az blueprint artifact role
Note
This reference is part of the blueprint extension for the Azure CLI (version 2.50.0 or higher). The extension will automatically install the first time you run an az blueprint artifact role command. Learn more about extensions.
This command group is implicitly deprecated because command group 'az blueprint' is deprecated and will be removed in a future release. Blueprints and associated commands will be deprecated as early as July 2026. Customers are encouraged to transition to Template Specs and Deployments Stacks to support their scenarios beyond that date. Migration documentation is available at https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/migrate-blueprint.
Commands to manage blueprint role assignment artifact.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az blueprint artifact role create |
Create blueprint role artifact. |
Extension | GA |
| az blueprint artifact role update |
Update blueprint role artifact. |
Extension | GA |
az blueprint artifact role create
Blueprints and associated commands will be deprecated as early as July 2026. Customers are encouraged to transition to Template Specs and Deployments Stacks to support their scenarios beyond that date. Migration documentation is available at https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/migrate-blueprint. This command is implicitly deprecated because command group 'az blueprint' is deprecated and will be removed in a future release.
Create blueprint role artifact.
az blueprint artifact role create --artifact-name
--blueprint-name
--principal-ids
--role-definition-id
[--depends-on]
[--description]
[--display-name]
[--management-group]
[--resource-group-art]
[--subscription]Examples
Create a role artifact
az blueprint artifact role create \
--blueprint-name MyBlueprint --artifact-name MyRole --role-definition-id \
"/providers/Microsoft.Authorization/roleDefinitions/00000000-0000-0000-0000-000000000000" \
--principal-ids "[parameters('[Usergrouporapplicationname]:MyRoleAssignmentName')]"Required Parameters
Name of the blueprint artifact.
Name of the blueprint definition.
Array of user or group identities in Azure Active Directory or a reference to the corresponding parameter in blueprint definiton. The roleDefinition will apply to each identity.
The full role definition id. Only built-in roles are supported.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Artifacts which need to be deployed before the specified artifact.
Description of the blueprint artifact.
DisplayName of this artifact.
Use management group for the scope of the blueprint.
| Property | Value |
|---|---|
| Parameter group: | Resource_scope Arguments |
Name of the resource group artifact to which the policy will be assigned.
Use subscription for the scope of the blueprint. If --management-group is not specified, --subscription value or the default subscription will be used as the scope.
| Property | Value |
|---|---|
| Parameter group: | Resource_scope Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az blueprint artifact role update
Blueprints and associated commands will be deprecated as early as July 2026. Customers are encouraged to transition to Template Specs and Deployments Stacks to support their scenarios beyond that date. Migration documentation is available at https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/migrate-blueprint. This command is implicitly deprecated because command group 'az blueprint' is deprecated and will be removed in a future release.
Update blueprint role artifact.
az blueprint artifact role update --artifact-name
--blueprint-name
[--depends-on]
[--description]
[--display-name]
[--management-group]
[--resource-group-art]
[--subscription]Examples
Update a role artifact
az blueprint artifact role update \
--blueprint-name MyBlueprint --artifact-name MyRole --display-name "My Big Role"Required Parameters
Name of the blueprint artifact.
Name of the blueprint definition.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Artifacts which need to be deployed before the specified artifact. Use '--depends-on' with no values to remove dependencies.
Description of the blueprint artifact.
DisplayName of this artifact.
Use management group for the scope of the blueprint.
| Property | Value |
|---|---|
| Parameter group: | Resource_scope Arguments |
Name of the resource group artifact to which the policy will be assigned.
Use subscription for the scope of the blueprint. If --management-group is not specified, --subscription value or the default subscription will be used as the scope.
| Property | Value |
|---|---|
| Parameter group: | Resource_scope Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
