning" + ], + "x-ms-enum": { + "name": "Status", + "modelAsString": true + } + }, + "approvalId": { + "type": "string", + "readOnly": true, + "description": "The approvalId of the role assignment schedule request." + }, + "targetRoleAssignmentScheduleId": { + "type": "string", + "description": "The resultant role assignment schedule id or the role assignment schedule id being updated" + }, + "targetRoleAssignmentScheduleInstanceId": { + "type": "string", + "description": "The role assignment schedule instance id being updated" + }, + "scheduleInfo": { + "properties": { + "startDateTime": { + "type": "string", + "format": "date-time", + "description": "Start DateTime of the role assignment schedule." + }, + "expiration": { + "properties": { + "type": { + "type": "string", + "description": "Type of the role assignment schedule expiration", + "enum": [ + "AfterDuration", + "AfterDateTime", + "NoExpiration" + ], + "x-ms-enum": { + "name": "Type", + "modelAsString": true + } + }, + "endDateTime": { + "type": "string", + "format": "date-time", + "description": "End DateTime of the role assignment schedule." + }, + "duration": { + "type": "string", + "description": "Duration of the role assignment schedule in TimeSpan." + } + }, + "type": "object", + "description": "Expiration of the role assignment schedule" + } + }, + "type": "object", + "description": "Schedule info of the role assignment schedule" + }, + "linkedRoleEligibilityScheduleId": { + "type": "string", + "description": "The linked role eligibility schedule id - to activate an eligibility." + }, + "justification": { + "type": "string", + "description": "Justification for the role assignment" + }, + "ticketInfo": { + "properties": { + "ticketNumber": { + "type": "string", + "description": "Ticket number for the role assignment" + }, + "ticketSystem": { + "type": "string", + "description": "Ticket system name for the role assignment" + } + }, + "type": "object", + "description": "Ticket Info of the role assignment" + }, + "condition": { + "type": "string", + "description": "The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'" + }, + "conditionVersion": { + "type": "string", + "description": "Version of the condition. Currently accepted value is '2.0'" + }, + "createdOn": { + "type": "string", + "format": "date-time", + "readOnly": true, + "description": "DateTime when role assignment schedule request was created" + }, + "requestorId": { + "type": "string", + "readOnly": true, + "description": "Id of the user who created this request" + }, + "expandedProperties": { + "type": "object", + "readOnly": true, + "description": "Additional properties of principal, scope and role definition", + "$ref": "#/definitions/ExpandedProperties" + } + }, + "required": [ + "roleDefinitionId", + "principalId", + "requestType" + ], + "type": "object", + "description": "Role assignment schedule request properties with scope." + }, + "RoleAssignmentScheduleRequest": { + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "The role assignment schedule request ID." + }, + "name": { + "type": "string", + "readOnly": true, + "description": "The role assignment schedule request name." + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The role assignment schedule request type." + }, + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/RoleAssignmentScheduleRequestProperties", + "description": "Role assignment schedule request properties." + } + }, + "type": "object", + "description": "Role Assignment schedule request" + }, + "RoleAssignmentScheduleRequestListResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/RoleAssignmentScheduleRequest" + }, + "description": "Role assignment schedule request list." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "type": "object", + "description": "Role assignment schedule request list operation result." + }, + "CloudError": { + "x-ms-external": true, + "properties": { + "error": { + "$ref": "#/definitions/CloudErrorBody" + } + }, + "type": "object", + "description": "An error response from the service." + }, + "CloudErrorBody": { + "x-ms-external": true, + "properties": { + "code": { + "type": "string", + "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically." + }, + "message": { + "type": "string", + "description": "A message describing the error, intended to be suitable for display in a user interface." + } + }, + "type": "object", + "description": "An error response from the service." + }, + "ExpandedProperties": { + "properties": { + "scope": { + "type": "object", + "description": "Details of the resource scope", + "properties": { + "id": { + "type": "string", + "description": "Scope id of the resource" + }, + "displayName": { + "type": "string", + "description": "Display name of the resource" + }, + "type": { + "type": "string", + "description": "Type of the resource" + } + } + }, + "roleDefinition": { + "type": "object", + "description": "Details of role definition", + "properties": { + "id": { + "type": "string", + "description": "Id of the role definition" + }, + "displayName": { + "type": "string", + "description": "Display name of the role definition" + }, + "type": { + "type": "string", + "description": "Type of the role definition" + } + } + }, + "principal": { + "type": "object", + "description": "Details of the principal", + "properties": { + "id": { + "type": "string", + "description": "Id of the principal" + }, + "displayName": { + "type": "string", + "description": "Display name of the principal" + }, + "email": { + "type": "string", + "description": "Email id of the principal" + }, + "type": { + "type": "string", + "description": "Type of the principal" + } + } + } + }, + "type": "object" + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/RoleEligibilitySchedule.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/RoleEligibilitySchedule.json new file mode 100644 index 000000000000..c1ce76de975b --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/RoleEligibilitySchedule.json @@ -0,0 +1,404 @@ +{ + "swagger": "2.0", + "info": { + "title": "AuthorizationManagementClient", + "version": "2020-10-01", + "description": "Role based access control provides you a way to apply granular level policy administration down to individual resources or resource groups. These operations enable you to manage role assignments. A role assignment grants access to Azure Active Directory users." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/{scope}/providers/Microsoft.Authorization/roleEligibilitySchedules/{roleEligibilityScheduleName}": { + "get": { + "tags": [ + "roleEligibilitySchedules" + ], + "operationId": "RoleEligibilitySchedules_Get", + "description": "Get the specified role eligibility schedule for a resource scope", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role eligibility schedule.", + "x-ms-skip-url-encoding": true + }, + { + "name": "roleEligibilityScheduleName", + "in": "path", + "required": true, + "type": "string", + "description": "The name (guid) of the role eligibility schedule to get." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the role eligibility schedule.", + "schema": { + "$ref": "#/definitions/RoleEligibilitySchedule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "GetRoleEligibilityScheduleByName": { + "$ref": "./examples/GetRoleEligibilityScheduleByName.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleEligibilitySchedules": { + "get": { + "tags": [ + "roleEligibilitySchedules" + ], + "operationId": "RoleEligibilitySchedules_ListForScope", + "description": "Gets role eligibility schedules for a resource scope.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role eligibility schedules.", + "x-ms-skip-url-encoding": true + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Use $filter=atScope() to return all role eligibility schedules at or above the scope. Use $filter=principalId eq {id} to return all role eligibility schedules at, above or below the scope for the specified principal. Use $filter=assignedTo('{userId}') to return all role eligibility schedules for the user. Use $filter=asTarget() to return all role eligibility schedules created for the current user." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of role eligibility schedules.", + "schema": { + "$ref": "#/definitions/RoleEligibilityScheduleListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "#/definitions/RoleEligibilityScheduleFilter", + "x-ms-examples": { + "GetRoleEligibilitySchedulesByScope": { + "$ref": "./examples/GetRoleEligibilitySchedulesByScope.json" + } + } + } + } + }, + "definitions": { + "RoleEligibilityScheduleFilter": { + "properties": { + "principalId": { + "type": "string", + "description": "Returns role eligibility schedule of the specific principal." + }, + "roleDefinitionId": { + "type": "string", + "description": "Returns role eligibility schedule of the specific role definition." + }, + "status": { + "type": "string", + "description": "Returns role eligibility schedule of the specific status." + } + }, + "type": "object", + "description": "Role eligibility schedule filter" + }, + "RoleEligibilityScheduleProperties": { + "properties": { + "scope": { + "type": "string", + "description": "The role eligibility schedule scope." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition ID." + }, + "principalId": { + "type": "string", + "description": "The principal ID." + }, + "principalType": { + "type": "string", + "description": "The principal type of the assigned principal ID.", + "enum": [ + "User", + "Group", + "ServicePrincipal", + "ForeignGroup", + "Device" + ], + "x-ms-enum": { + "name": "principalType", + "modelAsString": true + } + }, + "roleEligibilityScheduleRequestId": { + "type": "string", + "description": "The id of roleEligibilityScheduleRequest used to create this roleAssignmentSchedule" + }, + "memberType": { + "type": "string", + "description": "Membership type of the role eligibility schedule", + "enum": [ + "Inherited", + "Direct", + "Group" + ], + "x-ms-enum": { + "name": "MemberType", + "modelAsString": true + } + }, + "status": { + "type": "string", + "description": "The status of the role eligibility schedule.", + "enum": [ + "Accepted", + "PendingEvaluation", + "Granted", + "Denied", + "PendingProvisioning", + "Provisioned", + "PendingRevocation", + "Revoked", + "Canceled", + "Failed", + "PendingApprovalProvisioning", + "PendingApproval", + "FailedAsResourceIsLocked", + "PendingAdminDecision", + "AdminApproved", + "AdminDenied", + "TimedOut", + "ProvisioningStarted", + "Invalid", + "PendingScheduleCreation", + "ScheduleCreated", + "PendingExternalProvisioning" + ], + "x-ms-enum": { + "name": "Status", + "modelAsString": true + } + }, + "startDateTime": { + "type": "string", + "format": "date-time", + "description": "Start DateTime when role eligibility schedule" + }, + "endDateTime": { + "type": "string", + "format": "date-time", + "description": "End DateTime when role eligibility schedule" + }, + "condition": { + "type": "string", + "description": "The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'" + }, + "conditionVersion": { + "type": "string", + "description": "Version of the condition. Currently accepted value is '2.0'" + }, + "createdOn": { + "type": "string", + "format": "date-time", + "description": "DateTime when role eligibility schedule was created" + }, + "updatedOn": { + "type": "string", + "format": "date-time", + "description": "DateTime when role eligibility schedule was modified" + }, + "expandedProperties": { + "type": "object", + "description": "Additional properties of principal, scope and role definition", + "$ref": "#/definitions/ExpandedProperties" + } + }, + "type": "object", + "description": "Role eligibility schedule properties with scope." + }, + "RoleEligibilitySchedule": { + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "The role eligibility schedule Id." + }, + "name": { + "type": "string", + "readOnly": true, + "description": "The role eligibility schedule name." + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The role eligibility schedule type." + }, + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/RoleEligibilityScheduleProperties", + "description": "role eligibility schedule properties." + } + }, + "type": "object", + "description": "Role eligibility schedule" + }, + "RoleEligibilityScheduleListResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/RoleEligibilitySchedule" + }, + "description": "role eligibility schedule list." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "type": "object", + "description": "role eligibility schedule list operation result." + }, + "CloudError": { + "x-ms-external": true, + "properties": { + "error": { + "$ref": "#/definitions/CloudErrorBody" + } + }, + "type": "object", + "description": "An error response from the service." + }, + "CloudErrorBody": { + "x-ms-external": true, + "properties": { + "code": { + "type": "string", + "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically." + }, + "message": { + "type": "string", + "description": "A message describing the error, intended to be suitable for display in a user interface." + } + }, + "type": "object", + "description": "An error response from the service." + }, + "ExpandedProperties": { + "properties": { + "scope": { + "type": "object", + "description": "Details of the resource scope", + "properties": { + "id": { + "type": "string", + "description": "Scope id of the resource" + }, + "displayName": { + "type": "string", + "description": "Display name of the resource" + }, + "type": { + "type": "string", + "description": "Type of the resource" + } + } + }, + "roleDefinition": { + "type": "object", + "description": "Details of role definition", + "properties": { + "id": { + "type": "string", + "description": "Id of the role definition" + }, + "displayName": { + "type": "string", + "description": "Display name of the role definition" + }, + "type": { + "type": "string", + "description": "Type of the role definition" + } + } + }, + "principal": { + "type": "object", + "description": "Details of the principal", + "properties": { + "id": { + "type": "string", + "description": "Id of the principal" + }, + "displayName": { + "type": "string", + "description": "Display name of the principal" + }, + "email": { + "type": "string", + "description": "Email id of the principal" + }, + "type": { + "type": "string", + "description": "Type of the principal" + } + } + } + }, + "type": "object" + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/RoleEligibilityScheduleInstance.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/RoleEligibilityScheduleInstance.json new file mode 100644 index 000000000000..f7324ea02362 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/RoleEligibilityScheduleInstance.json @@ -0,0 +1,403 @@ +{ + "swagger": "2.0", + "info": { + "title": "AuthorizationManagementClient", + "version": "2020-10-01", + "description": "Role based access control provides you a way to apply granular level policy administration down to individual resources or resource groups. These operations enable you to manage role assignments. A role eligibility grants access to Azure Active Directory users." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/{scope}/providers/Microsoft.Authorization/roleEligibilityScheduleInstances": { + "get": { + "tags": [ + "roleEligibilityScheduleInstances" + ], + "operationId": "RoleEligibilityScheduleInstances_ListForScope", + "description": "Gets role eligibility schedule instances of a role eligibility schedule.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role eligibility schedule.", + "x-ms-skip-url-encoding": true + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Use $filter=atScope() to return all role assignment schedules at or above the scope. Use $filter=principalId eq {id} to return all role assignment schedules at, above or below the scope for the specified principal. Use $filter=assignedTo('{userId}') to return all role eligibility schedules for the user. Use $filter=asTarget() to return all role eligibility schedules created for the current user." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns array of role eligibility schedule instances.", + "schema": { + "$ref": "#/definitions/RoleEligibilityScheduleInstanceListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "#/definitions/RoleEligibilityScheduleInstanceFilter", + "x-ms-examples": { + "GetRoleEligibilityScheduleInstancesByScope": { + "$ref": "./examples/GetRoleEligibilityScheduleInstancesByScope.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleEligibilityScheduleInstances/{roleEligibilityScheduleInstanceName}": { + "get": { + "tags": [ + "roleEligibilityScheduleInstances" + ], + "operationId": "RoleEligibilityScheduleInstances_Get", + "description": "Gets the specified role eligibility schedule instance.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role eligibility schedules.", + "x-ms-skip-url-encoding": true + }, + { + "name": "roleEligibilityScheduleInstanceName", + "in": "path", + "required": true, + "type": "string", + "description": "The name (hash of schedule name + time) of the role eligibility schedule to get." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the role eligibility schedule instance.", + "schema": { + "$ref": "#/definitions/RoleEligibilityScheduleInstance" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "GetRoleEligibilityScheduleInstanceByName": { + "$ref": "./examples/GetRoleEligibilityScheduleInstanceByName.json" + } + } + } + } + }, + "definitions": { + "RoleEligibilityScheduleInstanceFilter": { + "properties": { + "principalId": { + "type": "string", + "description": "Returns role eligibility schedule instances of the specific principal." + }, + "roleDefinitionId": { + "type": "string", + "description": "Returns role eligibility schedule instances of the specific role definition." + }, + "status": { + "type": "string", + "description": "Returns role eligibility schedule instances of the specific status." + }, + "roleEligibilityScheduleId": { + "type": "string", + "description": "Returns role eligibility schedule instances belonging to a specific role eligibility schedule." + } + }, + "type": "object", + "description": "Role eligibility schedule instance filter" + }, + "RoleEligibilityScheduleInstanceProperties": { + "properties": { + "scope": { + "type": "string", + "description": "The role eligibility schedule scope." