Prerequisites for Azure role assignment conditions

To add or edit Azure role assignment conditions, you must have the following prerequisites.

Storage accounts

For conditions that use blob index tags, you must use a storage account that is compatible with the blob index feature. For example, only General Purpose v2 (GPv2) storage accounts with hierarchical namespace (HNS) disabled are currently supported. For more information, see Manage and find Azure Blob data with blob index tags

Azure PowerShell

When using Azure PowerShell to add or update conditions, you must use the following versions:

• Az module 5.5.0 or later
• Az.Resources module 3.2.1 or later
  • Included with Az module v5.5.0 and later, but can be manually installed through PowerShell Gallery
• Az.Storage preview module 2.5.2-preview or later

Azure CLI

When using Azure CLI to add or update conditions, you must use the following versions:

• Azure CLI 2.18 or later

REST API

When using the REST API to add or update conditions, you must use the following versions:

• 2020-03-01-preview or later
• 2020-04-01-preview or later if you want to utilize the description property for role assignments
• 2022-04-01 is the first stable version

For more information, see API versions of Azure RBAC REST APIs.

Permissions

Just like role assignments, to add or update conditions, you must be signed in to Azure with a user that has the Microsoft.Authorization/roleAssignments/write and Microsoft.Authorization/roleAssignments/delete permissions, such as User Access Administrator or Owner.

Next steps

• Example Azure role assignment conditions for Blob Storage
• Tutorial: Add a role assignment condition to restrict access to blobs using the Azure portal