Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
az acr scope-map
Manage scope access maps for Azure Container Registries.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az acr scope-map create |
Create a scope map for an Azure Container Registry. |
Core | GA |
| az acr scope-map delete |
Delete a scope map for an Azure Container Registry. |
Core | GA |
| az acr scope-map list |
List all scope maps for an Azure Container Registry. |
Core | GA |
| az acr scope-map show |
Show details and attributes of a scope map for an Azure Container Registry. |
Core | GA |
| az acr scope-map update |
Update a scope map for an Azure Container Registry. |
Core | GA |
az acr scope-map create
Create a scope map for an Azure Container Registry.
az acr scope-map create --name
--registry
[--acquire-policy-token]
[--change-reference]
[--description]
[--gateway]
[--repository]
[--resource-group]Examples
Create a scope map that allows content/write and metadata/read actions for `hello-world` repository, and content/read action for `hello-world-again`.
az acr scope-map create -n MyScopeMap -r myregistry --repository hello-world content/write metadata/read --repository hello-world-again content/read --description "Sample scope map."Create a scope map that allows all repository actions for `test`, and all gateway actions for `connectedRegistry`.
az acr scope-map create -n MyScopeMap -r myregistry --description "Sample scope map."
--repository test content/delete content/read content/write metadata/read metadata/write
--gateway connectedRegistry config/read config/write message/read message/writeRequired Parameters
The name of the scope map.
The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Acquiring an Azure Policy token automatically for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
The related change reference ID for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Description for the scope map. Maximum 256 characters are allowed.
Gateway permissions. Use the format "--gateway GATEWAY [ACTION1 ACTION2 ...]" per flag. Valid actions are ['config/read', 'config/write', 'message/read', 'message/write'].
Repository permissions. Use the format "--repository REPO [ACTION1 ACTION2 ...]" per flag. Valid actions are ['content/delete', 'content/read', 'content/write', 'metadata/read', 'metadata/write'].
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
az acr scope-map delete
Delete a scope map for an Azure Container Registry.
az acr scope-map delete --name
--registry
[--acquire-policy-token]
[--change-reference]
[--resource-group]
[--yes]Examples
Delete the scope map 'MyScopeMap'.
az acr scope-map delete -n MyScopeMap -r myregistryRequired Parameters
The name of the scope map.
The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Acquiring an Azure Policy token automatically for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
The related change reference ID for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Do not prompt for confirmation.
az acr scope-map list
List all scope maps for an Azure Container Registry.
az acr scope-map list --registry
[--resource-group]Examples
List scope maps under the registry 'myregistry'.
az acr scope-map list -r myregistryRequired Parameters
The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
az acr scope-map show
Show details and attributes of a scope map for an Azure Container Registry.
az acr scope-map show --name
--registry
[--resource-group]Examples
Get information for the scope map 'MyScopeMap'.
az acr scope-map show -n MyScopeMap -r myregistryRequired Parameters
The name of the scope map.
The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
az acr scope-map update
Update a scope map for an Azure Container Registry.
az acr scope-map update --name
--registry
[--acquire-policy-token]
[--add-gateway]
[--add-repository]
[--change-reference]
[--description]
[--remove-gateway]
[--remove-repository]
[--resource-group]Examples
Update the scope map 'MyScopeMap' removing metadata/read and content/read actions for `hello-world` repository, and message/write action for `connectedRegistry`.
az acr scope-map update -n MyScopeMap -r myregistry --remove-repo hello-world metadata/read content/read --remove-gateway connectedRegistry message/writeRequired Parameters
The name of the scope map.
The name of the container registry. It should be specified in lower case. You can configure the default registry name using az configure --defaults acr=<registry name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Acquiring an Azure Policy token automatically for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Gateway permissions to be added. Use the format "--add-gateway GATEWAY [ACTION1 ACTION2 ...]" per flag. Valid actions are ['config/read', 'config/write', 'message/read', 'message/write'].
Repository permissions to be added. Use the format "--add-repository REPO [ACTION1 ACTION2 ...]" per flag. Valid actions are ['content/delete', 'content/read', 'content/write', 'metadata/read', 'metadata/write'].
The related change reference ID for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Description for the scope map. Maximum 256 characters are allowed.
Gateway permissions to be removed. Use the format "--remove-gateway GATEWAY [ACTION1 ACTION2 ...]" per flag. Valid actions are ['config/read', 'config/write', 'message/read', 'message/write'].
Repository permissions to be removed. Use the format "--remove-repository REPO [ACTION1 ACTION2 ...]" per flag. Valid actions are ['content/delete', 'content/read', 'content/write', 'metadata/read', 'metadata/write'].
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Feedback
Was this page helpful?