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition ID." + }, + "principalId": { + "type": "string", + "description": "The principal ID." + }, + "principalType": { + "type": "string", + "description": "The principal type of the assigned principal ID.", + "enum": [ + "User", + "Group", + "ServicePrincipal", + "ForeignGroup", + "Device" + ], + "x-ms-enum": { + "name": "principalType", + "modelAsString": true + } + }, + "roleEligibilityScheduleId": { + "type": "string", + "description": "Id of the master role eligibility schedule" + }, + "status": { + "type": "string", + "description": "The status of the role eligibility schedule instance", + "enum": [ + "Accepted", + "PendingEvaluation", + "Granted", + "Denied", + "PendingProvisioning", + "Provisioned", + "PendingRevocation", + "Revoked", + "Canceled", + "Failed", + "PendingApprovalProvisioning", + "PendingApproval", + "FailedAsResourceIsLocked", + "PendingAdminDecision", + "AdminApproved", + "AdminDenied", + "TimedOut", + "ProvisioningStarted", + "Invalid", + "PendingScheduleCreation", + "ScheduleCreated", + "PendingExternalProvisioning" + ], + "x-ms-enum": { + "name": "Status", + "modelAsString": true + } + }, + "startDateTime": { + "type": "string", + "format": "date-time", + "description": "The startDateTime of the role eligibility schedule instance" + }, + "endDateTime": { + "type": "string", + "format": "date-time", + "description": "The endDateTime of the role eligibility schedule instance" + }, + "memberType": { + "type": "string", + "description": "Membership type of the role eligibility schedule", + "enum": [ + "Inherited", + "Direct", + "Group" + ], + "x-ms-enum": { + "name": "MemberType", + "modelAsString": true + } + }, + "condition": { + "type": "string", + "description": "The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'" + }, + "conditionVersion": { + "type": "string", + "description": "Version of the condition. Currently accepted value is '2.0'" + }, + "createdOn": { + "type": "string", + "format": "date-time", + "description": "DateTime when role eligibility schedule was created" + }, + "expandedProperties": { + "type": "object", + "description": "Additional properties of principal, scope and role definition", + "$ref": "#/definitions/ExpandedProperties" + } + }, + "type": "object", + "description": "Role eligibility schedule properties with scope." + }, + "RoleEligibilityScheduleInstance": { + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "The role eligibility schedule instance ID." + }, + "name": { + "type": "string", + "readOnly": true, + "description": "The role eligibility schedule instance name." + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The role eligibility schedule instance type." + }, + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/RoleEligibilityScheduleInstanceProperties", + "description": "Role eligibility schedule instance properties." + } + }, + "type": "object", + "description": "Information about current or upcoming role eligibility schedule instance" + }, + "RoleEligibilityScheduleInstanceListResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/RoleEligibilityScheduleInstance" + }, + "description": "Role eligibility schedule instance list." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "type": "object", + "description": "Role eligibility schedule instance list operation result." + }, + "CloudError": { + "x-ms-external": true, + "properties": { + "error": { + "$ref": "#/definitions/CloudErrorBody" + } + }, + "type": "object", + "description": "An error response from the service." + }, + "CloudErrorBody": { + "x-ms-external": true, + "properties": { + "code": { + "type": "string", + "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically." + }, + "message": { + "type": "string", + "description": "A message describing the error, intended to be suitable for display in a user interface." + } + }, + "type": "object", + "description": "An error response from the service." + }, + "ExpandedProperties": { + "properties": { + "scope": { + "type": "object", + "description": "Details of the resource scope", + "properties": { + "id": { + "type": "string", + "description": "Scope id of the resource" + }, + "displayName": { + "type": "string", + "description": "Display name of the resource" + }, + "type": { + "type": "string", + "description": "Type of the resource" + } + } + }, + "roleDefinition": { + "type": "object", + "description": "Details of role definition", + "properties": { + "id": { + "type": "string", + "description": "Id of the role definition" + }, + "displayName": { + "type": "string", + "description": "Display name of the role definition" + }, + "type": { + "type": "string", + "description": "Type of the role definition" + } + } + }, + "principal": { + "type": "object", + "description": "Details of the principal", + "properties": { + "id": { + "type": "string", + "description": "Id of the principal" + }, + "displayName": { + "type": "string", + "description": "Display name of the principal" + }, + "email": { + "type": "string", + "description": "Email id of the principal" + }, + "type": { + "type": "string", + "description": "Type of the principal" + } + } + } + }, + "type": "object" + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/RoleEligibilityScheduleRequest.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/RoleEligibilityScheduleRequest.json new file mode 100644 index 000000000000..f519e06d0263 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/RoleEligibilityScheduleRequest.json @@ -0,0 +1,638 @@ +{ + "swagger": "2.0", + "info": { + "title": "AuthorizationManagementClient", + "version": "2020-10-01", + "description": "Role based access control provides you a way to apply granular level policy administration down to individual resources or resource groups. These operations enable you to manage role assignments. A role eligibility grants access to Azure Active Directory users." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/{scope}/providers/Microsoft.Authorization/roleEligibilityScheduleRequests/{roleEligibilityScheduleRequestName}": { + "put": { + "tags": [ + "RoleEligibilityScheduleRequests" + ], + "operationId": "RoleEligibilityScheduleRequests_Create", + "description": "Creates a role eligibility schedule request.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role eligibility schedule request to create. The scope can be any REST resource instance. For example, use '/subscriptions/{subscription-id}/' for a subscription, '/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}' for a resource group, and '/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/{resource-provider}/{resource-type}/{resource-name}' for a resource.", + "x-ms-skip-url-encoding": true + }, + { + "name": "roleEligibilityScheduleRequestName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the role eligibility to create. It can be any valid GUID." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/RoleEligibilityScheduleRequest" + }, + "description": "Parameters for the role eligibility schedule request." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the role eligibility schedule request.", + "schema": { + "$ref": "#/definitions/RoleEligibilityScheduleRequest" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "PutRoleEligibilityScheduleRequest": { + "$ref": "./examples/PutRoleEligibilityScheduleRequest.json" + } + } + }, + "get": { + "tags": [ + "RoleEligibilityScheduleRequests" + ], + "operationId": "RoleEligibilityScheduleRequests_Get", + "description": "Get the specified role eligibility schedule request.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role eligibility schedule request.", + "x-ms-skip-url-encoding": true + }, + { + "name": "roleEligibilityScheduleRequestName", + "in": "path", + "required": true, + "type": "string", + "description": "The name (guid) of the role eligibility schedule request to get." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the role eligibility schedule request.", + "schema": { + "$ref": "#/definitions/RoleEligibilityScheduleRequest" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "GetRoleEligibilityScheduleRequestByName": { + "$ref": "./examples/GetRoleEligibilityScheduleRequestByName.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleEligibilityScheduleRequests": { + "get": { + "tags": [ + "RoleEligibilityScheduleRequests" + ], + "operationId": "RoleEligibilityScheduleRequests_ListForScope", + "description": "Gets role eligibility schedule requests for a scope.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role eligibility schedule requests.", + "x-ms-skip-url-encoding": true + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Use $filter=atScope() to return all role eligibility schedule requests at or above the scope. Use $filter=principalId eq {id} to return all role eligibility schedule requests at, above or below the scope for the specified principal. Use $filter=asRequestor() to return all role eligibility schedule requests requested by the current user. Use $filter=asTarget() to return all role eligibility schedule requests created for the current user. Use $filter=asApprover() to return all role eligibility schedule requests where the current user is an approver." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of role eligibility schedule requests.", + "schema": { + "$ref": "#/definitions/RoleEligibilityScheduleRequestListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "#/definitions/RoleEligibilityScheduleRequestFilter", + "x-ms-examples": { + "GetRoleEligibilityScheduleRequestByScope": { + "$ref": "./examples/GetRoleEligibilityScheduleRequestByScope.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleEligibilityScheduleRequests/{roleEligibilityScheduleRequestName}/cancel": { + "post": { + "tags": [ + "RoleEligibilityScheduleRequests" + ], + "operationId": "RoleEligibilityScheduleRequests_Cancel", + "description": "Cancels a pending role eligibility schedule request.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role eligibility request to cancel.", + "x-ms-skip-url-encoding": true + }, + { + "name": "roleEligibilityScheduleRequestName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the role eligibility request to cancel." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns success." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "CancelRoleEligibilityScheduleRequestByName": { + "$ref": "./examples/CancelRoleEligibilityScheduleRequestByName.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleEligibilityScheduleRequests/{roleEligibilityScheduleRequestName}/validate": { + "post": { + "tags": [ + "RoleEligibilityScheduleRequests" + ], + "operationId": "RoleEligibilityScheduleRequests_Validate", + "description": "Validates a new role eligibility schedule request.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role eligibility request to validate.", + "x-ms-skip-url-encoding": true + }, + { + "name": "roleEligibilityScheduleRequestName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the role eligibility request to validate." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/RoleEligibilityScheduleRequest" + }, + "description": "Parameters for the role eligibility schedule request." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the role eligibility schedule request.", + "schema": { + "$ref": "#/definitions/RoleEligibilityScheduleRequest" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "ValidateRoleEligibilityScheduleRequestByName": { + "$ref": "./examples/ValidateRoleEligibilityScheduleRequestByName.json" + } + } + } + } + }, + "definitions": { + "RoleEligibilityScheduleRequestFilter": { + "properties": { + "principalId": { + "type": "string", + "description": "Returns role eligibility requests of the specific principal." + }, + "roleDefinitionId": { + "type": "string", + "description": "Returns role eligibility requests of the specific role definition." + }, + "requestorId": { + "type": "string", + "description": "Returns role eligibility requests created by specific principal." + }, + "status": { + "type": "string", + "description": "Returns role eligibility requests of specific status." + } + }, + "type": "object", + "description": "Role eligibility schedule request filter" + }, + "RoleEligibilityScheduleRequestProperties": { + "properties": { + "scope": { + "type": "string", + "readOnly": true, + "description": "The role eligibility schedule request scope." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition ID." + }, + "principalId": { + "type": "string", + "description": "The principal ID." + }, + "principalType": { + "type": "string", + "readOnly": true, + "description": "The principal type of the assigned principal ID.", + "enum": [ + "User", + "Group", + "ServicePrincipal", + "ForeignGroup", + "Device" + ], + "x-ms-enum": { + "name": "principalType", + "modelAsString": true + } + }, + "requestType": { + "type": "string", + "description": "The type of the role assignment schedule request. Eg: SelfActivate, AdminAssign etc", + "enum": [ + "AdminAssign", + "AdminRemove", + "AdminUpdate", + "AdminExtend", + "AdminRenew", + "SelfActivate", + "SelfDeactivate", + "SelfExtend", + "SelfRenew" + ], + "x-ms-enum": { + "name": "RequestType", + "modelAsString": true + } + }, + "status": { + "type": "string", + "readOnly": true, + "description": "The status of the role eligibility schedule request.", + "enum": [ + "Accepted", + "PendingEvaluation", + "Granted", + "Denied", + "PendingProvisioning", + "Provisioned", + "PendingRevocation", + "Revoked", + "Canceled", + "Failed", + "PendingApprovalProvisioning", + "PendingApproval", + "FailedAsResourceIsLocked", + "PendingAdminDecision", + "AdminApproved", + "AdminDenied", + "TimedOut", + "ProvisioningStarted", + "Invalid", + "PendingScheduleCreation", + "ScheduleCreated", + "PendingExternalProvisioning" + ], + "x-ms-enum": { + "name": "Status", + "modelAsString": true + } + }, + "approvalId": { + "type": "string", + "readOnly": true, + "description": "The approvalId of the role eligibility schedule request." + }, + "scheduleInfo": { + "properties": { + "startDateTime": { + "type": "string", + "format": "date-time", + "description": "Start DateTime of the role eligibility schedule." + }, + "expiration": { + "properties": { + "type": { + "type": "string", + "description": "Type of the role eligibility schedule expiration", + "enum": [ + "AfterDuration", + "AfterDateTime", + "NoExpiration" + ], + "x-ms-enum": { + "name": "Type", + "modelAsString": true + } + }, + "endDateTime": { + "type": "string", + "format": "date-time", + "description": "End DateTime of the role eligibility schedule." + }, + "duration": { + "type": "string", + "description": "Duration of the role eligibility schedule in TimeSpan." + } + }, + "type": "object", + "description": "Expiration of the role eligibility schedule" + } + }, + "type": "object", + "description": "Schedule info of the role eligibility schedule" + }, + "targetRoleEligibilityScheduleId": { + "type": "string", + "description": "The resultant role eligibility schedule id or the role eligibility schedule id being updated" + }, + "targetRoleEligibilityScheduleInstanceId": { + "type": "string", + "description": "The role eligibility schedule instance id being updated" + }, + "justification": { + "type": "string", + "description": "Justification for the role eligibility" + }, + "ticketInfo": { + "properties": { + "ticketNumber": { + "type": "string", + "description": "Ticket number for the role eligibility" + }, + "ticketSystem": { + "type": "string", + "description": "Ticket system name for the role eligibility" + } + }, + "type": "object", + "description": "Ticket Info of the role eligibility" + }, + "condition": { + "type": "string", + "description": "The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'" + }, + "conditionVersion": { + "type": "string", + "description": "Version of the condition. Currently accepted value is '2.0'" + }, + "createdOn": { + "type": "string", + "readOnly": true, + "format": "date-time", + "description": "DateTime when role eligibility schedule request was created" + }, + "requestorId": { + "type": "string", + "readOnly": true, + "description": "Id of the user who created this request" + }, + "expandedProperties": { + "readOnly": true, + "type": "object", + "description": "Additional properties of principal, scope and role definition", + "$ref": "#/definitions/ExpandedProperties" + } + }, + "required": [ + "roleDefinitionId", + "principalId", + "requestType" + ], + "type": "object", + "description": "Role eligibility schedule request properties with scope." + }, + "RoleEligibilityScheduleRequest": { + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "The role eligibility schedule request ID." + }, + "name": { + "type": "string", + "readOnly": true, + "description": "The role eligibility schedule request name." + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The role eligibility schedule request type." + }, + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/RoleEligibilityScheduleRequestProperties", + "description": "Role eligibility schedule request properties." + } + }, + "type": "object", + "description": "Role Eligibility schedule request" + }, + "RoleEligibilityScheduleRequestListResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/RoleEligibilityScheduleRequest" + }, + "description": "Role eligibility schedule request list." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "type": "object", + "description": "Role eligibility schedule request list operation result." + }, + "CloudError": { + "x-ms-external": true, + "properties": { + "error": { + "$ref": "#/definitions/CloudErrorBody" + } + }, + "type": "object", + "description": "An error response from the service." + }, + "CloudErrorBody": { + "x-ms-external": true, + "properties": { + "code": { + "type": "string", + "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically." + }, + "message": { + "type": "string", + "description": "A message describing the error, intended to be suitable for display in a user interface." + } + }, + "type": "object", + "description": "An error response from the service." + }, + "ExpandedProperties": { + "properties": { + "scope": { + "type": "object", + "description": "Details of the resource scope", + "properties": { + "id": { + "type": "string", + "description": "Scope id of the resource" + }, + "displayName": { + "type": "string", + "description": "Display name of the resource" + }, + "type": { + "type": "string", + "description": "Type of the resource" + } + } + }, + "roleDefinition": { + "type": "object", + "description": "Details of role definition", + "properties": { + "id": { + "type": "string", + "description": "Id of the role definition" + }, + "displayName": { + "type": "string", + "description": "Display name of the role definition" + }, + "type": { + "type": "string", + "description": "Type of the role definition" + } + } + }, + "principal": { + "type": "object", + "description": "Details of the principal", + "properties": { + "id": { + "type": "string", + "description": "Id of the principal" + }, + "displayName": { + "type": "string", + "description": "Display name of the principal" + }, + "email": { + "type": "string", + "description": "Email id of the principal" + }, + "type": { + "type": "string", + "description": "Type of the principal" + } + } + } + }, + "type": "object", + "description": "Expanded info of resource, role and principal" + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/RoleManagementPolicy.