az policy assignment identity
Manage a policy assignment's managed identity.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az policy assignment identity assign |
Add a system assigned identity or a user assigned identity to a policy assignment. |
Core | GA |
| az policy assignment identity remove |
Remove a managed identity from a policy assignment. |
Core | GA |
| az policy assignment identity show |
Show a policy assignment's managed identity. |
Core | GA |
az policy assignment identity assign
Replacing an existing identity will change in a future release of the resource commands. It will require first removing the existing identity.
Add a system assigned identity or a user assigned identity to a policy assignment.
az policy assignment identity assign --name
[--identity-scope]
[--resource-group]
[--role]
[--scope]
[--system-assigned]
[--user-assigned]Examples
Add a system assigned managed identity to a policy assignment.
az policy assignment identity assign --system-assigned -g MyResourceGroup -n MyPolicyAssignmentAdd a system assigned managed identity to a policy assignment and grant it the 'Contributor' role for the current resource group.
az policy assignment identity assign --system-assigned -g MyResourceGroup -n MyPolicyAssignment --role Contributor --identity-scope /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroupAdd a user assigned managed identity to a policy assignment.
az policy assignment identity assign --user-assigned MyAssignedId -g MyResourceGroup -n MyPolicyAssignmentRequired Parameters
Name of the policy assignment.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Scope that the system assigned identity can access.
| Property | Value |
|---|---|
| Parameter group: | Managed Identity Arguments |
The resource group where the policy will be applied.
Role name or id that will be assigned to the managed identity.
| Property | Value |
|---|---|
| Parameter group: | Managed Identity Arguments |
| Default value: | Contributor |
Scope at which this policy assignment subcommand applies. Defaults to current context subscription.
Provide this flag to use system assigned identity for policy assignment. Check out help for more examples.
| Property | Value |
|---|---|
| Parameter group: | Managed Identity Arguments |
UserAssigned Identity Id to be used for policy assignment. Check out help for more examples.
| Property | Value |
|---|---|
| Parameter group: | Managed Identity Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az policy assignment identity remove
Removing a user assigned identity will change in a future release of the resource commands. It will require providing the --mi-user-assigned switch.
Remove a managed identity from a policy assignment.
az policy assignment identity remove --name
[--resource-group]
[--scope]Required Parameters
Name of the policy assignment.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The resource group where the policy will be applied.
Scope at which this policy assignment subcommand applies. Defaults to current context subscription.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az policy assignment identity show
Show a policy assignment's managed identity.
az policy assignment identity show --name
[--resource-group]
[--scope]Examples
Show a policy assignment's managed identity. (autogenerated)
az policy assignment identity show --name MyPolicyAssignment --scope '/providers/Microsoft.Management/managementGroups/MyManagementGroup'Required Parameters
Name of the policy assignment.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The resource group where the policy will be applied.
Scope at which this policy assignment subcommand applies. Defaults to current context subscription.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
