az policy assignment identity
Managed identity of the policy assignment.
The system or user assigned managed identity used by the enclosing policy assignment for remediation tasks.
Commands
Name | Description | Type | Status |
---|---|---|---|
az policy assignment identity assign |
Assign a managed identity. |
Core | GA |
az policy assignment identity remove |
Remove the managed identity. |
Core | GA |
az policy assignment identity show |
Retrieve the managed identity. |
Core | GA |
az policy assignment identity assign
Replacing an existing identity will change in a future release of the resource commands. It will require first removing the existing identity.
Assign a managed identity.
Assign the system or user assigned managed identity to the policy assignment matching the given name and scope.
az policy assignment identity assign --name
[--identity-scope]
[--mi-system-assigned --system-assigned]
[--mi-user-assigned --user-assigned]
[--resource-group]
[--role]
[--scope]
Examples
Add a system assigned managed identity to a policy assignment
az policy assignment identity assign --system-assigned -g MyResourceGroup -n MyPolicyAssignment
Add a system assigned managed identity to a policy assignment and grant it the Contributor role for a resource group
az policy assignment identity assign --system-assigned -g MyResourceGroup -n MyPolicyAssignment --role Contributor --identity-scope /subscriptions/{subscriptionId}/resourceGroups/MyResourceGroup
Add a user assigned managed identity to a policy assignment
az policy assignment identity assign --user-assigned MyAssignedId -g MyResourceGroup -n MyPolicyAssignment
Required Parameters
The name of the policy assignment.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Scope that the system assigned identity can access.
Set the system managed identity.
Property | Value |
---|---|
Parameter group: | Parameters.identity Arguments |
Set the user managed identity. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Property | Value |
---|---|
Parameter group: | Parameters.identity Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Role name or id that will be assigned to the managed identity.
The scope of the policy assignment.
Global Parameters
Increase logging verbosity to show all debug logs.
Property | Value |
---|---|
Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
Property | Value |
---|---|
Default value: | False |
Output format.
Property | Value |
---|---|
Default value: | json |
Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
Property | Value |
---|---|
Default value: | False |
az policy assignment identity remove
Removing a user assigned identity will change in a future release of the resource commands. It will require providing the --mi-user-assigned switch.
Remove the managed identity.
Remove the system or user assigned managed identity from the policy assignment matching the given name and scope.
az policy assignment identity remove --name
[--mi-system-assigned --system-assigned]
[--mi-user-assigned --user-assigned]
[--resource-group]
[--scope]
Examples
Remove user assigned managed identity from a policy assignment
az policy assignment identity remove --name MyPolicyAssignment --user-assigned
Required Parameters
The name of the policy assignment.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Remove the system managed identity.
Property | Value |
---|---|
Parameter group: | Parameters.identity Arguments |
Remove the user managed identity. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Property | Value |
---|---|
Parameter group: | Parameters.identity Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
The scope of the policy assignment.
Global Parameters
Increase logging verbosity to show all debug logs.
Property | Value |
---|---|
Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
Property | Value |
---|---|
Default value: | False |
Output format.
Property | Value |
---|---|
Default value: | json |
Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
Property | Value |
---|---|
Default value: | False |
az policy assignment identity show
Retrieve the managed identity.
Retrieve and show the details of the system or user assigned managed identity of the policy assignment matching the given name and scope.
az policy assignment identity show --name
[--resource-group]
[--scope]
Examples
Show a policy assignment's managed identity
az policy assignment identity show --name MyPolicyAssignment --scope '/providers/Microsoft.Management/managementGroups/{managementGroupName}'
Required Parameters
The name of the policy assignment.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
The scope of the policy assignment.
Global Parameters
Increase logging verbosity to show all debug logs.
Property | Value |
---|---|
Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
Property | Value |
---|---|
Default value: | False |
Output format.
Property | Value |
---|---|
Default value: | json |
Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
Property | Value |
---|---|
Default value: | False |