public class RoleAssignmentHelper extends Object
Modifier and Type | Class and Description |
---|---|
static interface |
RoleAssignmentHelper.IdProvider
A type that provide the service principal id (object id) and ARM resource id of the resource for which role
assignments needs to be done.
|
Constructor and Description |
---|
RoleAssignmentHelper(AuthorizationManager authorizationManager,
TaskGroup taskGroup,
RoleAssignmentHelper.IdProvider idProvider)
Creates RoleAssignmentHelper.
|
Modifier and Type | Method and Description |
---|---|
RoleAssignmentHelper |
withAccessTo(String scope,
BuiltInRole asRole)
Specifies that applications running on an Azure service with this identity requires the given access role with
scope of access limited to the ARM resource identified by the resource ID specified in the scope parameter.
|
RoleAssignmentHelper |
withAccessTo(String scope,
String roleDefinitionId)
Specifies that applications running on an Azure service with this identity requires the access described in the
given role definition with scope of access limited to an ARM resource.
|
RoleAssignmentHelper |
withAccessToCurrentResourceGroup(BuiltInRole asRole)
Specifies that applications running on an Azure service with this identity requires the given access role with
scope of access limited to the current resource group that the identity resides.
|
RoleAssignmentHelper |
withAccessToCurrentResourceGroup(String roleDefinitionId)
Specifies that applications running on an Azure service with this identity requires the given access role with
scope of access limited to the current resource group that the identity resides.
|
RoleAssignmentHelper |
withoutAccessTo(RoleAssignment roleAssignment)
Specifies that an access role assigned to the identity should be removed.
|
RoleAssignmentHelper |
withoutAccessTo(String scope,
BuiltInRole asRole)
Specifies that an access role assigned to the identity should be removed.
|
public RoleAssignmentHelper(AuthorizationManager authorizationManager, TaskGroup taskGroup, RoleAssignmentHelper.IdProvider idProvider)
authorizationManager
- the graph rbac managertaskGroup
- the pre-run task group after which role assignments create/remove tasks should runidProvider
- the provider that provides service principal id and resource idpublic RoleAssignmentHelper withAccessToCurrentResourceGroup(BuiltInRole asRole)
asRole
- access role to assigned to the identitypublic RoleAssignmentHelper withAccessTo(String scope, BuiltInRole asRole)
scope
- scope of the access represented in ARM resource ID formatasRole
- access role to assigned to the identitypublic RoleAssignmentHelper withAccessToCurrentResourceGroup(String roleDefinitionId)
roleDefinitionId
- access role definition to assigned to the identitypublic RoleAssignmentHelper withAccessTo(String scope, String roleDefinitionId)
scope
- scope of the access represented in ARM resource ID formatroleDefinitionId
- access role definition to assigned to the identitypublic RoleAssignmentHelper withoutAccessTo(RoleAssignment roleAssignment)
roleAssignment
- a role assigned to the identitypublic RoleAssignmentHelper withoutAccessTo(String scope, BuiltInRole asRole)
scope
- the scope of the role assignmentasRole
- the role of the role assignmentCopyright © 2020 Microsoft Corporation. All rights reserved.