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/RoleManagementPolicy.json new file mode 100644 index 000000000000..b34c09c8ce22 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/RoleManagementPolicy.json @@ -0,0 +1,381 @@ +{ + "swagger": "2.0", + "info": { + "title": "AuthorizationManagementClient", + "version": "2020-10-01", + "description": "Role based access control provides you a way to apply granular level policy administration down to individual resources or resource groups. These operations enable you to manage role assignments. A role assignment grants access to Azure Active Directory users." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/{scope}/providers/Microsoft.Authorization/roleManagementPolicies/{roleManagementPolicyName}": { + "get": { + "tags": [ + "roleManagementPolicies" + ], + "operationId": "RoleManagementPolicies_Get", + "description": "Get the specified role management policy for a resource scope", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role management policy.", + "x-ms-skip-url-encoding": true + }, + { + "name": "roleManagementPolicyName", + "in": "path", + "required": true, + "type": "string", + "description": "The name (guid) of the role management policy to get." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the role management policy.", + "schema": { + "$ref": "#/definitions/RoleManagementPolicy" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "GetRoleManagementPolicyByName": { + "$ref": "./examples/GetRoleManagementPolicyByName.json" + } + } + }, + "patch": { + "tags": [ + "roleManagementPolicies" + ], + "operationId": "RoleManagementPolicies_Update", + "description": "Update a role management policy", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role management policy to upsert.", + "x-ms-skip-url-encoding": true + }, + { + "name": "roleManagementPolicyName", + "in": "path", + "required": true, + "type": "string", + "description": "The name (guid) of the role management policy to upsert." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/RoleManagementPolicy" + }, + "description": "Parameters for the role management policy." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Ok - Returns the updated policy.", + "schema": { + "$ref": "#/definitions/RoleManagementPolicy" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "PatchRoleManagementPolicy": { + "$ref": "./examples/PatchRoleManagementPolicy.json" + }, + "PatchPartialRoleManagementPolicy": { + "$ref": "./examples/PatchPartialRoleManagementPolicy.json" + } + } + }, + "delete": { + "tags": [ + "roleManagementPolicies" + ], + "operationId": "RoleManagementPolicies_Delete", + "description": "Delete a role management policy", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role management policy to upsert.", + "x-ms-skip-url-encoding": true + }, + { + "name": "roleManagementPolicyName", + "in": "path", + "required": true, + "type": "string", + "description": "The name (guid) of the role management policy to upsert." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Successfully deleted the policy." + }, + "204": { + "description": "NoContent - policy does not exists." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "DeleteRoleManagementPolicy": { + "$ref": "./examples/DeleteRoleManagementPolicy.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleManagementPolicies": { + "get": { + "tags": [ + "roleManagementPolicies" + ], + "operationId": "RoleManagementPolicies_ListForScope", + "description": "Gets role management policies for a resource scope.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role management policy.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of role management policies.", + "schema": { + "$ref": "#/definitions/RoleManagementPolicyListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "GetRoleManagementPolicyByRoleDefinitionFilter": { + "$ref": "./examples/GetRoleManagementPolicyByScope.json" + } + } + } + } + }, + "definitions": { + "RoleManagementPolicyProperties": { + "properties": { + "scope": { + "type": "string", + "description": "The role management policy scope." + }, + "displayName": { + "type": "string", + "description": "The role management policy display name." + }, + "description": { + "type": "string", + "description": "The role management policy description." + }, + "isOrganizationDefault": { + "type": "boolean", + "description": "The role management policy is default policy." + }, + "lastModifiedBy": { + "$ref": "./common-types.json#/definitions/Principal" + }, + "lastModifiedDateTime": { + "type": "string", + "readOnly": true, + "format": "date-time", + "description": "The last modified date time." + }, + "rules": { + "type": "array", + "items": { + "$ref": "./common-types.json#/definitions/RoleManagementPolicyRule" + }, + "description": "The rule applied to the policy." + }, + "effectiveRules": { + "type": "array", + "items": { + "$ref": "./common-types.json#/definitions/RoleManagementPolicyRule" + }, + "readOnly": true, + "description": "The readonly computed rule applied to the policy." + }, + "policyProperties": { + "readOnly": true, + "type": "object", + "description": "Additional properties of scope", + "$ref": "#/definitions/PolicyProperties" + } + }, + "type": "object", + "description": "Role management policy properties with scope." + }, + "RoleManagementPolicy": { + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "The role management policy Id." + }, + "name": { + "type": "string", + "readOnly": true, + "description": "The role management policy name." + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The role management policy type." + }, + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/RoleManagementPolicyProperties", + "description": "Role management policy properties." + } + }, + "type": "object", + "description": "Role management policy" + }, + "RoleManagementPolicyListResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/RoleManagementPolicy" + }, + "description": "Role management policy list." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "type": "object", + "description": "Role management policy list operation result." + }, + "PolicyProperties": { + "properties": { + "scope": { + "type": "object", + "description": "Details of the resource scope", + "readOnly": true, + "properties": { + "id": { + "type": "string", + "description": "Scope id of the resource" + }, + "displayName": { + "type": "string", + "description": "Display name of the resource" + }, + "type": { + "type": "string", + "description": "Type of the resource" + } + } + } + }, + "type": "object", + "description": "Expanded info of resource scope" + }, + "CloudError": { + "x-ms-external": true, + "properties": { + "error": { + "$ref": "#/definitions/CloudErrorBody" + } + }, + "type": "object", + "description": "An error response from the service." + }, + "CloudErrorBody": { + "x-ms-external": true, + "properties": { + "code": { + "type": "string", + "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically." + }, + "message": { + "type": "string", + "description": "A message describing the error, intended to be suitable for display in a user interface." + } + }, + "type": "object", + "description": "An error response from the service." + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/RoleManagementPolicyAssignment.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/RoleManagementPolicyAssignment.json new file mode 100644 index 000000000000..b195345ffd72 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/RoleManagementPolicyAssignment.json @@ -0,0 +1,393 @@ +{ + "swagger": "2.0", + "info": { + "title": "AuthorizationManagementClient", + "version": "2020-10-01", + "description": "Role based access control provides you a way to apply granular level policy administration down to individual resources or resource groups. These operations enable you to manage role assignments. A role assignment grants access to Azure Active Directory users." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/{scope}/providers/Microsoft.Authorization/roleManagementPolicyAssignments/{roleManagementPolicyAssignmentName}": { + "get": { + "tags": [ + "roleManagementPolicyAssignments" + ], + "operationId": "RoleManagementPolicyAssignments_Get", + "description": "Get the specified role management policy assignment for a resource scope", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role management policy.", + "x-ms-skip-url-encoding": true + }, + { + "name": "roleManagementPolicyAssignmentName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of format {guid_guid} the role management policy assignment to get." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the role management policy.", + "schema": { + "$ref": "#/definitions/RoleManagementPolicyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "GetConfigurations": { + "$ref": "./examples/GetRoleManagementPolicyAssignmentByName.json" + } + } + }, + "put": { + "tags": [ + "roleManagementPolicyAssignments" + ], + "operationId": "RoleManagementPolicyAssignments_Create", + "description": "Create a role management policy assignment", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role management policy assignment to upsert.", + "x-ms-skip-url-encoding": true + }, + { + "name": "roleManagementPolicyAssignmentName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of format {guid_guid} the role management policy assignment to upsert." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/RoleManagementPolicyAssignment" + }, + "description": "Parameters for the role management policy assignment." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns the created or updated policy assignment.", + "schema": { + "$ref": "#/definitions/RoleManagementPolicyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "PutRoleManagementPolicyAssignment": { + "$ref": "./examples/PutRoleManagementPolicyAssignment.json" + } + } + }, + "delete": { + "tags": [ + "roleManagementPolicyAssignments" + ], + "operationId": "RoleManagementPolicyAssignments_Delete", + "description": "Delete a role management policy assignment", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role management policy assignment to delete.", + "x-ms-skip-url-encoding": true + }, + { + "name": "roleManagementPolicyAssignmentName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of format {guid_guid} the role management policy assignment to delete." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Successfully deleted the policy assignment." + }, + "204": { + "description": "NoContent - policy assignment does not exists." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "DeleteRoleManagementPolicyAssignment": { + "$ref": "./examples/DeleteRoleManagementPolicyAssignment.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleManagementPolicyAssignments": { + "get": { + "tags": [ + "roleManagementPolicyAssignments" + ], + "operationId": "RoleManagementPolicyAssignments_ListForScope", + "description": "Gets role management assignment policies for a resource scope.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role management policy.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of role management policies.", + "schema": { + "$ref": "#/definitions/RoleManagementPolicyAssignmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "GetRoleManagementPolicyAssignmentByScope": { + "$ref": "./examples/GetRoleManagementPolicyAssignmentByScope.json" + } + } + } + } + }, + "definitions": { + "RoleManagementPolicyAssignment": { + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "The role management policy Id." + }, + "name": { + "type": "string", + "readOnly": true, + "description": "The role management policy name." + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The role management policy type." + }, + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/RoleManagementPolicyAssignmentProperties", + "description": "Role management policy properties." + } + }, + "type": "object", + "description": "Role management policy" + }, + "RoleManagementPolicyAssignmentProperties": { + "properties": { + "scope": { + "type": "string", + "description": "The role management policy scope." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition of management policy assignment." + }, + "policyId": { + "type": "string", + "description": "The policy id role management policy assignment." + }, + "effectiveRules": { + "type": "array", + "items": { + "$ref": "./common-types.json#/definitions/RoleManagementPolicyRule" + }, + "readOnly": true, + "description": "The readonly computed rule applied to the policy." + }, + "policyAssignmentProperties": { + "readOnly": true, + "type": "object", + "description": "Additional properties of scope, role definition and policy", + "$ref": "#/definitions/PolicyAssignmentProperties" + } + }, + "type": "object", + "description": "Role management policy assignment properties with scope." + }, + "RoleManagementPolicyAssignmentListResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/RoleManagementPolicyAssignment" + }, + "description": "Role management policy assignment list." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "type": "object", + "description": "Role management policy assignment list operation result." + }, + "PolicyAssignmentProperties": { + "properties": { + "scope": { + "type": "object", + "description": "Details of the resource scope", + "properties": { + "id": { + "type": "string", + "description": "Scope id of the resource" + }, + "displayName": { + "type": "string", + "description": "Display name of the resource" + }, + "type": { + "type": "string", + "description": "Type of the resource" + } + } + }, + "roleDefinition": { + "type": "object", + "description": "Details of role definition", + "properties": { + "id": { + "type": "string", + "description": "Id of the role definition" + }, + "displayName": { + "type": "string", + "description": "Display name of the role definition" + }, + "type": { + "type": "string", + "description": "Type of the role definition" + } + } + }, + "policy": { + "type": "object", + "description": "Details of the policy", + "properties": { + "id": { + "type": "string", + "description": "Id of the policy" + }, + "lastModifiedBy": { + "$ref": "./common-types.json#/definitions/Principal" + }, + "lastModifiedDateTime": { + "type": "string", + "format": "date-time", + "description": "The last modified date time." + } + } + } + }, + "type": "object", + "description": "Expanded info of resource scope, role definition and policy" + }, + "CloudError": { + "x-ms-external": true, + "properties": { + "error": { + "$ref": "#/definitions/CloudErrorBody" + } + }, + "type": "object", + "description": "An error response from the service." + }, + "CloudErrorBody": { + "x-ms-external": true, + "properties": { + "code": { + "type": "string", + "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically." + }, + "message": { + "type": "string", + "description": "A message describing the error, intended to be suitable for display in a user interface." + } + }, + "type": "object", + "description": "An error response from the service." + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/common-types.