Set-AzureRmRoleDefinition
Set-AzureRmRoleDefinition
Updates a custom role in Azure RBAC. the updated role definition is provided using either a JSON role definition file or a PSRoleDefinition object as input. Use the Get-AzureRmRoleDefinition command to get a custom role definition object whose properties you can modify as required. Use Get-AzureRmRoleDefinition | ConvertTo-Json command to export the custom role that needs to be updated, into a JSON file, that you can modify. Use the Get-AzureRmProviderOperation command to list all actions in Azure that can be secured using RBAC.
Syntax
Parameter Set: InputFileParameterSet
Set-AzureRmRoleDefinition -InputFile <String> [ <CommonParameters>]
Parameter Set: RoleDefinitionParameterSet
Set-AzureRmRoleDefinition -Role <PSRoleDefinition> [ <CommonParameters>]
Detailed Description
The Set-AzureRmRoleDefinition cmdlet updates an existing custom role in Azure Role-Based Access Control. Provide the updated role definition as an input to the cmdlet in the form of a JSON file or a PSRoleDefinition object. The role definition for the updated custom role MUST contain the Id property. The role definition SHOULD contain at least one property that is being updated: DisplayName, Description, Actions, NotActions, AssignableScopes
Following is a sample updated role definition json for Set-AzureRmRoleDefinition
{ "Id": "/subscriptions/eb910d4f-edbf-429b-94F6-d76bae7ff401/providers/Microsoft.Authorization/roleDefinitions/52a6cc13-ff92-47a8-a39b-2a8205c3087e", "Description": "Can monitor all resources and start and restart virtual machines", "Actions": [ "*/read", "Microsoft.ClassicCompute/virtualmachines/restart/action", "Microsoft.ClassicCompute/virtualmachines/start/action" ] }
Parameters
-InputFile<String>
File name containing a single json role definition to be updated. Only include the properties that are to be updated in the JSON. Id property is Required.
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-Role<PSRoleDefinition>
Role definition object to be updated
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
true(ByValue) |
Accept Wildcard Characters? |
false |
<CommonParameters>
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
The input type is the type of the objects that you can pipe to the cmdlet.
Outputs
The output type is the type of the objects that the cmdlet emits.
Examples
-------------------------- Update using PSRoleDefinitionObject --------------------------
PS C:\> $roleDef = Get-AzureRmRoleDefinition "Contoso On-Call"
PS C:\> $roleDef.Actions.Add("Microsoft.ClassicCompute/virtualmachines/start/action")
PS C:\> $roleDef.Description = "Can monitor all resources and start and restart virtual machines"
PS C:\> $roleDef.AssignableScopes = @("/subscriptions/eb910d4f-edbf-429b-94F6-d76bae7ff401" , "/subscriptions/a846d197-5eac-45c7-b885-a6227fe6d388")
PS C:\> New-AzureRmRoleDefinition -Role $roleDef
-------------------------- Create using JSON file --------------------------
PS C:\> Set-AzureRmRoleDefinition -InputFile C:\Temp\roleDefinition.json
Related topics
Get-AzureRmProviderOperation
Get-AzureRmRoleDefinition
New-AzureRmRoleDefinition
Remove-AzureRmRoleDefinition
Unknown