< Back
Set-AzureRmRoleDefinition
Post
NAME Set-AzureRmRoleDefinition
SYNOPSIS
Modifies a custom role in Azure RBAC. Provide the modified role definition either as a JSON file or as a PSRoleDefinition. First, use the
Get-AzureRmRoleDefinition command to retrieve the custom role that you wish to modify. Then, modify the properties that you wish to change.
Finally, save the role definition using this command.
SYNTAX
Set-AzureRmRoleDefinition [-DefaultProfile <IAzureContextContainer>] -InputFile <String> [<CommonParameters>]
Set-AzureRmRoleDefinition [-DefaultProfile <IAzureContextContainer>] -Role <PSRoleDefinition> [<CommonParameters>]
DESCRIPTION
The Set-AzureRmRoleDefinition cmdlet updates an existing custom role in Azure Role-Based Access Control. Provide the updated role definition as an
input to the command as a JSON file or a PSRoleDefinition object. The role definition for the updated custom role MUST contain the Id and all
other required properties of the role even if they are not updated: DisplayName, Description, Actions, AssignableScopes. NotActions, DataActions,
NotDataActions are optional.
Following is a sample updated role definition json for Set-AzureRmRoleDefinition
{ "Id": "52a6cc13-ff92-47a8-a39b-2a8205c3087e", "Name": "Updated Role", "Description": "Can monitor all resources and
start and restart virtual machines", "Actions": [ "*/read",
"Microsoft.ClassicCompute/virtualmachines/restart/action", "Microsoft.ClassicCompute/virtualmachines/start/action" ],
"NotActions": [ "*/write" ], "DataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read" ], "NotDataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write" ], "AssignableScopes":
["/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"] }
PARAMETERS
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-InputFile <String>
File name containing a single json role definition to be updated. Only include the properties that are to be updated in the JSON. Id property
is Required.
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Role <PSRoleDefinition>
Role definition object to be updated
Required? true
Position? named
Default value None
Accept pipeline input? True (ByValue)
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
PSRoleDefinition
Parameter 'Role' accepts value of type 'PSRoleDefinition' from the pipeline
OUTPUTS
Microsoft.Azure.Commands.Resources.Models.Authorization.PSRoleDefinition
NOTES
Keywords: azure, azurerm, arm, resource, management, manager, resource, group, template, deployment
Update using PSRoleDefinitionObject
PS C:\\> $roleDef = Get-AzureRmRoleDefinition "Contoso On-Call"
PS C:\\> $roleDef.Actions.Add("Microsoft.ClassicCompute/virtualmachines/start/action")
PS C:\\> $roleDef.Description = "Can monitor all resources and start and restart virtual machines"
PS C:\\> $roleDef.AssignableScopes = @("/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx")
PS C:\\> Set-AzureRmRoleDefinition -Role $roleDef
Create using JSON file
PS C:\\> Set-AzureRmRoleDefinition -InputFile C:\\Temp\\roleDefinition.json
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... definition
Get-AzureRmProviderOperation
Get-AzureRmRoleDefinition
New-AzureRmRoleDefinition
Remove-AzureRmRoleDefinition
SYNOPSIS
Modifies a custom role in Azure RBAC. Provide the modified role definition either as a JSON file or as a PSRoleDefinition. First, use the
Get-AzureRmRoleDefinition command to retrieve the custom role that you wish to modify. Then, modify the properties that you wish to change.
Finally, save the role definition using this command.
SYNTAX
Set-AzureRmRoleDefinition [-DefaultProfile <IAzureContextContainer>] -InputFile <String> [<CommonParameters>]
Set-AzureRmRoleDefinition [-DefaultProfile <IAzureContextContainer>] -Role <PSRoleDefinition> [<CommonParameters>]
DESCRIPTION
The Set-AzureRmRoleDefinition cmdlet updates an existing custom role in Azure Role-Based Access Control. Provide the updated role definition as an
input to the command as a JSON file or a PSRoleDefinition object. The role definition for the updated custom role MUST contain the Id and all
other required properties of the role even if they are not updated: DisplayName, Description, Actions, AssignableScopes. NotActions, DataActions,
NotDataActions are optional.
Following is a sample updated role definition json for Set-AzureRmRoleDefinition
{ "Id": "52a6cc13-ff92-47a8-a39b-2a8205c3087e", "Name": "Updated Role", "Description": "Can monitor all resources and
start and restart virtual machines", "Actions": [ "*/read",
"Microsoft.ClassicCompute/virtualmachines/restart/action", "Microsoft.ClassicCompute/virtualmachines/start/action" ],
"NotActions": [ "*/write" ], "DataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read" ], "NotDataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write" ], "AssignableScopes":
["/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"] }
PARAMETERS
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-InputFile <String>
File name containing a single json role definition to be updated. Only include the properties that are to be updated in the JSON. Id property
is Required.
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Role <PSRoleDefinition>
Role definition object to be updated
Required? true
Position? named
Default value None
Accept pipeline input? True (ByValue)
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
PSRoleDefinition
Parameter 'Role' accepts value of type 'PSRoleDefinition' from the pipeline
OUTPUTS
Microsoft.Azure.Commands.Resources.Models.Authorization.PSRoleDefinition
NOTES
Keywords: azure, azurerm, arm, resource, management, manager, resource, group, template, deployment
Update using PSRoleDefinitionObject
PS C:\\> $roleDef = Get-AzureRmRoleDefinition "Contoso On-Call"
PS C:\\> $roleDef.Actions.Add("Microsoft.ClassicCompute/virtualmachines/start/action")
PS C:\\> $roleDef.Description = "Can monitor all resources and start and restart virtual machines"
PS C:\\> $roleDef.AssignableScopes = @("/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx")
PS C:\\> Set-AzureRmRoleDefinition -Role $roleDef
Create using JSON file
PS C:\\> Set-AzureRmRoleDefinition -InputFile C:\\Temp\\roleDefinition.json
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... definition
Get-AzureRmProviderOperation
Get-AzureRmRoleDefinition
New-AzureRmRoleDefinition
Remove-AzureRmRoleDefinition