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/common-types.json new file mode 100644 index 000000000000..b373809143bf --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/common-types.json @@ -0,0 +1,443 @@ +{ + "swagger": "2.0", + "info": { + "version": "2020-10-01", + "title": "AuthorizationManagementClient" + }, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": {}, + "definitions": { + "Permission": { + "properties": { + "actions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Allowed actions." + }, + "notActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Denied actions." + }, + "dataActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Allowed Data actions." + }, + "notDataActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Denied Data actions." + } + }, + "type": "object", + "description": "Role definition permissions." + }, + "Principal": { + "readOnly": true, + "type": "object", + "description": "The name of the entity last modified it", + "properties": { + "id": { + "type": "string", + "description": "The id of the principal made changes" + }, + "displayName": { + "type": "string", + "description": "The name of the principal made changes" + }, + "type": { + "type": "string", + "description": "Type of principal such as user , group etc" + }, + "email": { + "type": "string", + "description": "Email of principal" + } + } + }, + "RoleManagementPolicyRule": { + "description": "The role management policy rule.", + "type": "object", + "required": [ + "ruleType" + ], + "discriminator": "ruleType", + "properties": { + "id": { + "type": "string", + "description": "The id of the rule." + }, + "ruleType": { + "description": "The type of rule", + "$ref": "#/definitions/RoleManagementPolicyRuleType" + }, + "target": { + "$ref": "#/definitions/RoleManagementPolicyRuleTarget", + "description": "The target of the current rule." + } + } + }, + "RoleManagementPolicyApprovalRule": { + "description": "The role management policy approval rule.", + "allOf": [ + { + "$ref": "#/definitions/RoleManagementPolicyRule" + } + ], + "type": "object", + "properties": { + "setting": { + "$ref": "#/definitions/ApprovalSettings", + "description": "The approval setting" + } + } + }, + "ApprovalSettings": { + "description": "The approval settings.", + "type": "object", + "properties": { + "isApprovalRequired": { + "type": "boolean", + "description": "Determines whether approval is required or not." + }, + "isApprovalRequiredForExtension": { + "type": "boolean", + "description": "Determines whether approval is required for assignment extension." + }, + "isRequestorJustificationRequired": { + "type": "boolean", + "description": "Determine whether requestor justification is required." + }, + "approvalMode": { + "type": "string", + "description": "The type of rule", + "enum": [ + "SingleStage", + "Serial", + "Parallel", + "NoApproval" + ], + "x-ms-enum": { + "name": "ApprovalMode", + "modelAsString": true + } + }, + "approvalStages": { + "type": "array", + "items": { + "$ref": "#/definitions/ApprovalStage" + }, + "x-ms-identifiers": [], + "description": "The approval stages of the request." + } + } + }, + "ApprovalStage": { + "description": "The approval stage.", + "type": "object", + "properties": { + "approvalStageTimeOutInDays": { + "type": "integer", + "format": "int32", + "description": "The time in days when approval request would be timed out" + }, + "isApproverJustificationRequired": { + "type": "boolean", + "description": "Determines whether approver need to provide justification for his decision." + }, + "escalationTimeInMinutes": { + "type": "integer", + "format": "int32", + "description": "The time in minutes when the approval request would be escalated if the primary approver does not approve" + }, + "primaryApprovers": { + "type": "array", + "description": "The primary approver of the request.", + "items": { + "$ref": "#/definitions/UserSet" + } + }, + "isEscalationEnabled": { + "type": "boolean", + "description": "The value determine whether escalation feature is enabled." + }, + "escalationApprovers": { + "type": "array", + "description": "The escalation approver of the request.", + "items": { + "$ref": "#/definitions/UserSet" + } + } + } + }, + "UserSet": { + "description": "The detail of a user.", + "type": "object", + "properties": { + "userType": { + "type": "string", + "description": "The type of user.", + "enum": [ + "User", + "Group" + ], + "x-ms-enum": { + "name": "UserType", + "modelAsString": true + } + }, + "isBackup": { + "type": "boolean", + "description": "The value indicating whether the user is a backup fallback approver" + }, + "id": { + "type": "string", + "description": "The object id of the user." + }, + "description": { + "type": "string", + "description": "The description of the user." + } + } + }, + "RoleManagementPolicyAuthenticationContextRule": { + "description": "The role management policy authentication context rule.", + "allOf": [ + { + "$ref": "#/definitions/RoleManagementPolicyRule" + } + ], + "type": "object", + "properties": { + "isEnabled": { + "type": "boolean", + "description": "The value indicating if rule is enabled." + }, + "claimValue": { + "type": "string", + "description": "The claim value." + } + } + }, + "RoleManagementPolicyEnablementRule": { + "description": "The role management policy enablement rule.", + "allOf": [ + { + "$ref": "#/definitions/RoleManagementPolicyRule" + } + ], + "type": "object", + "properties": { + "enabledRules": { + "type": "array", + "items": { + "type": "string", + "description": "The type of enablement rule", + "enum": [ + "MultiFactorAuthentication", + "Justification", + "Ticketing" + ], + "x-ms-enum": { + "name": "EnablementRules", + "modelAsString": true + } + }, + "description": "The list of enabled rules." + } + } + }, + "RoleManagementPolicyExpirationRule": { + "description": "The role management policy expiration rule.", + "allOf": [ + { + "$ref": "#/definitions/RoleManagementPolicyRule" + } + ], + "type": "object", + "properties": { + "isExpirationRequired": { + "type": "boolean", + "description": "The value indicating whether expiration is required." + }, + "maximumDuration": { + "type": "string", + "description": "The maximum duration of expiration in timespan." + } + } + }, + "RoleManagementPolicyNotificationRule": { + "description": "The role management policy notification rule.", + "allOf": [ + { + "$ref": "#/definitions/RoleManagementPolicyRule" + } + ], + "type": "object", + "properties": { + "notificationType": { + "type": "string", + "description": "The type of notification.", + "enum": [ + "Email" + ], + "x-ms-enum": { + "name": "NotificationDeliveryMechanism", + "modelAsString": true + } + }, + "notificationLevel": { + "type": "string", + "description": "The notification level.", + "enum": [ + "None", + "Critical", + "All" + ], + "x-ms-enum": { + "name": "NotificationLevel", + "modelAsString": true + } + }, + "recipientType": { + "type": "string", + "description": "The recipient type.", + "enum": [ + "Requestor", + "Approver", + "Admin" + ], + "x-ms-enum": { + "name": "RecipientType", + "modelAsString": true + } + }, + "notificationRecipients": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of notification recipients." + }, + "isDefaultRecipientsEnabled": { + "type": "boolean", + "description": "Determines if the notification will be sent to the recipient type specified in the policy rule." + } + } + }, + "RoleManagementPolicyRuleTarget": { + "description": "The role management policy rule target.", + "type": "object", + "properties": { + "caller": { + "type": "string", + "description": "The caller of the setting." + }, + "operations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The type of operation." + }, + "level": { + "type": "string", + "description": "The assignment level to which rule is applied." + }, + "targetObjects": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of target objects." + }, + "inheritableSettings": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of inheritable settings." + }, + "enforcedSettings": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of enforced settings." + } + } + }, + "RoleManagementPolicyRuleType": { + "type": "string", + "description": "The type of rule", + "enum": [ + "RoleManagementPolicyApprovalRule", + "RoleManagementPolicyAuthenticationContextRule", + "RoleManagementPolicyEnablementRule", + "RoleManagementPolicyExpirationRule", + "RoleManagementPolicyNotificationRule" + ], + "x-ms-enum": { + "name": "RoleManagementPolicyRuleType", + "modelAsString": true + } + } + }, + "parameters": { + "ResourceProviderNamespaceParameter": { + "name": "resourceProviderNamespace", + "in": "path", + "required": true, + "type": "string", + "description": "The namespace of the resource provider.", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + }, + "ResourceTypeParameter": { + "name": "resourceType", + "in": "path", + "required": true, + "type": "string", + "description": "The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites).", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + }, + "ResourceNameParameter": { + "name": "resourceName", + "in": "path", + "required": true, + "type": "string", + "description": "The resource name.", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + }, + "ScopeParameter": { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/CancelRoleAssignmentScheduleRequestByName.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/CancelRoleAssignmentScheduleRequestByName.json new file mode 100644 index 000000000000..5226f6a4623a --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/CancelRoleAssignmentScheduleRequestByName.json @@ -0,0 +1,10 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleAssignmentScheduleRequestName": "fea7a502-9a96-4806-a26f-eee560e52045", + "api-version": "2020-10-01" + }, + "responses": { + "200": {} + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/CancelRoleEligibilityScheduleRequestByName.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/CancelRoleEligibilityScheduleRequestByName.json new file mode 100644 index 000000000000..9abd0376b0b0 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/CancelRoleEligibilityScheduleRequestByName.json @@ -0,0 +1,10 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleEligibilityScheduleRequestName": "64caffb6-55c0-4deb-a585-68e948ea1ad6", + "api-version": "2020-10-01" + }, + "responses": { + "200": {} + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/DeleteRoleManagementPolicy.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/DeleteRoleManagementPolicy.json new file mode 100644 index 000000000000..ed27563fbbe7 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/DeleteRoleManagementPolicy.json @@ -0,0 +1,11 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368", + "roleManagementPolicyName": "570c3619-7688-4b34-b290-2b8bb3ccab2a", + "api-version": "2020-10-01" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/DeleteRoleManagementPolicyAssignment.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/DeleteRoleManagementPolicyAssignment.json new file mode 100644 index 000000000000..8db2585f06b0 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/DeleteRoleManagementPolicyAssignment.json @@ -0,0 +1,11 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368", + "roleManagementPolicyAssignmentName": "b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24", + "api-version": "2020-10-01" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetEligibleChildResourcesByScope.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetEligibleChildResourcesByScope.json new file mode 100644 index 000000000000..387a6cc7f656 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetEligibleChildResourcesByScope.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "api-version": "2020-10-01", + "$filter": "resourceType+eq+'resourcegroup'" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "RG-1", + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/resourceGroups/RG-1", + "type": "resourcegroup" + }, + { + "name": "RG-2", + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/resourceGroups/RG-2", + "type": "resourcegroup" + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleAssignmentScheduleByName.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleAssignmentScheduleByName.json new file mode 100644 index 000000000000..d9bb7ab2259f --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleAssignmentScheduleByName.json @@ -0,0 +1,51 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleAssignmentScheduleName": "c9e264ff-3133-4776-a81a-ebc7c33c8ec6", + "api-version": "2020-10-01" + }, + "responses": { + "200": { + "body": { + "properties": { + "linkedRoleEligibilityScheduleId": "b1477448-2cc6-4ceb-93b4-54a202a89413", + "assignmentType": "Assigned", + "scope": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "principalType": "User", + "status": "Provisioned", + "roleAssignmentScheduleRequestId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleAssignmentScheduleRequests/fea7a502-9a96-4806-a26f-eee560e52045", + "startDateTime": "2020-09-09T21:35:27.91Z", + "endDateTime": "2020-09-10T05:35:17.91Z", + "memberType": "Direct", + "createdOn": "2020-09-09T21:35:27.91Z", + "updatedOn": "2020-09-09T21:35:27.91Z", + "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'", + "conditionVersion": "1.0", + "expandedProperties": { + "scope": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "displayName": "Pay-As-You-Go", + "type": "subscription" + }, + "roleDefinition": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "displayName": "Contributor", + "type": "BuiltInRole" + }, + "principal": { + "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "displayName": "User Account", + "email": "user@my-tenant.com", + "type": "User" + } + } + }, + "name": "c9e264ff-3133-4776-a81a-ebc7c33c8ec6", + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleAssignmentSchedules/c9e264ff-3133-4776-a81a-ebc7c33c8ec6", + "type": "Microsoft.Authorization/RoleAssignmentSchedules" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleAssignmentScheduleInstanceByName.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleAssignmentScheduleInstanceByName.json new file mode 100644 index 000000000000..3bbbf21b258d --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleAssignmentScheduleInstanceByName.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleAssignmentScheduleInstanceName": "ed9b8180-cef7-4c77-a63c-b8566ecfc412", + "api-version": "2020-10-01" + }, + "responses": { + "200": { + "body": { + "properties": { + "originRoleAssignmentId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleAssignments/ed9b8180-cef7-4c77-a63c-b8566ecfc412", + "linkedRoleEligibilityScheduleId": "b1477448-2cc6-4ceb-93b4-54a202a89413", + "linkedRoleEligibilityScheduleInstanceId": "21e4b59a-0499-4fe0-a3c3-43a3055b773a", + "assignmentType": "Assigned", + "scope": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "principalType": "User", + "status": "Accepted", + "roleAssignmentScheduleId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleAssignmentSchedules/c9e264ff-3133-4776-a81a-ebc7c33c8ec6", + "startDateTime": "2020-09-09T21:35:27.91Z", + "endDateTime": "2020-09-10T05:35:17.91Z", + "memberType": "Direct", + "createdOn": "2020-09-09T21:35:27.91Z", + "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'", + "conditionVersion": "1.0", + "expandedProperties": { + "scope": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "displayName": "Pay-As-You-Go", + "type": "subscription" + }, + "roleDefinition": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "displayName": "Contributor", + "type": "BuiltInRole" + }, + "principal": { + "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "displayName": "User Account", + "email": "user@my-tenant.com", + "type": "User" + } + } + }, + "name": "ed9b8180-cef7-4c77-a63c-b8566ecfc412", + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleAssignmentScheduleInstances/ed9b8180-cef7-4c77-a63c-b8566ecfc412", + "type": "Microsoft.Authorization/RoleAssignmentScheduleInstances" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleAssignmentScheduleInstancesByScope.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleAssignmentScheduleInstancesByScope.json new file mode 100644 index 000000000000..e69d3e7d48ed --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleAssignmentScheduleInstancesByScope.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "$filter": "assignedTo('a3bb8764-cb92-4276-9d2a-ca1e895e55ea')", + "api-version": "2020-10-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "originRoleAssignmentId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleAssignments/ed9b8180-cef7-4c77-a63c-b8566ecfc412", + "linkedRoleEligibilityScheduleId": "b1477448-2cc6-4ceb-93b4-54a202a89413", + "linkedRoleEligibilityScheduleInstanceId": "21e4b59a-0499-4fe0-a3c3-43a3055b773a", + "assignmentType": "Assigned", + "scope": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "principalType": "User", + "status": "Accepted", + "roleAssignmentScheduleId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleAssignmentSchedules/c9e264ff-3133-4776-a81a-ebc7c33c8ec6", + "startDateTime": "2020-09-09T21:35:27.91Z", + "endDateTime": "2020-09-10T05:35:17.91Z", + "memberType": "Direct", + "createdOn": "2020-09-09T21:35:27.91Z", + "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'", + "conditionVersion": "1.0", + "expandedProperties": { + "scope": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "displayName": "Pay-As-You-Go", + "type": "subscription" + }, + "roleDefinition": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "displayName": "Contributor", + "type": "BuiltInRole" + }, + "principal": { + "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "displayName": "User Account", + "email": "user@my-tenant.com", + "type": "User" + } + } + }, + "name": "ed9b8180-cef7-4c77-a63c-b8566ecfc412", + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleAssignmentScheduleInstances/ed9b8180-cef7-4c77-a63c-b8566ecfc412", + "type": "Microsoft.Authorization/RoleAssignmentScheduleInstances" + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleAssignmentScheduleRequestByName.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleAssignmentScheduleRequestByName.json new file mode 100644 index 000000000000..5e17544c2e0b --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleAssignmentScheduleRequestByName.json @@ -0,0 +1,62 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleAssignmentScheduleRequestName": "fea7a502-9a96-4806-a26f-eee560e52045", + "api-version": "2020-10-01" + }, + "responses": { + "200": { + "body": { + "properties": { + "targetRoleAssignmentScheduleId": "b1477448-2cc6-4ceb-93b4-54a202a89413", + "targetRoleAssignmentScheduleInstanceId": null, + "scope": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "principalType": "User", + "requestType": "SelfActivate", + "status": "Provisioned", + "approvalId": null, + "scheduleInfo": { + "startDateTime": "2020-09-09T21:35:27.91Z", + "expiration": { + "type": "AfterDuration", + "endDateTime": null, + "duration": "PT8H" + } + }, + "ticketInfo": { + "ticketNumber": null, + "ticketSystem": null + }, + "justification": null, + "requestorId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "createdOn": "2020-09-09T21:35:27.91Z", + "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'", + "conditionVersion": "1.0", + "expandedProperties": { + "scope": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "displayName": "Pay-As-You-Go", + "type": "subscription" + }, + "roleDefinition": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "displayName": "Contributor", + "type": "BuiltInRole" + }, + "principal": { + "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "displayName": "User Account", + "email": "user@my-tenant.com", + "type": "User" + } + } + }, + "name": "fea7a502-9a96-4806-a26f-eee560e52045", + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleAssignmentScheduleRequests/fea7a502-9a96-4806-a26f-eee560e52045", + "type": "Microsoft.Authorization/RoleAssignmentScheduleRequests" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleAssignmentScheduleRequestByScope.