New-AzRoleAssignment
Assigns the specified RBAC role to the specified principal, at the specified scope.
The cmdlet may call below Microsoft Graph API according to input parameters:
GET /users/{id}
GET /servicePrincipals/{id}
GET /groups/{id}
GET /directoryObjects/{id}
Please notice that this cmdlet will mark ObjectType as Unknown in output if the object of role assignment is not found or current account has insufficient privileges to get object type.
Syntax
EmptyParameterSet (Default)
New-AzRoleAssignment
-ObjectId <String>
-RoleDefinitionName <String>
[-Scope <String>]
[-Description <String>]
[-Condition <String>]
[-ConditionVersion <String>]
[-ObjectType <String>]
[-AllowDelegation]
[-SkipClientSideScopeValidation]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ResourceGroupWithObjectIdParameterSet
New-AzRoleAssignment
-ObjectId <String>
-ResourceGroupName <String>
-RoleDefinitionName <String>
[-Description <String>]
[-Condition <String>]
[-ConditionVersion <String>]
[-ObjectType <String>]
[-AllowDelegation]
[-SkipClientSideScopeValidation]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ResourceWithObjectIdParameterSet
New-AzRoleAssignment
-ObjectId <String>
-ResourceGroupName <String>
-ResourceName <String>
-ResourceType <String>
-RoleDefinitionName <String>
[-ParentResource <String>]
[-Description <String>]
[-Condition <String>]
[-ConditionVersion <String>]
[-ObjectType <String>]
[-AllowDelegation]
[-SkipClientSideScopeValidation]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
RoleIdWithScopeAndObjectIdParameterSet
New-AzRoleAssignment
-ObjectId <String>
-Scope <String>
-RoleDefinitionId <Guid>
[-Description <String>]
[-Condition <String>]
[-ConditionVersion <String>]
[-ObjectType <String>]
[-AllowDelegation]
[-SkipClientSideScopeValidation]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ResourceGroupWithSignInNameParameterSet
New-AzRoleAssignment
-SignInName <String>
-ResourceGroupName <String>
-RoleDefinitionName <String>
[-Description <String>]
[-Condition <String>]
[-ConditionVersion <String>]
[-ObjectType <String>]
[-AllowDelegation]
[-SkipClientSideScopeValidation]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ResourceWithSignInNameParameterSet
New-AzRoleAssignment
-SignInName <String>
-ResourceGroupName <String>
-ResourceName <String>
-ResourceType <String>
-RoleDefinitionName <String>
[-ParentResource <String>]
[-Description <String>]
[-Condition <String>]
[-ConditionVersion <String>]
[-ObjectType <String>]
[-AllowDelegation]
[-SkipClientSideScopeValidation]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ScopeWithSignInNameParameterSet
New-AzRoleAssignment
-SignInName <String>
-RoleDefinitionName <String>
[-Scope <String>]
[-Description <String>]
[-Condition <String>]
[-ConditionVersion <String>]
[-ObjectType <String>]
[-AllowDelegation]
[-SkipClientSideScopeValidation]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ResourceGroupWithSPNParameterSet
New-AzRoleAssignment
-ApplicationId <String>
-ResourceGroupName <String>
-RoleDefinitionName <String>
[-Description <String>]
[-Condition <String>]
[-ConditionVersion <String>]
[-ObjectType <String>]
[-AllowDelegation]
[-SkipClientSideScopeValidation]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ResourceWithSPNParameterSet
New-AzRoleAssignment
-ApplicationId <String>
-ResourceGroupName <String>
-ResourceName <String>
-ResourceType <String>
-RoleDefinitionName <String>
[-ParentResource <String>]
[-Description <String>]
[-Condition <String>]
[-ConditionVersion <String>]
[-ObjectType <String>]
[-AllowDelegation]
[-SkipClientSideScopeValidation]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ScopeWithSPNParameterSet
New-AzRoleAssignment
-ApplicationId <String>
-RoleDefinitionName <String>
[-Scope <String>]
[-Description <String>]
[-Condition <String>]
[-ConditionVersion <String>]
[-ObjectType <String>]
[-AllowDelegation]
[-SkipClientSideScopeValidation]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
New-AzRoleAssignment
-InputFile <String>
[-AllowDelegation]
[-SkipClientSideScopeValidation]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Description
Use the New-AzRoleAssignment command to grant access.
Access is granted by assigning the appropriate RBAC role to them at the right scope.
To grant access to the entire subscription, assign a role at the subscription scope.
To grant access to a specific resource group within a subscription, assign a role at the resource group scope.
The subject of the assignment must be specified.
To specify a user, use SignInName or Microsoft Entra ObjectId parameters.
To specify a security group, use Microsoft Entra ObjectId parameter.
And to specify a Microsoft Entra application, use ApplicationId or ObjectId parameters.
