az keyvault role definition
Manage role definitions.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az keyvault role definition create |
Create a custom role definition. |
Core | GA |
| az keyvault role definition delete |
Delete a role definition. |
Core | GA |
| az keyvault role definition list |
List role definitions. |
Core | GA |
| az keyvault role definition show |
Show the details of a role definition. |
Core | GA |
| az keyvault role definition update |
Update a role definition. |
Core | GA |
az keyvault role definition create
Create a custom role definition.
az keyvault role definition create --hsm-name
--role-definitionExamples
Create a role by a JSON string.
az keyvault role definition create --hsm-name MyHSM --role-definition '{
"roleName": "My Custom Role",
"description": "The description of the custom rule.",
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.KeyVault/managedHsm/keys/read/action"
],
"notDataActions": []
}'Create a role from a file containing a JSON description.
az keyvault role definition create --hsm-name MyHSM --role-definition @keyvault-role.jsonRequired Parameters
Name of the HSM.
| Property | Value |
|---|---|
| Parameter group: | Id Arguments |
Description of a role as JSON, or a path to a file containing a JSON description.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az keyvault role definition delete
Delete a role definition.
az keyvault role definition delete --hsm-name
[--name]
[--role-id]Required Parameters
Name of the HSM.
| Property | Value |
|---|---|
| Parameter group: | Id Arguments |
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The role definition name. This is a GUID in the "name" property of a role definition.
The role definition ID.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az keyvault role definition list
List role definitions.
az keyvault role definition list [--custom-role-only {false, true}]
[--hsm-name]
[--scope]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Only show custom role definitions.
| Property | Value |
|---|---|
| Default value: | False |
| Accepted values: | false, true |
Name of the HSM.
| Property | Value |
|---|---|
| Parameter group: | Id Arguments |
Scope at which the role assignment or definition applies to, e.g., "/" or "/keys" or "/keys/{keyname}".
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az keyvault role definition show
Show the details of a role definition.
az keyvault role definition show --hsm-name
[--name]
[--role-id]Required Parameters
Name of the HSM.
| Property | Value |
|---|---|
| Parameter group: | Id Arguments |
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The role definition name. This is a GUID in the "name" property of a role definition.
The role definition ID.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az keyvault role definition update
Update a role definition.
az keyvault role definition update --hsm-name
--role-definitionExamples
Update a role by a JSON string.
az keyvault role definition update --hsm-name MyHSM --role-definition '{
"roleName": "My Custom Role",
"name": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"id": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"description": "The description of the custom rule.",
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.KeyVault/managedHsm/keys/read/action",
"Microsoft.KeyVault/managedHsm/keys/write/action",
"Microsoft.KeyVault/managedHsm/keys/backup/action",
"Microsoft.KeyVault/managedHsm/keys/create"
],
"notDataActions": []
}'Update a role from a file containing a JSON description.
az keyvault role definition update --hsm-name MyHSM --role-definition @keyvault-role.jsonRequired Parameters
Name of the HSM.
| Property | Value |
|---|---|
| Parameter group: | Id Arguments |
Description of a role as JSON, or a path to a file containing a JSON description.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
