Prerequisites for Azure role assignment conditions (preview)


Azure ABAC and Azure role assignment conditions are currently in preview. This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see Supplemental Terms of Use for Azure Previews.

To add or edit Azure role assignment conditions, you must have the following prerequisites.

Storage accounts

For conditions that use blob index tags, you must use a storage account that is compatible with the blob index feature. For example, only General Purpose v2 (GPv2) storage accounts with hierarchical namespace (HNS) disabled are currently supported. For more information, see Manage and find Azure Blob data with blob index tags

Azure PowerShell

When using Azure PowerShell to add or update conditions, you must use the following versions:

Azure CLI

When using Azure CLI to add or update conditions, you must use the following versions:


Just like role assignments, to add or update conditions, you must be signed in to Azure with a user that has the Microsoft.Authorization/roleAssignments/write and Microsoft.Authorization/roleAssignments/delete permissions, such as User Access Administrator or Owner.