The role that is being assigned must be specified using the RoleDefinitionName parameter.
The scope at which access is being granted may be specified.
It defaults to the selected subscription.
The scope of the assignment can be specified using one of the following parameter combinations
a.
Scope - This is the fully qualified scope starting with /subscriptions/<subscriptionId>
b.
ResourceGroupName - to grant access to the specified resource group.
c.
ResourceName, ResourceType, ResourceGroupName and (optionally) ParentResource - to specify a particular resource within a resource group to grant access to.
Examples
Example 1
New-AzRoleAssignment -ResourceGroupName rg1 -SignInName allen.young@live.com -RoleDefinitionName Reader -AllowDelegation
Grant Reader role access to a user at a resource group scope with the Role Assignment being available for delegation
Example 2
Get-AzADGroup -SearchString "Christine Koch Team"
DisplayName Type Id
----------- ---- --------
Christine Koch Team 2f9d4375-cbf1-48e8-83c9-2a0be4cb33fb
New-AzRoleAssignment -ObjectId 2f9d4375-cbf1-48e8-83c9-2a0be4cb33fb -RoleDefinitionName Contributor -ResourceGroupName rg1
Grant access to a security group
Example 3
New-AzRoleAssignment -SignInName john.doe@contoso.com -RoleDefinitionName Owner -Scope "/subscriptions/00001111-aaaa-2222-bbbb-3333cccc4444/resourcegroups/rg1/providers/Microsoft.Web/sites/site1"
Grant access to a user at a resource (website)
Example 4
New-AzRoleAssignment -ObjectId 00001111-aaaa-2222-bbbb-3333cccc4444 -RoleDefinitionName "Virtual Machine Contributor" -ResourceName Devices-Engineering-ProjectRND -ResourceType Microsoft.Network/virtualNetworks/subnets -ParentResource virtualNetworks/VNET-EASTUS-01 -ResourceGroupName Network
Grant access to a group at a nested resource (subnet)
Example 5
$servicePrincipal = New-AzADServicePrincipal -DisplayName "testServiceprincipal"
New-AzRoleAssignment -RoleDefinitionName "Reader" -ApplicationId $servicePrincipal.ApplicationId
Grant reader access to a service principal
Example 6
$Condition = '(
(
!(ActionMatches{''Microsoft.Authorization/roleAssignments/write''})
)
OR
(
@Request[Microsoft.Authorization/roleAssignments:PrincipalType] StringEqualsIgnoreCase ''ServicePrincipal''
)
)
AND
(
(
!(ActionMatches{''Microsoft.Authorization/roleAssignments/delete''})
)
OR
(
@Resource[Microsoft.Authorization/roleAssignments:PrincipalType] StringEqualsIgnoreCase ''ServicePrincipal''
)
)'
$DelegationParams = @{
AllowDelegation = $true
Condition = $Condition
Scope = "/subscriptions/11112222-bbbb-3333-cccc-4444dddd5555"
RoleDefinitionName = 'User Access Administrator'
ObjectId = "00001111-aaaa-2222-bbbb-3333cccc4444"
}
New-AzRoleAssignment @DelegationParams
Grant User Access Administrator over an azure subscription with constrained delegation.
Example 7
$Condition = '(
(
!(ActionMatches{''Microsoft.Authorization/roleAssignments/write''})
)
OR
(
@Request[Microsoft.Authorization/roleAssignments:PrincipalType] StringEqualsIgnoreCase ''ServicePrincipal''
AND
NOT @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {8e3af657-a8ff-443c-a75c-2fe8c4bcb635,18d7d88d-d35e-4fb5-a5c3-7773c20a72d9}
)
)
AND
(
(
!(ActionMatches{''Microsoft.Authorization/roleAssignments/delete''})
)
OR
(
@Resource[Microsoft.Authorization/roleAssignments:PrincipalType] StringEqualsIgnoreCase ''ServicePrincipal''
AND
NOT @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {8e3af657-a8ff-443c-a75c-2fe8c4bcb635,18d7d88d-d35e-4fb5-a5c3-7773c20a72d9}
)
)'
$DelegationParams = @{
AllowDelegation = $true
Condition = $Condition
Scope = "/subscriptions/11112222-bbbb-3333-cccc-4444dddd5555"
RoleDefinitionName = 'User Access Administrator'
ObjectId = "00001111-aaaa-2222-bbbb-3333cccc4444"
}
New-AzRoleAssignment @DelegationParams
Grant User Access Administrator over an azure subscription with constrained delegation.Owner and User Access Administrator role.
Parameters
-AllowDelegation
The delegation flag while creating a Role assignment.
