Package com.azure.resourcemanager.authorization.utils

Class RoleAssignmentHelper

  • public class RoleAssignmentHelper
extends Object
    A utility class to operate on role assignments for a resource with service principal (object id). This type is used for internal implementations, client should not take dependency on this as the method signature and behaviour can change in future releases.

    • Constructor Detail

      • RoleAssignmentHelper

        public RoleAssignmentHelper​(AuthorizationManager authorizationManager,
                            TaskGroup taskGroup,
                            RoleAssignmentHelper.IdProvider idProvider)
        Creates RoleAssignmentHelper.
        Parameters:
        authorizationManager - the graph rbac manager
        taskGroup - the pre-run task group after which role assignments create/remove tasks should run
        idProvider - the provider that provides service principal id and resource id

    • Method Detail

      • withAccessToCurrentResourceGroup

        public RoleAssignmentHelper withAccessToCurrentResourceGroup​(BuiltInRole asRole)
        Specifies that applications running on an Azure service with this identity requires the given access role with scope of access limited to the current resource group that the identity resides.
        Parameters:
        asRole - access role to assigned to the identity
        Returns:
        RoleAssignmentHelper

      • withAccessTo

        public RoleAssignmentHelper withAccessTo​(String scope,
                                         BuiltInRole asRole)
        Specifies that applications running on an Azure service with this identity requires the given access role with scope of access limited to the ARM resource identified by the resource ID specified in the scope parameter.
        Parameters:
        scope - scope of the access represented in ARM resource ID format
        asRole - access role to assigned to the identity
        Returns:
        RoleAssignmentHelper

      • withAccessToCurrentResourceGroup

        public RoleAssignmentHelper withAccessToCurrentResourceGroup​(String roleDefinitionId)
        Specifies that applications running on an Azure service with this identity requires the given access role with scope of access limited to the current resource group that the identity resides.
        Parameters:
        roleDefinitionId - access role definition to assigned to the identity
        Returns:
        RoleAssignmentHelper

      • withAccessTo

        public RoleAssignmentHelper withAccessTo​(String scope,
                                         String roleDefinitionId)
        Specifies that applications running on an Azure service with this identity requires the access described in the given role definition with scope of access limited to an ARM resource.
        Parameters:
        scope - scope of the access represented in ARM resource ID format
        roleDefinitionId - access role definition to assigned to the identity
        Returns:
        RoleAssignmentHelper

      • withoutAccessTo

        public RoleAssignmentHelper withoutAccessTo​(RoleAssignment roleAssignment)
        Specifies that an access role assigned to the identity should be removed.
        Parameters:
        roleAssignment - a role assigned to the identity
        Returns:
        RoleAssignmentHelper

      • withoutAccessTo

        public RoleAssignmentHelper withoutAccessTo​(String scope,
                                            BuiltInRole asRole)
        Specifies that an access role assigned to the identity should be removed.
        Parameters:
        scope - the scope of the role assignment
        asRole - the role of the role assignment
        Returns:
        RoleAssignmentHelper