Package com.azure.resourcemanager.authorization.utils

Class RoleAssignmentHelper

java.lang.Object
com.azure.resourcemanager.authorization.utils.RoleAssignmentHelper
public class RoleAssignmentHelper extends Object
A utility class to operate on role assignments for a resource with service principal (object id). This type is used for internal implementations, client should not take dependency on this as the method signature and behaviour can change in future releases.

  • Constructor Details

    • RoleAssignmentHelper

      public RoleAssignmentHelper(AuthorizationManager authorizationManager, TaskGroup taskGroup, RoleAssignmentHelper.IdProvider idProvider)
      Creates RoleAssignmentHelper.
      Parameters:
      authorizationManager - the graph rbac manager
      taskGroup - the pre-run task group after which role assignments create/remove tasks should run
      idProvider - the provider that provides service principal id and resource id

  • Method Details

    • withAccessToCurrentResourceGroup

      public RoleAssignmentHelper withAccessToCurrentResourceGroup(BuiltInRole asRole)
      Specifies that applications running on an Azure service with this identity requires the given access role with scope of access limited to the current resource group that the identity resides.
      Parameters:
      asRole - access role to assigned to the identity
      Returns:
      RoleAssignmentHelper

    • withAccessTo

      public RoleAssignmentHelper withAccessTo(String scope, BuiltInRole asRole)
      Specifies that applications running on an Azure service with this identity requires the given access role with scope of access limited to the ARM resource identified by the resource ID specified in the scope parameter.
      Parameters:
      scope - scope of the access represented in ARM resource ID format
      asRole - access role to assigned to the identity
      Returns:
      RoleAssignmentHelper

    • withAccessToCurrentResourceGroup

      public RoleAssignmentHelper withAccessToCurrentResourceGroup(String roleDefinitionId)
      Specifies that applications running on an Azure service with this identity requires the given access role with scope of access limited to the current resource group that the identity resides.
      Parameters:
      roleDefinitionId - access role definition to assigned to the identity
      Returns:
      RoleAssignmentHelper

    • withAccessTo

      public RoleAssignmentHelper withAccessTo(String scope, String roleDefinitionId)
      Specifies that applications running on an Azure service with this identity requires the access described in the given role definition with scope of access limited to an ARM resource.
      Parameters:
      scope - scope of the access represented in ARM resource ID format
      roleDefinitionId - access role definition to assigned to the identity
      Returns:
      RoleAssignmentHelper

    • withoutAccessTo

      public RoleAssignmentHelper withoutAccessTo(RoleAssignment roleAssignment)
      Specifies that an access role assigned to the identity should be removed.
      Parameters:
      roleAssignment - a role assigned to the identity
      Returns:
      RoleAssignmentHelper

    • withoutAccessTo

      public RoleAssignmentHelper withoutAccessTo(String scope, BuiltInRole asRole)
      Specifies that an access role assigned to the identity should be removed.
      Parameters:
      scope - the scope of the role assignment
      asRole - the role of the role assignment
      Returns:
      RoleAssignmentHelper