Prerequisites for Azure role assignment conditions
To add or edit Azure role assignment conditions, you must have the following prerequisites.
Storage accounts
For conditions that use blob index tags, you must use a storage account that is compatible with the blob index feature. For example, only General Purpose v2 (GPv2) storage accounts with hierarchical namespace (HNS) disabled are currently supported. For more information, see Manage and find Azure Blob data with blob index tags
Azure PowerShell
When using Azure PowerShell to add or update conditions, you must use the following versions:
- Az module 5.5.0 or later
- Az.Resources module 3.2.1 or later
- Included with Az module v5.5.0 and later, but can be manually installed through PowerShell Gallery
- Az.Storage preview module 2.5.2-preview or later
Azure CLI
When using Azure CLI to add or update conditions, you must use the following versions:
REST API
When using the REST API to add or update conditions, you must use the following versions:
2020-03-01-preview
or later2020-04-01-preview
or later if you want to utilize thedescription
property for role assignments2022-04-01
is the first stable version
For more information, see API versions of Azure RBAC REST APIs.
Permissions
Just like role assignments, to add or update conditions, you must be signed in to Azure with a user that has the Microsoft.Authorization/roleAssignments/write
and Microsoft.Authorization/roleAssignments/delete
permissions, such as User Access Administrator or Owner.