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleAssignmentScheduleRequestByScope.json new file mode 100644 index 000000000000..882fd03c965c --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleAssignmentScheduleRequestByScope.json @@ -0,0 +1,66 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "$filter": "assignedTo('A3BB8764-CB92-4276-9D2A-CA1E895E55EA')", + "api-version": "2020-10-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "targetRoleAssignmentScheduleId": "b1477448-2cc6-4ceb-93b4-54a202a89413", + "targetRoleAssignmentScheduleInstanceId": null, + "scope": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "principalType": "User", + "requestType": "SelfActivate", + "status": "Provisioned", + "approvalId": null, + "scheduleInfo": { + "startDateTime": "2020-09-09T21:35:27.91Z", + "expiration": { + "type": "AfterDuration", + "endDateTime": null, + "duration": "PT8H" + } + }, + "ticketInfo": { + "ticketNumber": null, + "ticketSystem": null + }, + "justification": null, + "requestorId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "createdOn": "2020-09-09T21:35:27.91Z", + "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'", + "conditionVersion": "1.0", + "expandedProperties": { + "scope": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "displayName": "Pay-As-You-Go", + "type": "subscription" + }, + "roleDefinition": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "displayName": "Contributor", + "type": "BuiltInRole" + }, + "principal": { + "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "displayName": "User Account", + "email": "user@my-tenant.com", + "type": "User" + } + } + }, + "name": "fea7a502-9a96-4806-a26f-eee560e52045", + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleAssignmentScheduleRequests/fea7a502-9a96-4806-a26f-eee560e52045", + "type": "Microsoft.Authorization/RoleAssignmentScheduleRequests" + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleAssignmentSchedulesByScope.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleAssignmentSchedulesByScope.json new file mode 100644 index 000000000000..756bb3019f0e --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleAssignmentSchedulesByScope.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "$filter": "assignedTo('a3bb8764-cb92-4276-9d2a-ca1e895e55ea')", + "api-version": "2020-10-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "linkedRoleEligibilityScheduleId": "b1477448-2cc6-4ceb-93b4-54a202a89413", + "assignmentType": "Assigned", + "scope": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "principalType": "User", + "status": "Provisioned", + "roleAssignmentScheduleRequestId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleAssignmentScheduleRequests/fea7a502-9a96-4806-a26f-eee560e52045", + "startDateTime": "2020-09-09T21:35:27.91Z", + "endDateTime": "2020-09-10T05:35:17.91Z", + "memberType": "Direct", + "createdOn": "2020-09-09T21:35:27.91Z", + "updatedOn": "2020-09-09T21:35:27.91Z", + "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'", + "conditionVersion": "1.0", + "expandedProperties": { + "scope": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "displayName": "Pay-As-You-Go", + "type": "subscription" + }, + "roleDefinition": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "displayName": "Contributor", + "type": "BuiltInRole" + }, + "principal": { + "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "displayName": "User Account", + "email": "user@my-tenant.com", + "type": "User" + } + } + }, + "name": "c9e264ff-3133-4776-a81a-ebc7c33c8ec6", + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleAssignmentSchedules/c9e264ff-3133-4776-a81a-ebc7c33c8ec6", + "type": "Microsoft.Authorization/RoleAssignmentSchedules" + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleEligibilityScheduleByName.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleEligibilityScheduleByName.json new file mode 100644 index 000000000000..b2d944e91700 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleEligibilityScheduleByName.json @@ -0,0 +1,49 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleEligibilityScheduleName": "b1477448-2cc6-4ceb-93b4-54a202a89413", + "api-version": "2020-10-01" + }, + "responses": { + "200": { + "body": { + "properties": { + "scope": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c", + "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "principalType": "User", + "status": "Provisioned", + "roleEligibilityScheduleRequestId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleEligibilityScheduleRequests/64caffb6-55c0-4deb-a585-68e948ea1ad6", + "startDateTime": "2020-09-09T21:33:14.557Z", + "endDateTime": "2021-09-09T21:32:28.49Z", + "memberType": "Direct", + "createdOn": "2020-09-09T21:33:06.3Z", + "updatedOn": "2020-09-09T22:27:00.513Z", + "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'", + "conditionVersion": "1.0", + "expandedProperties": { + "scope": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "displayName": "Pay-As-You-Go", + "type": "subscription" + }, + "roleDefinition": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "displayName": "Contributor", + "type": "BuiltInRole" + }, + "principal": { + "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "displayName": "User Account", + "email": "user@my-tenant.com", + "type": "User" + } + } + }, + "name": "b1477448-2cc6-4ceb-93b4-54a202a89413", + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleEligibilitySchedules/b1477448-2cc6-4ceb-93b4-54a202a89413", + "type": "Microsoft.Authorization/RoleEligibilitySchedules" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleEligibilityScheduleInstanceByName.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleEligibilityScheduleInstanceByName.json new file mode 100644 index 000000000000..ea21b20e063c --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleEligibilityScheduleInstanceByName.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleEligibilityScheduleInstanceName": "21e4b59a-0499-4fe0-a3c3-43a3055b773a", + "api-version": "2020-10-01" + }, + "responses": { + "200": { + "body": { + "properties": { + "scope": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c", + "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "principalType": "User", + "status": "Provisioned", + "roleEligibilityScheduleId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleEligibilitySchedules/b1477448-2cc6-4ceb-93b4-54a202a89413", + "startDateTime": "2020-09-10T00:32:36.86Z", + "endDateTime": "2021-09-10T00:31:41.477Z", + "memberType": "Direct", + "createdOn": "2020-09-10T00:32:36.86Z", + "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'", + "conditionVersion": "1.0", + "expandedProperties": { + "scope": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "displayName": "Pay-As-You-Go", + "type": "subscription" + }, + "roleDefinition": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "displayName": "Contributor", + "type": "BuiltInRole" + }, + "principal": { + "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "displayName": "User Account", + "email": "user@my-tenant.com", + "type": "User" + } + } + }, + "name": "21e4b59a-0499-4fe0-a3c3-43a3055b773a", + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleEligibilityScheduleInstances/21e4b59a-0499-4fe0-a3c3-43a3055b773a", + "type": "Microsoft.Authorization/RoleEligibilityScheduleInstances" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleEligibilityScheduleInstancesByScope.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleEligibilityScheduleInstancesByScope.json new file mode 100644 index 000000000000..b7725a9345fe --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleEligibilityScheduleInstancesByScope.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "$filter": "assignedTo('a3bb8764-cb92-4276-9d2a-ca1e895e55ea')", + "api-version": "2020-10-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "scope": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c", + "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "principalType": "User", + "status": "Provisioned", + "roleEligibilityScheduleId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleEligibilitySchedules/b1477448-2cc6-4ceb-93b4-54a202a89413", + "startDateTime": "2020-09-10T00:32:36.86Z", + "endDateTime": "2021-09-10T00:31:41.477Z", + "memberType": "Direct", + "createdOn": "2020-09-10T00:32:36.86Z", + "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'", + "conditionVersion": "1.0", + "expandedProperties": { + "scope": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "displayName": "Pay-As-You-Go", + "type": "subscription" + }, + "roleDefinition": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "displayName": "Contributor", + "type": "BuiltInRole" + }, + "principal": { + "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "displayName": "User Account", + "email": "user@my-tenant.com", + "type": "User" + } + } + }, + "name": "21e4b59a-0499-4fe0-a3c3-43a3055b773a", + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleEligibilityScheduleInstances/21e4b59a-0499-4fe0-a3c3-43a3055b773a", + "type": "Microsoft.Authorization/RoleEligibilityScheduleInstances" + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleEligibilityScheduleRequestByName.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleEligibilityScheduleRequestByName.json new file mode 100644 index 000000000000..afe63b5d15fd --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleEligibilityScheduleRequestByName.json @@ -0,0 +1,62 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleEligibilityScheduleRequestName": "64caffb6-55c0-4deb-a585-68e948ea1ad6", + "api-version": "2020-10-01" + }, + "responses": { + "200": { + "body": { + "properties": { + "targetRoleEligibilityScheduleId": "b1477448-2cc6-4ceb-93b4-54a202a89413", + "targetRoleEligibilityScheduleInstanceId": null, + "scope": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "principalType": "User", + "requestType": "AdminAssign", + "status": "Provisioned", + "approvalId": null, + "scheduleInfo": { + "startDateTime": "2020-09-09T21:31:27.91Z", + "expiration": { + "type": "AfterDuration", + "endDateTime": null, + "duration": "P365D" + } + }, + "ticketInfo": { + "ticketNumber": null, + "ticketSystem": null + }, + "justification": null, + "requestorId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "createdOn": "2020-09-09T21:32:27.91Z", + "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'", + "conditionVersion": "1.0", + "expandedProperties": { + "scope": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "displayName": "Pay-As-You-Go", + "type": "subscription" + }, + "roleDefinition": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "displayName": "Contributor", + "type": "BuiltInRole" + }, + "principal": { + "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "displayName": "User Account", + "email": "user@my-tenant.com", + "type": "User" + } + } + }, + "name": "64caffb6-55c0-4deb-a585-68e948ea1ad6", + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleEligibilityRequests/64caffb6-55c0-4deb-a585-68e948ea1ad6", + "type": "Microsoft.Authorization/RoleEligibilityRequests" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleEligibilityScheduleRequestByScope.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleEligibilityScheduleRequestByScope.json new file mode 100644 index 000000000000..ff7300f136c5 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleEligibilityScheduleRequestByScope.json @@ -0,0 +1,66 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "$filter": "assignedTo('A3BB8764-CB92-4276-9D2A-CA1E895E55EA')", + "api-version": "2020-10-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "targetRoleEligibilityScheduleId": "b1477448-2cc6-4ceb-93b4-54a202a89413", + "targetRoleEligibilityScheduleInstanceId": null, + "scope": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "principalType": "User", + "requestType": "AdminAssign", + "status": "Provisioned", + "approvalId": null, + "scheduleInfo": { + "startDateTime": "2020-09-09T21:31:27.91Z", + "expiration": { + "type": "AfterDuration", + "endDateTime": null, + "duration": "P365D" + } + }, + "ticketInfo": { + "ticketNumber": null, + "ticketSystem": null + }, + "justification": null, + "requestorId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "createdOn": "2020-09-09T21:32:27.91Z", + "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'", + "conditionVersion": "1.0", + "expandedProperties": { + "scope": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "displayName": "Pay-As-You-Go", + "type": "subscription" + }, + "roleDefinition": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "displayName": "Contributor", + "type": "BuiltInRole" + }, + "principal": { + "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "displayName": "User Account", + "email": "user@my-tenant.com", + "type": "User" + } + } + }, + "name": "64caffb6-55c0-4deb-a585-68e948ea1ad6", + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleEligibilityRequests/64caffb6-55c0-4deb-a585-68e948ea1ad6", + "type": "Microsoft.Authorization/RoleEligibilityRequests" + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleEligibilitySchedulesByScope.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleEligibilitySchedulesByScope.json new file mode 100644 index 000000000000..c1c7d106b455 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleEligibilitySchedulesByScope.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "$filter": "assignedTo('a3bb8764-cb92-4276-9d2a-ca1e895e55ea')", + "api-version": "2020-10-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "scope": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c", + "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "principalType": "User", + "status": "Provisioned", + "roleEligibilityScheduleRequestId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleEligibilityScheduleRequests/64caffb6-55c0-4deb-a585-68e948ea1ad6", + "startDateTime": "2020-09-09T21:33:14.557Z", + "endDateTime": "2021-09-09T21:32:28.49Z", + "memberType": "Direct", + "createdOn": "2020-09-09T21:33:06.3Z", + "updatedOn": "2020-09-09T22:27:00.513Z", + "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'", + "conditionVersion": "1.0", + "expandedProperties": { + "scope": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "displayName": "Pay-As-You-Go", + "type": "subscription" + }, + "roleDefinition": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "displayName": "Contributor", + "type": "BuiltInRole" + }, + "principal": { + "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "displayName": "User Account", + "email": "user@my-tenant.com", + "type": "User" + } + } + }, + "name": "b1477448-2cc6-4ceb-93b4-54a202a89413", + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleEligibilitySchedules/b1477448-2cc6-4ceb-93b4-54a202a89413", + "type": "Microsoft.Authorization/RoleEligibilitySchedules" + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleManagementPolicyAssignmentByName.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleManagementPolicyAssignmentByName.json new file mode 100644 index 000000000000..23c8f9d798e5 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleManagementPolicyAssignmentByName.json @@ -0,0 +1,391 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368", + "roleManagementPolicyAssignmentName": "b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24", + "api-version": "2020-10-01" + }, + "responses": { + "200": { + "body": { + "properties": { + "scope": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368", + "roleDefinitionId": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24", + "policyId": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9", + "effectiveRules": [ + { + "enabledRules": [], + "id": "Enablement_Admin_Eligibility", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": true, + "maximumDuration": "P90D", + "id": "Expiration_Admin_Eligibility", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_eligible@test.com" + ], + "id": "Notification_Admin_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_admin_eligible@test.com" + ], + "id": "Notification_Requestor_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "approver_admin_eligible@test.com" + ], + "id": "Notification_Approver_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [ + "MultiFactorAuthentication", + "Justification" + ], + "id": "Enablement_Admin_Assignment", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": false, + "maximumDuration": "P90D", + "id": "Expiration_Admin_Assignment", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_member@test.com" + ], + "id": "Notification_Admin_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_admin_member@test.com" + ], + "id": "Notification_Requestor_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "approver_admin_member@test.com" + ], + "id": "Notification_Approver_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "setting": { + "isApprovalRequired": true, + "isApprovalRequiredForExtension": false, + "isRequestorJustificationRequired": true, + "approvalMode": "SingleStage", + "approvalStages": [ + { + "approvalStageTimeOutInDays": 1, + "isApproverJustificationRequired": true, + "escalationTimeInMinutes": 0, + "primaryApprovers": [ + { + "id": "2385b0f3-5fa9-43cf-8ca4-b01dc97298cd", + "description": "amansw_new_group", + "isBackup": false, + "userType": "Group" + }, + { + "id": "2f4913c9-d15b-406a-9946-1d66a28f2690", + "description": "amansw_group", + "isBackup": false, + "userType": "Group" + } + ], + "isEscalationEnabled": false, + "escalationApprovers": null + } + ] + }, + "id": "Approval_EndUser_Assignment", + "ruleType": "RoleManagementPolicyApprovalRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isEnabled": false, + "claimValue": "", + "id": "AuthenticationContext_EndUser_Assignment", + "ruleType": "RoleManagementPolicyAuthenticationContextRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [ + "MultiFactorAuthentication", + "Justification", + "Ticketing" + ], + "id": "Enablement_EndUser_Assignment", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": true, + "maximumDuration": "PT7H", + "id": "Expiration_EndUser_Assignment", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_enduser_member@test.com" + ], + "id": "Notification_Admin_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_enduser_member@test.com" + ], + "id": "Notification_Requestor_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": true, + "notificationLevel": "Critical", + "notificationRecipients": null, + "id": "Notification_Approver_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + } + ], + "policyAssignmentProperties": { + "scope": { + "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368", + "displayName": "Pay-As-You-Go", + "type": "subscription" + }, + "roleDefinition": { + "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24", + "displayName": "FHIR Data Converter", + "type": "BuiltInRole" + }, + "policy": { + "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9", + "lastModifiedBy": { + "id": null, + "displayName": "Admin", + "type": null, + "email": null + }, + "lastModifiedDateTime": null + } + } + }, + "name": "b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24", + "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicyAssignment/b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24", + "type": "Microsoft.Authorization/RoleManagementPolicyAssignment" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleManagementPolicyAssignmentByScope.