Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
az keyvault role definition
Manage role definitions.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az keyvault role definition create |
Create a custom role definition. |
Core | GA |
| az keyvault role definition delete |
Delete a role definition. |
Core | GA |
| az keyvault role definition list |
List role definitions. |
Core | GA |
| az keyvault role definition show |
Show the details of a role definition. |
Core | GA |
| az keyvault role definition update |
Update a role definition. |
Core | GA |
az keyvault role definition create
Create a custom role definition.
az keyvault role definition create --hsm-name
--role-definition
[--acquire-policy-token]
[--change-reference]Examples
Create a role by a JSON string.
az keyvault role definition create --hsm-name MyHSM --role-definition '{
"roleName": "My Custom Role",
"description": "The description of the custom rule.",
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.KeyVault/managedHsm/keys/read/action"
],
"notDataActions": []
}'Create a role from a file containing a JSON description.
az keyvault role definition create --hsm-name MyHSM --role-definition @keyvault-role.jsonRequired Parameters
Name of the HSM.
| Property | Value |
|---|---|
| Parameter group: | Id Arguments |
Description of a role as JSON, or a path to a file containing a JSON description.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Acquiring an Azure Policy token automatically for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
The related change reference ID for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
az keyvault role definition delete
Delete a role definition.
az keyvault role definition delete --hsm-name
[--acquire-policy-token]
[--change-reference]
[--name]
[--role-id]Required Parameters
Name of the HSM.
| Property | Value |
|---|---|
| Parameter group: | Id Arguments |
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Acquiring an Azure Policy token automatically for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
The related change reference ID for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
The role definition name. This is a GUID in the "name" property of a role definition.
The role definition ID.
az keyvault role definition list
List role definitions.
az keyvault role definition list [--custom-role-only {false, true}]
[--hsm-name]
[--scope]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Only show custom role definitions.
| Property | Value |
|---|---|
| Default value: | False |
| Accepted values: | false, true |
Name of the HSM.
| Property | Value |
|---|---|
| Parameter group: | Id Arguments |
Scope at which the role assignment or definition applies to, e.g., "/" or "/keys" or "/keys/{keyname}".
az keyvault role definition show
Show the details of a role definition.
az keyvault role definition show --hsm-name
[--name]
[--role-id]Required Parameters
Name of the HSM.
| Property | Value |
|---|---|
| Parameter group: | Id Arguments |
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The role definition name. This is a GUID in the "name" property of a role definition.
The role definition ID.
az keyvault role definition update
Update a role definition.
az keyvault role definition update --hsm-name
--role-definition
[--acquire-policy-token]
[--change-reference]Examples
Update a role by a JSON string.
az keyvault role definition update --hsm-name MyHSM --role-definition '{
"roleName": "My Custom Role",
"name": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"id": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"description": "The description of the custom rule.",
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.KeyVault/managedHsm/keys/read/action",
"Microsoft.KeyVault/managedHsm/keys/write/action",
"Microsoft.KeyVault/managedHsm/keys/backup/action",
"Microsoft.KeyVault/managedHsm/keys/create"
],
"notDataActions": []
}'Update a role from a file containing a JSON description.
az keyvault role definition update --hsm-name MyHSM --role-definition @keyvault-role.jsonRequired Parameters
Name of the HSM.
| Property | Value |
|---|---|
| Parameter group: | Id Arguments |
Description of a role as JSON, or a path to a file containing a JSON description.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Acquiring an Azure Policy token automatically for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
The related change reference ID for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Feedback
Was this page helpful?