rbac: Role-based access control (RBAC)
In AzureRMR: Interface to 'Azure Resource Manager'
rbac R Documentation
Role-based access control (RBAC)
Description
Basic methods for RBAC: manage role assignments and retrieve role definitions. These are methods for the az_subscription, az_resource_group and az_resource classes.
Usage
add_role_assignment(principal, role, scope = NULL)
get_role_assignment(id)
remove_role_assignment(id, confirm = TRUE)
list_role_assignments(filter = "atScope()", as_data_frame = TRUE)
get_role_definition(id)
list_role_definitions(filter=NULL, as_data_frame = TRUE)
Arguments
-
principal: For add_role_assignment, the principal for which to assign a role. This can be a GUID, or an object of class az_user, az_app or az_storage_principal (from the AzureGraph package).
-
role: For add_role_assignment, the role to assign the principal. This can be a GUID, a string giving the role name (eg "Contributor"), or an object of class [az_role_definition].
-
scope: For add_role_assignment, an optional scope for the assignment.
-
id: A role ID. For get_role_assignment and remove_role_assignment, this is a role assignment GUID. For get_role_definition, this can be a role definition GUID or a role name.
-
confirm: For remove_role_assignment, whether to ask for confirmation before removing the role assignment.
-
filter: For list_role_assignments and list_role_definitions, an optional filter condition to limit the returned roles.
-
as_data_frame: For list_role_assignments and list_role_definitions, whether to return a data frame or a list of objects. See 'Value' below.
Details
AzureRMR implements a subset of the full RBAC functionality within Azure Active Directory. You can retrieve role definitions and add and remove role assignments, at the subscription, resource group and resource levels.
Value
The add_role_assignment and get_role_assignment methods return an object of class az_role_assignment. This is a simple R6 class, with one method: remove to remove the assignment.
The list_role_assignments method returns a list of az_role_assignment objects if the as_data_frame argument is FALSE. If this is TRUE, it instead returns a data frame containing the most broadly useful fields for each assigned role: the role assignment ID, the principal, and the role name.
The get_role_definition method returns an object of class az_role_definition. This is a plain-old-data R6 class (no methods), which can be used as input for creating role assignments (see the examples below).
The list_role_definitions method returns a list of az_role_definition if the as_data_frame argument is FALSE. If this is TRUE, it instead returns a data frame containing the most broadly useful fields for each role definition: the definition ID and role name.
See Also
az_rm, az_role_definition, az_role_assignment
Overview of role-based access control
Examples
## Not run:
az <- get_azure_login("myaadtenant")
sub <- az$get_subscription("subscription_id")
rg <- sub$get_resource_group("rgname")
res <- rg$get_resource(type="provider_type", name="resname")
sub$list_role_definitions()
sub$list_role_assignments()
sub$get_role_definition("Contributor")
# get an app using the AzureGraph package
app <- get_graph_login("myaadtenant")$get_app("app_id")
# subscription level
asn1 <- sub$add_role_assignment(app, "Reader")
# resource group level
asn2 <- rg$add_role_assignment(app, "Contributor")
# resource level
asn3 <- res$add_role_assignment(app, "Owner")
res$remove_role_assignment(asn3$id)
rg$remove_role_assignment(asn2$id)
sub$remove_role_assignment(asn1$id)
## End(Not run)
AzureRMR documentation built on Sept. 21, 2023, 9:07 a.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
| rbac | R Documentation |
Role-based access control (RBAC)
Description
Basic methods for RBAC: manage role assignments and retrieve role definitions. These are methods for the az_subscription, az_resource_group and az_resource classes.
Usage
add_role_assignment(principal, role, scope = NULL) get_role_assignment(id) remove_role_assignment(id, confirm = TRUE) list_role_assignments(filter = "atScope()", as_data_frame = TRUE) get_role_definition(id) list_role_definitions(filter=NULL, as_data_frame = TRUE)
Arguments
-
principal: Foradd_role_assignment, the principal for which to assign a role. This can be a GUID, or an object of classaz_user,az_apporaz_storage_principal(from the AzureGraph package). -
role: Foradd_role_assignment, the role to assign the principal. This can be a GUID, a string giving the role name (eg "Contributor"), or an object of class[az_role_definition]. -
scope: Foradd_role_assignment, an optional scope for the assignment. -
id: A role ID. Forget_role_assignmentandremove_role_assignment, this is a role assignment GUID. Forget_role_definition, this can be a role definition GUID or a role name. -
confirm: Forremove_role_assignment, whether to ask for confirmation before removing the role assignment. -
filter: Forlist_role_assignmentsandlist_role_definitions, an optional filter condition to limit the returned roles. -
as_data_frame: Forlist_role_assignmentsandlist_role_definitions, whether to return a data frame or a list of objects. See 'Value' below.
Details
AzureRMR implements a subset of the full RBAC functionality within Azure Active Directory. You can retrieve role definitions and add and remove role assignments, at the subscription, resource group and resource levels.
Value
The add_role_assignment and get_role_assignment methods return an object of class az_role_assignment. This is a simple R6 class, with one method: remove to remove the assignment.
The list_role_assignments method returns a list of az_role_assignment objects if the as_data_frame argument is FALSE. If this is TRUE, it instead returns a data frame containing the most broadly useful fields for each assigned role: the role assignment ID, the principal, and the role name.
The get_role_definition method returns an object of class az_role_definition. This is a plain-old-data R6 class (no methods), which can be used as input for creating role assignments (see the examples below).
The list_role_definitions method returns a list of az_role_definition if the as_data_frame argument is FALSE. If this is TRUE, it instead returns a data frame containing the most broadly useful fields for each role definition: the definition ID and role name.
See Also
az_rm, az_role_definition, az_role_assignment
Overview of role-based access control
Examples
## Not run:
az <- get_azure_login("myaadtenant")
sub <- az$get_subscription("subscription_id")
rg <- sub$get_resource_group("rgname")
res <- rg$get_resource(type="provider_type", name="resname")
sub$list_role_definitions()
sub$list_role_assignments()
sub$get_role_definition("Contributor")
# get an app using the AzureGraph package
app <- get_graph_login("myaadtenant")$get_app("app_id")
# subscription level
asn1 <- sub$add_role_assignment(app, "Reader")
# resource group level
asn2 <- rg$add_role_assignment(app, "Contributor")
# resource level
asn3 <- res$add_role_assignment(app, "Owner")
res$remove_role_assignment(asn3$id)
rg$remove_role_assignment(asn2$id)
sub$remove_role_assignment(asn1$id)
## End(Not run)
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.