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleManagementPolicyAssignmentByScope.json new file mode 100644 index 000000000000..c13e8ab2ee06 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleManagementPolicyAssignmentByScope.json @@ -0,0 +1,394 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368", + "api-version": "2020-10-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "scope": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368", + "roleDefinitionId": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24", + "policyId": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9", + "effectiveRules": [ + { + "enabledRules": [], + "id": "Enablement_Admin_Eligibility", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": true, + "maximumDuration": "P90D", + "id": "Expiration_Admin_Eligibility", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_eligible@test.com" + ], + "id": "Notification_Admin_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_admin_eligible@test.com" + ], + "id": "Notification_Requestor_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "approver_admin_eligible@test.com" + ], + "id": "Notification_Approver_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [ + "MultiFactorAuthentication", + "Justification" + ], + "id": "Enablement_Admin_Assignment", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": false, + "maximumDuration": "P90D", + "id": "Expiration_Admin_Assignment", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_member@test.com" + ], + "id": "Notification_Admin_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_admin_member@test.com" + ], + "id": "Notification_Requestor_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "approver_admin_member@test.com" + ], + "id": "Notification_Approver_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "setting": { + "isApprovalRequired": true, + "isApprovalRequiredForExtension": false, + "isRequestorJustificationRequired": true, + "approvalMode": "SingleStage", + "approvalStages": [ + { + "approvalStageTimeOutInDays": 1, + "isApproverJustificationRequired": true, + "escalationTimeInMinutes": 0, + "primaryApprovers": [ + { + "id": "2385b0f3-5fa9-43cf-8ca4-b01dc97298cd", + "description": "amansw_new_group", + "isBackup": false, + "userType": "Group" + }, + { + "id": "2f4913c9-d15b-406a-9946-1d66a28f2690", + "description": "amansw_group", + "isBackup": false, + "userType": "Group" + } + ], + "isEscalationEnabled": false, + "escalationApprovers": null + } + ] + }, + "id": "Approval_EndUser_Assignment", + "ruleType": "RoleManagementPolicyApprovalRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isEnabled": false, + "claimValue": "", + "id": "AuthenticationContext_EndUser_Assignment", + "ruleType": "RoleManagementPolicyAuthenticationContextRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [ + "MultiFactorAuthentication", + "Justification", + "Ticketing" + ], + "id": "Enablement_EndUser_Assignment", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": true, + "maximumDuration": "PT7H", + "id": "Expiration_EndUser_Assignment", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_enduser_member@test.com" + ], + "id": "Notification_Admin_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_enduser_member@test.com" + ], + "id": "Notification_Requestor_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": true, + "notificationLevel": "Critical", + "notificationRecipients": null, + "id": "Notification_Approver_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + } + ], + "policyAssignmentProperties": { + "scope": { + "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368", + "displayName": "Pay-As-You-Go", + "type": "subscription" + }, + "roleDefinition": { + "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24", + "displayName": "FHIR Data Converter", + "type": "BuiltInRole" + }, + "policy": { + "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9", + "lastModifiedBy": { + "id": null, + "displayName": "Admin", + "type": null, + "email": null + }, + "lastModifiedDateTime": null + } + } + }, + "name": "b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24", + "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicyAssignment/b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24", + "type": "Microsoft.Authorization/RoleManagementPolicyAssignment" + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleManagementPolicyByName.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleManagementPolicyByName.json new file mode 100644 index 000000000000..12ffa1aa396d --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleManagementPolicyByName.json @@ -0,0 +1,732 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368", + "roleManagementPolicyName": "570c3619-7688-4b34-b290-2b8bb3ccab2a", + "api-version": "2020-10-01" + }, + "responses": { + "200": { + "body": { + "properties": { + "scope": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368", + "displayName": null, + "description": null, + "isOrganizationDefault": false, + "lastModifiedDateTime": "2021-03-17T02:54:27.167+00:00", + "lastModifiedBy": { + "id": null, + "displayName": "Admin", + "type": null, + "email": null + }, + "rules": [ + { + "enabledRules": [], + "id": "Enablement_Admin_Eligibility", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": true, + "maximumDuration": "P90D", + "id": "Expiration_Admin_Eligibility", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_eligible@test.com" + ], + "id": "Notification_Admin_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_admin_eligible@test.com" + ], + "id": "Notification_Requestor_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "approver_admin_eligible@test.com" + ], + "id": "Notification_Approver_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [ + "MultiFactorAuthentication", + "Justification" + ], + "id": "Enablement_Admin_Assignment", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": false, + "maximumDuration": "P90D", + "id": "Expiration_Admin_Assignment", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_member@test.com" + ], + "id": "Notification_Admin_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_admin_member@test.com" + ], + "id": "Notification_Requestor_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "approver_admin_member@test.com" + ], + "id": "Notification_Approver_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "setting": { + "isApprovalRequired": true, + "isApprovalRequiredForExtension": false, + "isRequestorJustificationRequired": true, + "approvalMode": "SingleStage", + "approvalStages": [ + { + "approvalStageTimeOutInDays": 1, + "isApproverJustificationRequired": true, + "escalationTimeInMinutes": 0, + "primaryApprovers": [ + { + "id": "2385b0f3-5fa9-43cf-8ca4-b01dc97298cd", + "description": "amansw_new_group", + "isBackup": false, + "userType": "Group" + }, + { + "id": "2f4913c9-d15b-406a-9946-1d66a28f2690", + "description": "amansw_group", + "isBackup": false, + "userType": "Group" + } + ], + "isEscalationEnabled": false, + "escalationApprovers": null + } + ] + }, + "id": "Approval_EndUser_Assignment", + "ruleType": "RoleManagementPolicyApprovalRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isEnabled": false, + "claimValue": "", + "id": "AuthenticationContext_EndUser_Assignment", + "ruleType": "RoleManagementPolicyAuthenticationContextRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [ + "MultiFactorAuthentication", + "Justification", + "Ticketing" + ], + "id": "Enablement_EndUser_Assignment", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": true, + "maximumDuration": "PT7H", + "id": "Expiration_EndUser_Assignment", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_enduser_member@test.com" + ], + "id": "Notification_Admin_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_enduser_member@test.com" + ], + "id": "Notification_Requestor_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": true, + "notificationLevel": "Critical", + "notificationRecipients": null, + "id": "Notification_Approver_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + } + ], + "effectiveRules": [ + { + "enabledRules": [], + "id": "Enablement_Admin_Eligibility", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": true, + "maximumDuration": "P90D", + "id": "Expiration_Admin_Eligibility", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_eligible@test.com" + ], + "id": "Notification_Admin_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_admin_eligible@test.com" + ], + "id": "Notification_Requestor_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "approver_admin_eligible@test.com" + ], + "id": "Notification_Approver_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [ + "MultiFactorAuthentication", + "Justification" + ], + "id": "Enablement_Admin_Assignment", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": false, + "maximumDuration": "P90D", + "id": "Expiration_Admin_Assignment", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_member@test.com" + ], + "id": "Notification_Admin_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_admin_member@test.com" + ], + "id": "Notification_Requestor_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "approver_admin_member@test.com" + ], + "id": "Notification_Approver_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "setting": { + "isApprovalRequired": true, + "isApprovalRequiredForExtension": false, + "isRequestorJustificationRequired": true, + "approvalMode": "SingleStage", + "approvalStages": [ + { + "approvalStageTimeOutInDays": 1, + "isApproverJustificationRequired": true, + "escalationTimeInMinutes": 0, + "primaryApprovers": [ + { + "id": "2385b0f3-5fa9-43cf-8ca4-b01dc97298cd", + "description": "amansw_new_group", + "isBackup": false, + "userType": "Group" + }, + { + "id": "2f4913c9-d15b-406a-9946-1d66a28f2690", + "description": "amansw_group", + "isBackup": false, + "userType": "Group" + } + ], + "isEscalationEnabled": false, + "escalationApprovers": null + } + ] + }, + "id": "Approval_EndUser_Assignment", + "ruleType": "RoleManagementPolicyApprovalRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isEnabled": false, + "claimValue": "", + "id": "AuthenticationContext_EndUser_Assignment", + "ruleType": "RoleManagementPolicyAuthenticationContextRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [ + "MultiFactorAuthentication", + "Justification", + "Ticketing" + ], + "id": "Enablement_EndUser_Assignment", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": true, + "maximumDuration": "PT7H", + "id": "Expiration_EndUser_Assignment", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_enduser_member@test.com" + ], + "id": "Notification_Admin_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_enduser_member@test.com" + ], + "id": "Notification_Requestor_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": true, + "notificationLevel": "Critical", + "notificationRecipients": null, + "id": "Notification_Approver_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + } + ], + "policyProperties": { + "scope": { + "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368", + "displayName": "Pay-As-You-Go", + "type": "subscription" + } + } + }, + "name": "570c3619-7688-4b34-b290-2b8bb3ccab2a", + "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/570c3619-7688-4b34-b290-2b8bb3ccab2a", + "type": "Microsoft.Authorization/RoleManagementPolicies" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleManagementPolicyByScope.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleManagementPolicyByScope.json new file mode 100644 index 000000000000..08e6c796138f --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/GetRoleManagementPolicyByScope.json @@ -0,0 +1,735 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368", + "api-version": "2020-10-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "scope": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368", + "displayName": null, + "description": null, + "isOrganizationDefault": false, + "lastModifiedDateTime": "2021-03-17T02:54:27.167+00:00", + "lastModifiedBy": { + "id": null, + "displayName": "Admin", + "type": null, + "email": null + }, + "rules": [ + { + "enabledRules": [], + "id": "Enablement_Admin_Eligibility", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": true, + "maximumDuration": "P90D", + "id": "Expiration_Admin_Eligibility", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_eligible@test.com" + ], + "id": "Notification_Admin_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_admin_eligible@test.com" + ], + "id": "Notification_Requestor_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "approver_admin_eligible@test.com" + ], + "id": "Notification_Approver_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [ + "MultiFactorAuthentication", + "Justification" + ], + "id": "Enablement_Admin_Assignment", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": false, + "maximumDuration": "P90D", + "id": "Expiration_Admin_Assignment", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_member@test.com" + ], + "id": "Notification_Admin_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_admin_member@test.com" + ], + "id": "Notification_Requestor_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "approver_admin_member@test.com" + ], + "id": "Notification_Approver_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "setting": { + "isApprovalRequired": true, + "isApprovalRequiredForExtension": false, + "isRequestorJustificationRequired": true, + "approvalMode": "SingleStage", + "approvalStages": [ + { + "approvalStageTimeOutInDays": 1, + "isApproverJustificationRequired": true, + "escalationTimeInMinutes": 0, + "primaryApprovers": [ + { + "id": "2385b0f3-5fa9-43cf-8ca4-b01dc97298cd", + "description": "amansw_new_group", + "isBackup": false, + "userType": "Group" + }, + { + "id": "2f4913c9-d15b-406a-9946-1d66a28f2690", + "description": "amansw_group", + "isBackup": false, + "userType": "Group" + } + ], + "isEscalationEnabled": false, + "escalationApprovers": null + } + ] + }, + "id": "Approval_EndUser_Assignment", + "ruleType": "RoleManagementPolicyApprovalRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isEnabled": false, + "claimValue": "", + "id": "AuthenticationContext_EndUser_Assignment", + "ruleType": "RoleManagementPolicyAuthenticationContextRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [ + "MultiFactorAuthentication", + "Justification", + "Ticketing" + ], + "id": "Enablement_EndUser_Assignment", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": true, + "maximumDuration": "PT7H", + "id": "Expiration_EndUser_Assignment", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_enduser_member@test.com" + ], + "id": "Notification_Admin_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_enduser_member@test.com" + ], + "id": "Notification_Requestor_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": true, + "notificationLevel": "Critical", + "notificationRecipients": null, + "id": "Notification_Approver_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + } + ], + "effectiveRules": [ + { + "enabledRules": [], + "id": "Enablement_Admin_Eligibility", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": true, + "maximumDuration": "P90D", + "id": "Expiration_Admin_Eligibility", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_eligible@test.com" + ], + "id": "Notification_Admin_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_admin_eligible@test.com" + ], + "id": "Notification_Requestor_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "approver_admin_eligible@test.com" + ], + "id": "Notification_Approver_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [ + "MultiFactorAuthentication", + "Justification" + ], + "id": "Enablement_Admin_Assignment", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": false, + "maximumDuration": "P90D", + "id": "Expiration_Admin_Assignment", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_member@test.com" + ], + "id": "Notification_Admin_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_admin_member@test.com" + ], + "id": "Notification_Requestor_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "approver_admin_member@test.com" + ], + "id": "Notification_Approver_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "setting": { + "isApprovalRequired": true, + "isApprovalRequiredForExtension": false, + "isRequestorJustificationRequired": true, + "approvalMode": "SingleStage", + "approvalStages": [ + { + "approvalStageTimeOutInDays": 1, + "isApproverJustificationRequired": true, + "escalationTimeInMinutes": 0, + "primaryApprovers": [ + { + "id": "2385b0f3-5fa9-43cf-8ca4-b01dc97298cd", + "description": "amansw_new_group", + "isBackup": false, + "userType": "Group" + }, + { + "id": "2f4913c9-d15b-406a-9946-1d66a28f2690", + "description": "amansw_group", + "isBackup": false, + "userType": "Group" + } + ], + "isEscalationEnabled": false, + "escalationApprovers": null + } + ] + }, + "id": "Approval_EndUser_Assignment", + "ruleType": "RoleManagementPolicyApprovalRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isEnabled": false, + "claimValue": "", + "id": "AuthenticationContext_EndUser_Assignment", + "ruleType": "RoleManagementPolicyAuthenticationContextRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [ + "MultiFactorAuthentication", + "Justification", + "Ticketing" + ], + "id": "Enablement_EndUser_Assignment", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": true, + "maximumDuration": "PT7H", + "id": "Expiration_EndUser_Assignment", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_enduser_member@test.com" + ], + "id": "Notification_Admin_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_enduser_member@test.com" + ], + "id": "Notification_Requestor_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": true, + "notificationLevel": "Critical", + "notificationRecipients": null, + "id": "Notification_Approver_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + } + ], + "policyProperties": { + "scope": { + "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368", + "displayName": "Pay-As-You-Go", + "type": "subscription" + } + } + }, + "name": "570c3619-7688-4b34-b290-2b8bb3ccab2a", + "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/570c3619-7688-4b34-b290-2b8bb3ccab2a", + "type": "Microsoft.Authorization/RoleManagementPolicies" + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PatchPartialRoleManagementPolicy.