How to assign management plan role/ control plan role using arm template
How to assign management plan role/ control plan role using arm template:
Description:
In this below example, I am trying assign the "Cosmos DB Account Reader Role (Built-in role) " to
azure ad group.
Parameters:
principalId: your azure ad group/user/application id
CosmosDbAccountName: your comsos account name
ARM Template Script:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"principalId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": ""
}
},
"CosmosDbAccountName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Cosmos Db Account name"
}
},
"RoleType": {
"defaultValue" : "Cosmos DB Account Reader Role",
"type": "string",
"metadata": {
"description": "Built-in role to assign"
},
"allowedValues" : [
"Cosmos DB Account Reader Role"
]
},
"guid": {
"defaultValue": "[newGuid()]",
"type": "String"
}
},
"variables": {
"Scope": "[concat(parameters('CosmosDbAccountName'),'/Microsoft.Authorization/', parameters('guid'))]"
},
"resources": [
{
"type": "Microsoft.DocumentDB/databaseAccounts/providers/roleAssignments",
"name": "[variables('Scope')]",
"apiVersion":"2020-04-01-preview",
"properties": {
"RoleDefinitionId":"/subscriptions/[subscription().subscriptionId]/providers/Microsoft.Authorization/roleDefinitions/fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
"principalId": "[parameters('principalId')]"
}
}
]
}
How to deploy through azure portal:
1. Login into azure portal and search "deploy a custom template" and select it
2. Select "Build your own template in the editor" option
Comments
Post a Comment