You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
1. Replace *{filter}* with the display name for the role.
84
88
85
-
| Filter | Description |
86
-
| --- | --- |
87
-
| `$filter=roleName%20eq%20'{roleDisplayName}'` | Use the URL encoded form of the exact display name of the role. For instance, `$filter=roleName%20eq%20'Virtual%20Machine%20Contributor'` |
89
+
> [!div class="mx-tableFixed"]
90
+
> | Filter | Description |
91
+
> | --- | --- |
92
+
> | `$filter=roleName+eq+'{roleDisplayName}'` | Use the URL encoded form of the exact display name of the role. For instance, `$filter=roleName+eq+'Virtual%20Machine%20Contributor'` |
88
93
89
94
## List a custom role definition by ID
90
95
@@ -100,11 +105,12 @@ To get information about a custom role by its unique identifier, use the [Role D
100
105
101
106
1. Within the URI, replace *{scope}* with the scope for which you want to list the roles.
1. Replace *{filter}* with the condition that you want to apply to filter the deny assignment list.
75
77
76
-
| Filter | Description |
77
-
| --- | --- |
78
-
| (no filter) | List all deny assignments at, above, and below the specified scope. |
79
-
| `$filter=atScope()` | List deny assignments for only the specified scope and above. Does not include the deny assignments at subscopes. |
80
-
| `$filter=denyAssignmentName%20eq%20'{deny-assignment-name}'` | List deny assignments with the specified name. |
78
+
> [!div class="mx-tableFixed"]
79
+
> | Filter | Description |
80
+
> | --- | --- |
81
+
> | (no filter) | Lists all deny assignments at, above, and below the specified scope. |
82
+
> | `$filter=atScope()` | Lists deny assignments for only the specified scope and above. Does not include the deny assignments at subscopes. |
83
+
> | `$filter=assignedTo('{objectId}')` | Lists deny assignments for the specified user or service principal.<br/>If the user is a member of a group that has a deny assignment, that deny assignment is also listed. This filter is transitive for groups which means that if the user is a member of a group and that group is a member of another group that has a deny assignment, that deny assignment is also listed.<br/>This filter only accepts an object ID for a user or a service principal. You cannot pass an object ID for a group. |
84
+
> | `$filter=atScope()+and+assignedTo('{objectId}')` | Lists deny assignments for the specified user or service principal and at the specified scope. |
85
+
> | `$filter=denyAssignmentName+eq+'{deny-assignment-name}'` | Lists deny assignments with the specified name. |
86
+
> | `$filter=principalId+eq+'{objectId}'` | Lists deny assignments for the specified user, group, or service principal. |
81
87
82
88
## List deny assignments at the root scope (/)
83
89
@@ -91,10 +97,11 @@ To get information about a deny assignment, you must have:
91
97
92
98
1. Replace *{filter}* with the condition that you want to apply to filter the deny assignment list. A filter is required.
93
99
94
-
| Filter | Description |
95
-
| --- | --- |
96
-
| `$filter=atScope()` | List deny assignments for only the root scope. Does not include the deny assignments at subscopes. |
97
-
| `$filter=denyAssignmentName%20eq%20'{deny-assignment-name}'` | List deny assignments with the specified name. |
100
+
> [!div class="mx-tableFixed"]
101
+
> | Filter | Description |
102
+
> | --- | --- |
103
+
> | `$filter=atScope()` | List deny assignments for only the root scope. Does not include the deny assignments at subscopes. |
104
+
> | `$filter=denyAssignmentName+eq+'{deny-assignment-name}'` | List deny assignments with the specified name. |
In the previous example, microsoft.web is a resource provider that refers to an App Service instance. Similarly, you can use any other resource providers and specify the scope. For more information, see [Azure Resource providers and types](../azure-resource-manager/management/resource-providers-and-types.md) and supported [Azure Resource Manager resource provider operations](resource-provider-operations.md).
48
49
49
50
1. Replace *{filter}* with the condition that you want to apply to filter the role assignment list.
50
51
51
-
| Filter | Description |
52
-
| --- | --- |
53
-
| `$filter=atScope()` | Lists role assignments for only the specified scope, not including the role assignments at subscopes. |
54
-
| `$filter=principalId%20eq%20'{objectId}'` | Lists role assignments for a specified user, group, or service principal. |
55
-
| `$filter=assignedTo('{objectId}')` | Lists role assignments for a specified user or service principal. If the user is a member of a group that has a role assignment, that role assignment is also listed. This filter is transitive for groups which means that if the user is a member of a group and that group is a member of another group that has a role assignment, that role assignment is also listed. This filter only accepts an object ID for a user or a service principal. You cannot pass an object ID for a group. |
52
+
> [!div class="mx-tableFixed"]
53
+
> | Filter | Description |
54
+
> | --- | --- |
55
+
> | `$filter=atScope()` | Lists role assignments for only the specified scope, not including the role assignments at subscopes. |
56
+
> | `$filter=assignedTo('{objectId}')` | Lists role assignments for a specified user or service principal.<br/>If the user is a member of a group that has a role assignment, that role assignment is also listed. This filter is transitive for groups which means that if the user is a member of a group and that group is a member of another group that has a role assignment, that role assignment is also listed.<br/>This filter only accepts an object ID for a user or a service principal. You cannot pass an object ID for a group. |
57
+
> | `$filter=atScope()+and+assignedTo('{objectId}')` | Lists role assignments for the specified user or service principal and at the specified scope. |
58
+
> | `$filter=principalId+eq+'{objectId}'` | Lists role assignments for a specified user, group, or service principal. |
In the previous example, microsoft.web is a resource provider that refers to an App Service instance. Similarly, you can use any other resource providers and specify the scope. For more information, see [Azure Resource providers and types](../azure-resource-manager/management/resource-providers-and-types.md) and supported [Azure Resource Manager resource provider operations](resource-provider-operations.md).
62
65
63
66
1. Replace *{roleAssignmentName}* with the GUID identifier of the role assignment.
64
67
65
68
1. Within the request body, replace *{scope}* with the scope for the role assignment.
66
69
67
-
| Scope | Type |
68
-
| --- | --- |
69
-
| `providers/Microsoft.Management/managementGroups/{groupId1}` | Management group |
0 commit comments