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PatchPartialRoleManagementPolicy.json new file mode 100644 index 000000000000..62d3b232d29e --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PatchPartialRoleManagementPolicy.json @@ -0,0 +1,775 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368", + "roleManagementPolicyName": "570c3619-7688-4b34-b290-2b8bb3ccab2a", + "api-version": "2020-10-01", + "parameters": { + "properties": { + "rules": [ + { + "isExpirationRequired": false, + "maximumDuration": "P180D", + "id": "Expiration_Admin_Eligibility", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_eligible@test.com" + ], + "id": "Notification_Admin_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + } + ] + } + } + }, + "responses": { + "200": { + "body": { + "properties": { + "scope": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368", + "displayName": null, + "description": null, + "isOrganizationDefault": false, + "lastModifiedDateTime": "2021-03-17T16:35:27.91+00:00", + "lastModifiedBy": { + "id": null, + "displayName": "Admin", + "type": null, + "email": null + }, + "rules": [ + { + "isExpirationRequired": false, + "maximumDuration": "P180D", + "id": "Expiration_Admin_Eligibility", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_eligible@test.com" + ], + "id": "Notification_Admin_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_admin_eligible@test.com" + ], + "id": "Notification_Requestor_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "approver_admin_eligible@test.com" + ], + "id": "Notification_Approver_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [], + "id": "Enablement_Admin_Eligibility", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": false, + "maximumDuration": "P90D", + "id": "Expiration_Admin_Assignment", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [ + "Justification", + "MultiFactorAuthentication" + ], + "id": "Enablement_Admin_Assignment", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_member@test.com" + ], + "id": "Notification_Admin_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_admin_member@test.com" + ], + "id": "Notification_Requestor_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "approver_admin_member@test.com" + ], + "id": "Notification_Approver_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": true, + "maximumDuration": "PT7H", + "id": "Expiration_EndUser_Assignment", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [ + "Justification", + "MultiFactorAuthentication", + "Ticketing" + ], + "id": "Enablement_EndUser_Assignment", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "setting": { + "isApprovalRequired": true, + "isApprovalRequiredForExtension": false, + "isRequestorJustificationRequired": true, + "approvalMode": "SingleStage", + "approvalStages": [ + { + "approvalStageTimeOutInDays": 1, + "isApproverJustificationRequired": true, + "escalationTimeInMinutes": 0, + "primaryApprovers": [ + { + "id": "2385b0f3-5fa9-43cf-8ca4-b01dc97298cd", + "description": "amansw_new_group", + "isBackup": false, + "userType": "Group" + }, + { + "id": "2f4913c9-d15b-406a-9946-1d66a28f2690", + "description": "amansw_group", + "isBackup": false, + "userType": "Group" + } + ], + "isEscalationEnabled": false, + "escalationApprovers": null + } + ] + }, + "id": "Approval_EndUser_Assignment", + "ruleType": "RoleManagementPolicyApprovalRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isEnabled": false, + "claimValue": "", + "id": "AuthenticationContext_EndUser_Assignment", + "ruleType": "RoleManagementPolicyAuthenticationContextRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_enduser_member@test.com" + ], + "id": "Notification_Admin_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_enduser_member@test.com" + ], + "id": "Notification_Requestor_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": true, + "notificationLevel": "Critical", + "notificationRecipients": null, + "id": "Notification_Approver_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + } + ], + "effectiveRules": [ + { + "isExpirationRequired": false, + "maximumDuration": "P180D", + "id": "Expiration_Admin_Eligibility", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_eligible@test.com" + ], + "id": "Notification_Admin_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_admin_eligible@test.com" + ], + "id": "Notification_Requestor_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "approver_admin_eligible@test.com" + ], + "id": "Notification_Approver_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [], + "id": "Enablement_Admin_Eligibility", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": false, + "maximumDuration": "P90D", + "id": "Expiration_Admin_Assignment", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [ + "Justification", + "MultiFactorAuthentication" + ], + "id": "Enablement_Admin_Assignment", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_member@test.com" + ], + "id": "Notification_Admin_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_admin_member@test.com" + ], + "id": "Notification_Requestor_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "approver_admin_member@test.com" + ], + "id": "Notification_Approver_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": true, + "maximumDuration": "PT7H", + "id": "Expiration_EndUser_Assignment", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [ + "Justification", + "MultiFactorAuthentication", + "Ticketing" + ], + "id": "Enablement_EndUser_Assignment", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "setting": { + "isApprovalRequired": true, + "isApprovalRequiredForExtension": false, + "isRequestorJustificationRequired": true, + "approvalMode": "SingleStage", + "approvalStages": [ + { + "approvalStageTimeOutInDays": 1, + "isApproverJustificationRequired": true, + "escalationTimeInMinutes": 0, + "primaryApprovers": [ + { + "id": "2385b0f3-5fa9-43cf-8ca4-b01dc97298cd", + "description": "amansw_new_group", + "isBackup": false, + "userType": "Group" + }, + { + "id": "2f4913c9-d15b-406a-9946-1d66a28f2690", + "description": "amansw_group", + "isBackup": false, + "userType": "Group" + } + ], + "isEscalationEnabled": false, + "escalationApprovers": null + } + ] + }, + "id": "Approval_EndUser_Assignment", + "ruleType": "RoleManagementPolicyApprovalRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isEnabled": false, + "claimValue": "", + "id": "AuthenticationContext_EndUser_Assignment", + "ruleType": "RoleManagementPolicyAuthenticationContextRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_enduser_member@test.com" + ], + "id": "Notification_Admin_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_enduser_member@test.com" + ], + "id": "Notification_Requestor_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": true, + "notificationLevel": "Critical", + "notificationRecipients": null, + "id": "Notification_Approver_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + } + ], + "policyProperties": { + "scope": { + "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368", + "displayName": "Pay-As-You-Go", + "type": "subscription" + } + } + }, + "name": "570c3619-7688-4b34-b290-2b8bb3ccab2a", + "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/570c3619-7688-4b34-b290-2b8bb3ccab2a", + "type": "Microsoft.Authorization/RoleManagementPolicies" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PatchRoleManagementPolicy.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PatchRoleManagementPolicy.json new file mode 100644 index 000000000000..0f5e3e1c85cb --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PatchRoleManagementPolicy.json @@ -0,0 +1,1084 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368", + "roleManagementPolicyName": "570c3619-7688-4b34-b290-2b8bb3ccab2a", + "api-version": "2020-10-01", + "parameters": { + "properties": { + "rules": [ + { + "isExpirationRequired": false, + "maximumDuration": "P180D", + "id": "Expiration_Admin_Eligibility", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_eligible@test.com" + ], + "id": "Notification_Admin_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_admin_eligible@test.com" + ], + "id": "Notification_Requestor_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "approver_admin_eligible@test.com" + ], + "id": "Notification_Approver_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [], + "id": "Enablement_Admin_Eligibility", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": false, + "maximumDuration": "P90D", + "id": "Expiration_Admin_Assignment", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [ + "Justification", + "MultiFactorAuthentication" + ], + "id": "Enablement_Admin_Assignment", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_member@test.com" + ], + "id": "Notification_Admin_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_admin_member@test.com" + ], + "id": "Notification_Requestor_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "approver_admin_member@test.com" + ], + "id": "Notification_Approver_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": true, + "maximumDuration": "PT7H", + "id": "Expiration_EndUser_Assignment", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [ + "Justification", + "MultiFactorAuthentication", + "Ticketing" + ], + "id": "Enablement_EndUser_Assignment", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "setting": { + "isApprovalRequired": true, + "isApprovalRequiredForExtension": false, + "isRequestorJustificationRequired": true, + "approvalMode": "SingleStage", + "approvalStages": [ + { + "approvalStageTimeOutInDays": 1, + "isApproverJustificationRequired": true, + "escalationTimeInMinutes": 0, + "primaryApprovers": [ + { + "id": "2385b0f3-5fa9-43cf-8ca4-b01dc97298cd", + "description": "amansw_new_group", + "isBackup": false, + "userType": "Group" + }, + { + "id": "2f4913c9-d15b-406a-9946-1d66a28f2690", + "description": "amansw_group", + "isBackup": false, + "userType": "Group" + } + ], + "isEscalationEnabled": false, + "escalationApprovers": null + } + ] + }, + "id": "Approval_EndUser_Assignment", + "ruleType": "RoleManagementPolicyApprovalRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isEnabled": false, + "claimValue": "", + "id": "AuthenticationContext_EndUser_Assignment", + "ruleType": "RoleManagementPolicyAuthenticationContextRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_enduser_member@test.com" + ], + "id": "Notification_Admin_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_enduser_member@test.com" + ], + "id": "Notification_Requestor_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": true, + "notificationLevel": "Critical", + "notificationRecipients": null, + "id": "Notification_Approver_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + } + ] + } + } + }, + "responses": { + "200": { + "body": { + "properties": { + "scope": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368", + "displayName": null, + "description": null, + "isOrganizationDefault": false, + "lastModifiedDateTime": "2021-03-17T16:35:27.91+00:00", + "lastModifiedBy": { + "id": null, + "displayName": "Admin", + "type": null, + "email": null + }, + "rules": [ + { + "isExpirationRequired": false, + "maximumDuration": "P180D", + "id": "Expiration_Admin_Eligibility", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_eligible@test.com" + ], + "id": "Notification_Admin_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_admin_eligible@test.com" + ], + "id": "Notification_Requestor_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "approver_admin_eligible@test.com" + ], + "id": "Notification_Approver_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [], + "id": "Enablement_Admin_Eligibility", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": false, + "maximumDuration": "P90D", + "id": "Expiration_Admin_Assignment", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [ + "Justification", + "MultiFactorAuthentication" + ], + "id": "Enablement_Admin_Assignment", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_member@test.com" + ], + "id": "Notification_Admin_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_admin_member@test.com" + ], + "id": "Notification_Requestor_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "approver_admin_member@test.com" + ], + "id": "Notification_Approver_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": true, + "maximumDuration": "PT7H", + "id": "Expiration_EndUser_Assignment", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [ + "Justification", + "MultiFactorAuthentication", + "Ticketing" + ], + "id": "Enablement_EndUser_Assignment", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "setting": { + "isApprovalRequired": true, + "isApprovalRequiredForExtension": false, + "isRequestorJustificationRequired": true, + "approvalMode": "SingleStage", + "approvalStages": [ + { + "approvalStageTimeOutInDays": 1, + "isApproverJustificationRequired": true, + "escalationTimeInMinutes": 0, + "primaryApprovers": [ + { + "id": "2385b0f3-5fa9-43cf-8ca4-b01dc97298cd", + "description": "amansw_new_group", + "isBackup": false, + "userType": "Group" + }, + { + "id": "2f4913c9-d15b-406a-9946-1d66a28f2690", + "description": "amansw_group", + "isBackup": false, + "userType": "Group" + } + ], + "isEscalationEnabled": false, + "escalationApprovers": null + } + ] + }, + "id": "Approval_EndUser_Assignment", + "ruleType": "RoleManagementPolicyApprovalRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isEnabled": false, + "claimValue": "", + "id": "AuthenticationContext_EndUser_Assignment", + "ruleType": "RoleManagementPolicyAuthenticationContextRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_enduser_member@test.com" + ], + "id": "Notification_Admin_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_enduser_member@test.com" + ], + "id": "Notification_Requestor_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": true, + "notificationLevel": "Critical", + "notificationRecipients": null, + "id": "Notification_Approver_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + } + ], + "effectiveRules": [ + { + "isExpirationRequired": false, + "maximumDuration": "P180D", + "id": "Expiration_Admin_Eligibility", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_eligible@test.com" + ], + "id": "Notification_Admin_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_admin_eligible@test.com" + ], + "id": "Notification_Requestor_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "approver_admin_eligible@test.com" + ], + "id": "Notification_Approver_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [], + "id": "Enablement_Admin_Eligibility", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": false, + "maximumDuration": "P90D", + "id": "Expiration_Admin_Assignment", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [ + "Justification", + "MultiFactorAuthentication" + ], + "id": "Enablement_Admin_Assignment", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_member@test.com" + ], + "id": "Notification_Admin_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_admin_member@test.com" + ], + "id": "Notification_Requestor_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "approver_admin_member@test.com" + ], + "id": "Notification_Approver_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": true, + "maximumDuration": "PT7H", + "id": "Expiration_EndUser_Assignment", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [ + "Justification", + "MultiFactorAuthentication", + "Ticketing" + ], + "id": "Enablement_EndUser_Assignment", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "setting": { + "isApprovalRequired": true, + "isApprovalRequiredForExtension": false, + "isRequestorJustificationRequired": true, + "approvalMode": "SingleStage", + "approvalStages": [ + { + "approvalStageTimeOutInDays": 1, + "isApproverJustificationRequired": true, + "escalationTimeInMinutes": 0, + "primaryApprovers": [ + { + "id": "2385b0f3-5fa9-43cf-8ca4-b01dc97298cd", + "description": "amansw_new_group", + "isBackup": false, + "userType": "Group" + }, + { + "id": "2f4913c9-d15b-406a-9946-1d66a28f2690", + "description": "amansw_group", + "isBackup": false, + "userType": "Group" + } + ], + "isEscalationEnabled": false, + "escalationApprovers": null + } + ] + }, + "id": "Approval_EndUser_Assignment", + "ruleType": "RoleManagementPolicyApprovalRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isEnabled": false, + "claimValue": "", + "id": "AuthenticationContext_EndUser_Assignment", + "ruleType": "RoleManagementPolicyAuthenticationContextRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_enduser_member@test.com" + ], + "id": "Notification_Admin_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_enduser_member@test.com" + ], + "id": "Notification_Requestor_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": true, + "notificationLevel": "Critical", + "notificationRecipients": null, + "id": "Notification_Approver_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + } + ], + "policyProperties": { + "scope": { + "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368", + "displayName": "Pay-As-You-Go", + "type": "subscription" + } + } + }, + "name": "570c3619-7688-4b34-b290-2b8bb3ccab2a", + "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/570c3619-7688-4b34-b290-2b8bb3ccab2a", + "type": "Microsoft.Authorization/RoleManagementPolicies" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PutRoleAssignmentScheduleRequest.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PutRoleAssignmentScheduleRequest.json new file mode 100644 index 000000000000..53d11cc9487b --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PutRoleAssignmentScheduleRequest.json @@ -0,0 +1,80 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleAssignmentScheduleRequestName": "fea7a502-9a96-4806-a26f-eee560e52045", + "parameters": { + "properties": { + "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "requestType": "SelfActivate", + "linkedRoleEligibilityScheduleId": "b1477448-2cc6-4ceb-93b4-54a202a89413", + "scheduleInfo": { + "startDateTime": "2020-09-09T21:35:27.91Z", + "expiration": { + "type": "AfterDuration", + "endDateTime": null, + "duration": "PT8H" + } + }, + "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'", + "conditionVersion": "1.0" + } + }, + "api-version": "2020-10-01" + }, + "responses": { + "201": { + "body": { + "properties": { + "targetRoleAssignmentScheduleId": "c9e264ff-3133-4776-a81a-ebc7c33c8ec6", + "targetRoleAssignmentScheduleInstanceId": null, + "scope": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "principalType": "User", + "requestType": "SelfActivate", + "status": "Provisioned", + "approvalId": null, + "scheduleInfo": { + "startDateTime": "2020-09-09T21:35:27.91Z", + "expiration": { + "type": "AfterDuration", + "endDateTime": null, + "duration": "PT8H" + } + }, + "ticketInfo": { + "ticketNumber": null, + "ticketSystem": null + }, + "justification": null, + "requestorId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "createdOn": "2020-09-09T21:35:27.91Z", + "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'", + "conditionVersion": "1.0", + "expandedProperties": { + "scope": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "displayName": "Pay-As-You-Go", + "type": "subscription" + }, + "roleDefinition": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "displayName": "Contributor", + "type": "BuiltInRole" + }, + "principal": { + "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "displayName": "User Account", + "email": "user@my-tenant.com", + "type": "User" + } + } + }, + "name": "fea7a502-9a96-4806-a26f-eee560e52045", + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleAssignmentScheduleRequests/fea7a502-9a96-4806-a26f-eee560e52045", + "type": "Microsoft.Authorization/RoleAssignmentScheduleRequests" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PutRoleEligibilityScheduleRequest.