Role Assignments - List For Scope
List all role assignments that apply to a scope.
GET https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleAssignments?api-version=2022-04-01GET https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleAssignments?api-version=2022-04-01&$filter={$filter}&tenantId={tenantId}&$skipToken={$skipToken}URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
scope
|
path | True |
string |
The fully qualified Azure Resource manager identifier of the resource. |
|
api-version
|
query | True |
string minLength: 1 |
The API version to use for this operation. |
|
$filter
|
query |
string |
The filter to apply on the operation. Use $filter=atScope() to return all role assignments at or above the scope. Use $filter=principalId eq {id} to return all role assignments at, above or below the scope for the specified principal. |
|
|
$skip
|
query |
string |
The skipToken to apply on the operation. Use $skipToken={skiptoken} to return paged role assignments following the skipToken passed. Only supported on provider level calls. |
|
|
tenant
|
query |
string |
Tenant ID for cross-tenant request |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
The request has succeeded. |
|
| Other Status Codes |
An unexpected error response. |
Permissions
To call this API, you must be assigned a role that has the following permissions. For more information, see Azure built-in roles.
Microsoft.Authorization/roleAssignments/read
Security
azure_auth
Azure Active Directory OAuth2 Flow.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name | Description |
|---|---|
| user_impersonation | impersonate your user account |
Examples
List role assignments for scope
Sample request
GET https://management.azure.com/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments?api-version=2022-04-01
Sample response
{
"value": [
{
"name": "b0f43c54-e787-4862-89b1-a653fa9cf747",
"type": "Microsoft.Authorization/roleAssignments",
"id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/b0f43c54-e787-4862-89b1-a653fa9cf747",
"properties": {
"roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
"principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987",
"principalType": "User",
"scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2"
}
}
]
}Definitions
| Name | Description |
|---|---|
|
created |
The type of identity that created the resource. |
|
Error |
The resource management error additional info. |
|
Error |
The error detail. |
|
Error |
Error response |
|
Principal |
The principal type of the assigned principal ID. |
|
Role |
Role Assignments |
|
Role |
Role assignment list operation result. |
|
system |
Metadata pertaining to creation and last modification of the resource. |
createdByType
The type of identity that created the resource.
| Value | Description |
|---|---|
| User | |
| Application | |
| ManagedIdentity | |
| Key |
ErrorAdditionalInfo
The resource management error additional info.
| Name | Type | Description |
|---|---|---|
| info |
object |
The additional info. |
| type |
string |
The additional info type. |
ErrorDetail
The error detail.
| Name | Type | Description |
|---|---|---|
| additionalInfo |
The error additional info. |
|
| code |
string |
The error code. |
| details |
The error details. |
|
| message |
string |
The error message. |
| target |
string |
The error target. |
ErrorResponse
Error response
| Name | Type | Description |
|---|---|---|
| error |
The error object. |
PrincipalType
The principal type of the assigned principal ID.
| Value | Description |
|---|---|
| User |
User |
| Group |
Group |
| ServicePrincipal |
ServicePrincipal |
| ForeignGroup |
ForeignGroup |
| Device |
Device |
RoleAssignment
Role Assignments
| Name | Type | Default value | Description |
|---|---|---|---|
| id |
string |
Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} |
|
| name |
string |
The name of the resource |
|
| properties.condition |
string |
The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container' |
|
| properties.conditionVersion |
string |
Version of the condition. Currently the only accepted value is '2.0' |
|
| properties.createdBy |
string |
Id of the user who created the assignment |
|
| properties.createdOn |
string (date-time) |
Time it was created |
|
| properties.delegatedManagedIdentityResourceId |
string |
Id of the delegated managed identity resource |
|
| properties.description |
string |
Description of role assignment |
|
| properties.principalId |
string |
The principal ID. |
|
| properties.principalType | User |
The principal type of the assigned principal ID. |
|
| properties.roleDefinitionId |
string |
The role definition ID. |
|
| properties.scope |
string |
The role assignment scope. |
|
| properties.updatedBy |
string |
Id of the user who updated the assignment |
|
| properties.updatedOn |
string (date-time) |
Time it was updated |
|
| systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
||
| type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
RoleAssignmentListResult
Role assignment list operation result.
| Name | Type | Description |
|---|---|---|
| nextLink |
string (uri) |
The link to the next page of items |
| value |
The RoleAssignment items on this page |
systemData
Metadata pertaining to creation and last modification of the resource.
| Name | Type | Description |
|---|---|---|
| createdAt |
string (date-time) |
The timestamp of resource creation (UTC). |
| createdBy |
string |
The identity that created the resource. |
| createdByType |
The type of identity that created the resource. |
|
| lastModifiedAt |
string (date-time) |
The timestamp of resource last modification (UTC) |
| lastModifiedBy |
string |
The identity that last modified the resource. |
| lastModifiedByType |
The type of identity that last modified the resource. |