Parameter properties
Type: SwitchParameter
Default value: False Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ApplicationId
The Application ID of the ServicePrincipal
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: SPN, ServicePrincipalName
Parameter sets
ResourceGroupWithSPNParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithSPNParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ScopeWithSPNParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-Condition
Condition to be applied to the RoleAssignment.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
EmptyParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceGroupWithObjectIdParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithObjectIdParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
RoleIdWithScopeAndObjectIdParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceGroupWithSignInNameParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithSignInNameParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ScopeWithSignInNameParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceGroupWithSPNParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithSPNParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ScopeWithSPNParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-ConditionVersion
Version of the condition.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
EmptyParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceGroupWithObjectIdParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithObjectIdParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
RoleIdWithScopeAndObjectIdParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceGroupWithSignInNameParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithSignInNameParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ScopeWithSignInNameParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceGroupWithSPNParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithSPNParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ScopeWithSPNParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure
Parameter properties
Type: IAzureContextContainer
Default value: None Supports wildcards: False DontShow: False Aliases: AzContext, AzureRmContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Description
Brief description of the role assignment.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
EmptyParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceGroupWithObjectIdParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithObjectIdParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
RoleIdWithScopeAndObjectIdParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceGroupWithSignInNameParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithSignInNameParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ScopeWithSignInNameParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceGroupWithSPNParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithSPNParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ScopeWithSPNParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
Path to role assignment json
Type: String
Default value: None Supports wildcards: False DontShow: False
InputFileParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-ObjectId
Microsoft Entra Objectid of the user, group or service principal.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: Id, PrincipalId
Parameter sets
EmptyParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceGroupWithObjectIdParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithObjectIdParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
RoleIdWithScopeAndObjectIdParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-ObjectType
To be used with ObjectId. Specifies the type of the assignee object
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: PrincipalType
Parameter sets
EmptyParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceGroupWithObjectIdParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithObjectIdParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
RoleIdWithScopeAndObjectIdParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceGroupWithSignInNameParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithSignInNameParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ScopeWithSignInNameParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceGroupWithSPNParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithSPNParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ScopeWithSPNParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-ParentResource
The parent resource in the hierarchy(of the resource specified using ResourceName parameter).
Should only be used in conjunction with ResourceGroupName, ResourceType and ResourceName parameters to construct a hierarchical scope in the form of a relative URI that identifies a resource.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ResourceWithObjectIdParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithSignInNameParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithSPNParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-ResourceGroupName
The resource group name.
Creates an assignment that is effective at the specified resource group.
When used in conjunction with ResourceName, ResourceType and (optionally)ParentResource parameters, the command constructs a hierarchical scope in the form of a relative URI that identifies a resource.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ResourceGroupWithObjectIdParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithObjectIdParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceGroupWithSignInNameParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithSignInNameParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceGroupWithSPNParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithSPNParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-ResourceName
The resource name.
For e.g.
storageaccountprod.
Should only be used in conjunction with ResourceGroupName, ResourceType and (optionally)ParentResource parameters to construct a hierarchical scope in the form of a relative URI that identifies a resource.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ResourceWithObjectIdParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithSignInNameParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithSPNParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-ResourceType
The resource type.
For e.g.
Microsoft.Network/virtualNetworks.
Should only be used in conjunction with ResourceGroupName, ResourceName and (optionally)ParentResource parameters to construct a hierarchical scope in the form of a relative URI that identifies a resource.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ResourceWithObjectIdParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithSignInNameParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithSPNParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-RoleDefinitionId
Id of the RBAC role that needs to be assigned to the principal.
Parameter properties
Type: Guid
Default value: None Supports wildcards: False DontShow: False
Parameter sets
RoleIdWithScopeAndObjectIdParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-RoleDefinitionName
Name of the RBAC role that needs to be assigned to the principal i.e.
Reader, Contributor, Virtual Network Administrator, etc.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
EmptyParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceGroupWithObjectIdParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithObjectIdParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceGroupWithSignInNameParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithSignInNameParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ScopeWithSignInNameParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceGroupWithSPNParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithSPNParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ScopeWithSPNParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-Scope
The Scope of the role assignment.
In the format of relative URI.
For e.g.
"/subscriptions/9004a9fd-d58e-48dc-aeb2-4a4aec58606f/resourceGroups/TestRG".
If not specified, will create the role assignment at subscription level.
If specified, it should start with "/subscriptions/{id}".
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
EmptyParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ScopeWithSignInNameParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ScopeWithSPNParameterSet
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-SignInName
The email address or the user principal name of the user.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: Email, UserPrincipalName
Parameter sets
ResourceGroupWithSignInNameParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ResourceWithSignInNameParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ScopeWithSignInNameParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-SkipClientSideScopeValidation
If specified, skip client side scope validation.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs
Notes