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PutRoleEligibilityScheduleRequest.json new file mode 100644 index 000000000000..5bb91f385a35 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PutRoleEligibilityScheduleRequest.json @@ -0,0 +1,79 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleEligibilityScheduleRequestName": "64caffb6-55c0-4deb-a585-68e948ea1ad6", + "parameters": { + "properties": { + "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "requestType": "AdminAssign", + "scheduleInfo": { + "startDateTime": "2020-09-09T21:31:27.91Z", + "expiration": { + "type": "AfterDuration", + "endDateTime": null, + "duration": "P365D" + } + }, + "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'", + "conditionVersion": "1.0" + } + }, + "api-version": "2020-10-01" + }, + "responses": { + "201": { + "body": { + "properties": { + "targetRoleEligibilityScheduleId": "b1477448-2cc6-4ceb-93b4-54a202a89413", + "targetRoleEligibilityScheduleInstanceId": null, + "scope": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "principalType": "User", + "requestType": "AdminAssign", + "status": "Provisioned", + "approvalId": null, + "scheduleInfo": { + "startDateTime": "2020-09-09T21:31:27.91Z", + "expiration": { + "type": "AfterDuration", + "endDateTime": null, + "duration": "P365D" + } + }, + "ticketInfo": { + "ticketNumber": null, + "ticketSystem": null + }, + "justification": null, + "requestorId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "createdOn": "2020-09-09T21:32:27.91Z", + "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'", + "conditionVersion": "1.0", + "expandedProperties": { + "scope": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "displayName": "Pay-As-You-Go", + "type": "subscription" + }, + "roleDefinition": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "displayName": "Contributor", + "type": "BuiltInRole" + }, + "principal": { + "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "displayName": "User Account", + "email": "user@my-tenant.com", + "type": "User" + } + } + }, + "name": "64caffb6-55c0-4deb-a585-68e948ea1ad6", + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleEligibilityScheduleRequests/64caffb6-55c0-4deb-a585-68e948ea1ad6", + "type": "Microsoft.Authorization/RoleEligibilityScheduleRequests" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PutRoleManagementPolicyAssignment.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PutRoleManagementPolicyAssignment.json new file mode 100644 index 000000000000..a7d4bafae636 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/PutRoleManagementPolicyAssignment.json @@ -0,0 +1,393 @@ +{ + "parameters": { + "scope": "providers/Microsoft.Subscription/subscriptions/129ff972-28f8-46b8-a726-e497be039368", + "roleManagementPolicyAssignmentName": "b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24", + "api-version": "2020-10-01", + "parameters": { + "properties": { + "scope": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368", + "roleDefinitionId": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24", + "policyId": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9" + } + } + }, + "responses": { + "201": { + "body": { + "properties": { + "scope": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368", + "roleDefinitionId": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24", + "policyId": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9", + "effectiveRules": [ + { + "enabledRules": [], + "id": "Enablement_Admin_Eligibility", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": true, + "maximumDuration": "P90D", + "id": "Expiration_Admin_Eligibility", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_eligible@test.com" + ], + "id": "Notification_Admin_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_admin_eligible@test.com" + ], + "id": "Notification_Requestor_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "approver_admin_eligible@test.com" + ], + "id": "Notification_Approver_Admin_Eligibility", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Eligibility", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [ + "MultiFactorAuthentication", + "Justification" + ], + "id": "Enablement_Admin_Assignment", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": false, + "maximumDuration": "P90D", + "id": "Expiration_Admin_Assignment", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_admin_member@test.com" + ], + "id": "Notification_Admin_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_admin_member@test.com" + ], + "id": "Notification_Requestor_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "approver_admin_member@test.com" + ], + "id": "Notification_Approver_Admin_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "Admin", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "setting": { + "isApprovalRequired": true, + "isApprovalRequiredForExtension": false, + "isRequestorJustificationRequired": true, + "approvalMode": "SingleStage", + "approvalStages": [ + { + "approvalStageTimeOutInDays": 1, + "isApproverJustificationRequired": true, + "escalationTimeInMinutes": 0, + "primaryApprovers": [ + { + "id": "2385b0f3-5fa9-43cf-8ca4-b01dc97298cd", + "description": "amansw_new_group", + "isBackup": false, + "userType": "Group" + }, + { + "id": "2f4913c9-d15b-406a-9946-1d66a28f2690", + "description": "amansw_group", + "isBackup": false, + "userType": "Group" + } + ], + "isEscalationEnabled": false, + "escalationApprovers": null + } + ] + }, + "id": "Approval_EndUser_Assignment", + "ruleType": "RoleManagementPolicyApprovalRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isEnabled": false, + "claimValue": "", + "id": "AuthenticationContext_EndUser_Assignment", + "ruleType": "RoleManagementPolicyAuthenticationContextRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "enabledRules": [ + "MultiFactorAuthentication", + "Justification", + "Ticketing" + ], + "id": "Enablement_EndUser_Assignment", + "ruleType": "RoleManagementPolicyEnablementRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "isExpirationRequired": true, + "maximumDuration": "PT7H", + "id": "Expiration_EndUser_Assignment", + "ruleType": "RoleManagementPolicyExpirationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Admin", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "admin_enduser_member@test.com" + ], + "id": "Notification_Admin_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Requestor", + "isDefaultRecipientsEnabled": false, + "notificationLevel": "Critical", + "notificationRecipients": [ + "requestor_enduser_member@test.com" + ], + "id": "Notification_Requestor_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + }, + { + "notificationType": "Email", + "recipientType": "Approver", + "isDefaultRecipientsEnabled": true, + "notificationLevel": "Critical", + "notificationRecipients": null, + "id": "Notification_Approver_EndUser_Assignment", + "ruleType": "RoleManagementPolicyNotificationRule", + "target": { + "caller": "EndUser", + "operations": [ + "All" + ], + "level": "Assignment", + "targetObjects": null, + "inheritableSettings": null, + "enforcedSettings": null + } + } + ], + "policyAssignmentProperties": { + "scope": { + "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368", + "displayName": "Pay-As-You-Go", + "type": "subscription" + }, + "roleDefinition": { + "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24", + "displayName": "FHIR Data Converter", + "type": "BuiltInRole" + }, + "policy": { + "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicies/b959d571-f0b5-4042-88a7-01be6cb22db9", + "lastModifiedBy": null, + "lastModifiedDateTime": null + } + } + }, + "name": "b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24", + "id": "/subscriptions/129ff972-28f8-46b8-a726-e497be039368/providers/Microsoft.Authorization/roleManagementPolicyAssignment/b959d571-f0b5-4042-88a7-01be6cb22db9_a1705bd2-3a8f-45a5-8683-466fcfd5cc24", + "type": "Microsoft.Authorization/RoleManagementPolicyAssignment" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/ValidateRoleAssignmentScheduleRequestByName.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/ValidateRoleAssignmentScheduleRequestByName.json new file mode 100644 index 000000000000..c3c963c59b45 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/ValidateRoleAssignmentScheduleRequestByName.json @@ -0,0 +1,80 @@ +{ + "parameters": { + "scope": "subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleAssignmentScheduleRequestName": "fea7a502-9a96-4806-a26f-eee560e52045", + "parameters": { + "properties": { + "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "requestType": "SelfActivate", + "linkedRoleEligibilityScheduleId": "b1477448-2cc6-4ceb-93b4-54a202a89413", + "scheduleInfo": { + "startDateTime": "2020-09-09T21:35:27.91Z", + "expiration": { + "type": "AfterDuration", + "endDateTime": null, + "duration": "PT8H" + } + }, + "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'", + "conditionVersion": "1.0" + } + }, + "api-version": "2022-04-01" + }, + "responses": { + "200": { + "body": { + "properties": { + "targetRoleAssignmentScheduleId": "c9e264ff-3133-4776-a81a-ebc7c33c8ec6", + "targetRoleAssignmentScheduleInstanceId": null, + "scope": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "principalType": "User", + "requestType": "SelfActivate", + "status": "Provisioned", + "approvalId": null, + "scheduleInfo": { + "startDateTime": "2020-09-09T21:35:27.91Z", + "expiration": { + "type": "AfterDuration", + "endDateTime": null, + "duration": "PT8H" + } + }, + "ticketInfo": { + "ticketNumber": null, + "ticketSystem": null + }, + "justification": null, + "requestorId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "createdOn": "2020-09-09T21:35:27.91Z", + "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'", + "conditionVersion": "1.0", + "expandedProperties": { + "scope": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "displayName": "Pay-As-You-Go", + "type": "subscription" + }, + "roleDefinition": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "displayName": "Contributor", + "type": "BuiltInRole" + }, + "principal": { + "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "displayName": "User Account", + "email": "user@my-tenant.com", + "type": "User" + } + } + }, + "name": "fea7a502-9a96-4806-a26f-eee560e52045", + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleAssignmentScheduleRequests/fea7a502-9a96-4806-a26f-eee560e52045", + "type": "Microsoft.Authorization/RoleAssignmentScheduleRequests" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/ValidateRoleEligibilityScheduleRequestByName.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/ValidateRoleEligibilityScheduleRequestByName.json new file mode 100644 index 000000000000..fe18e4519d13 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2020-10-01/examples/ValidateRoleEligibilityScheduleRequestByName.json @@ -0,0 +1,79 @@ +{ + "parameters": { + "scope": "subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleEligibilityScheduleRequestName": "64caffb6-55c0-4deb-a585-68e948ea1ad6", + "parameters": { + "properties": { + "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "requestType": "AdminAssign", + "scheduleInfo": { + "startDateTime": "2020-09-09T21:31:27.91Z", + "expiration": { + "type": "AfterDuration", + "endDateTime": null, + "duration": "P365D" + } + }, + "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'", + "conditionVersion": "1.0" + } + }, + "api-version": "2022-04-01" + }, + "responses": { + "200": { + "body": { + "properties": { + "targetRoleEligibilityScheduleId": "b1477448-2cc6-4ceb-93b4-54a202a89413", + "targetRoleEligibilityScheduleInstanceId": null, + "scope": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "roleDefinitionId": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "principalType": "User", + "requestType": "AdminAssign", + "status": "Provisioned", + "approvalId": null, + "scheduleInfo": { + "startDateTime": "2020-09-09T21:31:27.91Z", + "expiration": { + "type": "AfterDuration", + "endDateTime": null, + "duration": "P365D" + } + }, + "ticketInfo": { + "ticketNumber": null, + "ticketSystem": null + }, + "justification": null, + "requestorId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "createdOn": "2020-09-09T21:32:27.91Z", + "condition": "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'", + "conditionVersion": "1.0", + "expandedProperties": { + "scope": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f", + "displayName": "Pay-As-You-Go", + "type": "subscription" + }, + "roleDefinition": { + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "displayName": "Contributor", + "type": "BuiltInRole" + }, + "principal": { + "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea", + "displayName": "User Account", + "email": "user@my-tenant.com", + "type": "User" + } + } + }, + "name": "64caffb6-55c0-4deb-a585-68e948ea1ad6", + "id": "/subscriptions/dfa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/RoleEligibilityScheduleRequests/64caffb6-55c0-4deb-a585-68e948ea1ad6", + "type": "Microsoft.Authorization/RoleEligibilityScheduleRequests" + } + } + } +} diff --git a/specification/authorization/resource-manager/readme.md b/specification/authorization/resource-manager/readme.md index 6b8cdfd52385..ada09dcfb8a6 100644 --- a/specification/authorization/resource-manager/readme.md +++ b/specification/authorization/resource-manager/readme.md @@ -82,6 +82,47 @@ directive: reason: common-types doesn't need to reference api version. ``` +### Tag: package-2020-10-01 + +These settings apply only when `--tag=package-2020-10-01` is specified on the command line. + +``` yaml $(tag) == 'package-2020-10-01' +input-file: +- Microsoft.Authorization/stable/2015-07-01/authorization-RoleDefinitionsCalls.json +- Microsoft.Authorization/stable/2015-07-01/authorization-ProviderOperationsCalls.json +- Microsoft.Authorization/stable/2015-07-01/authorization-ElevateAccessCalls.json +- Microsoft.Authorization/stable/2015-07-01/authorization-RoleAssignmentsCalls.json +- Microsoft.Authorization/stable/2015-07-01/authorization-ClassicAdminCalls.json +- Microsoft.Authorization/stable/2020-10-01/common-types.json +- Microsoft.Authorization/stable/2020-10-01/EligibleChildResources.json +- Microsoft.Authorization/stable/2020-10-01/RoleAssignmentSchedule.json +- Microsoft.Authorization/stable/2020-10-01/RoleAssignmentScheduleInstance.json +- Microsoft.Authorization/stable/2020-10-01/RoleAssignmentScheduleRequest.json +- Microsoft.Authorization/stable/2020-10-01/RoleEligibilitySchedule.json +- Microsoft.Authorization/stable/2020-10-01/RoleEligibilityScheduleInstance.json +- Microsoft.Authorization/stable/2020-10-01/RoleEligibilityScheduleRequest.json +- Microsoft.Authorization/stable/2020-10-01/RoleManagementPolicy.json +- Microsoft.Authorization/stable/2020-10-01/RoleManagementPolicyAssignment.json +``` + +### Tag: package-2020-10-01-only + +These settings apply only when `--tag=package-2020-10-01-only` is specified on the command line. + +``` yaml $(tag) == 'package-2020-10-01-only' +input-file: +- Microsoft.Authorization/stable/2020-10-01/common-types.json +- Microsoft.Authorization/stable/2020-10-01/EligibleChildResources.json +- Microsoft.Authorization/stable/2020-10-01/RoleAssignmentSchedule.json +- Microsoft.Authorization/stable/2020-10-01/RoleAssignmentScheduleInstance.json +- Microsoft.Authorization/stable/2020-10-01/RoleAssignmentScheduleRequest.json +- Microsoft.Authorization/stable/2020-10-01/RoleEligibilitySchedule.json +- Microsoft.Authorization/stable/2020-10-01/RoleEligibilityScheduleInstance.json +- Microsoft.Authorization/stable/2020-10-01/RoleEligibilityScheduleRequest.json +- Microsoft.Authorization/stable/2020-10-01/RoleManagementPolicy.json +- Microsoft.Authorization/stable/2020-10-01/RoleManagementPolicyAssignment.json +``` + ### Tag: package-2022-04-01-preview-only These settings apply only when `--tag=package-2022-04-01-preview-only` is specified on the command line. diff --git a/specification/authorization/resource-manager/readme.python.md b/specification/authorization/resource-manager/readme.python.md index fbeb54932348..2c49d1a70ba8 100644 --- a/specification/authorization/resource-manager/readme.python.md +++ b/specification/authorization/resource-manager/readme.python.md @@ -20,6 +20,7 @@ batch: - tag: package-2021-07-01-preview-only - tag: package-2021-03-01-preview-only - tag: package-2021-01-01-preview-only + - tag: package-2020-10-01-only - tag: package-2020-10-01-preview-only - tag: package-2020-04-01-preview-only - tag: package-2019-08-01-preview-only @@ -63,6 +64,16 @@ These settings apply only when `--tag=package-2021-01-01-preview-only --python` namespace: azure.mgmt.authorization.v2021_01_01_preview output-folder: $(python-sdks-folder)/authorization/azure-mgmt-authorization/azure/mgmt/authorization/v2021_01_01_preview ``` + +### Tag: package-2020-10-01-only and python + +These settings apply only when `--tag=package-2020-10-01-only --python` is specified on the command line. + +``` yaml $(tag) == 'package-2020-10-01-only' && $(python) +namespace: azure.mgmt.authorization.v2020_10_01 +output-folder: $(python-sdks-folder)/authorization/azure-mgmt-authorization/azure/mgmt/authorization/v2020_10_01 +``` + ### Tag: package-2020-10-01-preview-only and python These settings apply only when `--tag=package-2020-10-01-preview-only --python` is specified on the command line.