az dt role-assignment

Manage RBAC role assignments for a Digital Twins instance.

Note that in order to perform role assignments, the logged in principal needs permissions such as Owner or User Access Administrator at the assigned scope.

This command group is provided for convenience. For more complex role assignment scenarios use the 'az role assignment' command group.

Commands

az dt role-assignment create

Assign a user, group or service principal to a role against a Digital Twins instance.

az dt role-assignment delete

Remove a user, group or service principal role assignment from a Digital Twins instance.

az dt role-assignment list

List the existing role assignments of a Digital Twins instance.

az dt role-assignment create

Assign a user, group or service principal to a role against a Digital Twins instance.

Note that in order to perform role assignments, the logged in principal needs permissions such as Owner or User Access Administrator at the assigned scope.

az dt role-assignment create --assignee
                             --dt-name
                             --role
                             [--resource-group]

Examples

Assign a user (by email) the built-in Digital Twins Owner role against a target instance.

az dt role-assignment create -n {instance_name} --assignee "owneruser@microsoft.com" --role "Azure Digital Twins Owner (Preview)"

Assign a user (by object Id) the built-in Digital Twins Reader role against a target instance.

az dt role-assignment create -n {instance_name} --assignee "97a89267-0966-4054-a156-b7d86ef8e216" --role "Azure Digital Twins Reader (Preview)"

Assign a service principal a custom role against a target instance.

az dt role-assignment create -n {instance_name} --assignee {service_principal_name_or_id} --role {role_name_or_id}

Required Parameters

--assignee

Represent a user, group, or service principal. supported format: object id, user sign-in name, or service principal name.

--dt-name --dtn -n

Digital Twins instance name.

--role

Role name or Id.

Optional Parameters

--resource-group -g

Digital Twins instance resource group. You can configure the default group using az configure --defaults group=<name>.

az dt role-assignment delete

Remove a user, group or service principal role assignment from a Digital Twins instance.

Note that in order to perform role assignments, the logged in principal needs permissions such as Owner or User Access Administrator at the assigned scope.

az dt role-assignment delete --dt-name
                             [--assignee]
                             [--resource-group]
                             [--role]

Examples

Remove a user from a specific role assignment of a Digital Twins instance.

az dt role-assignment delete -n {instance_name} --assignee "removeuser@microsoft.com" --role "Azure Digital Twins Reader (Preview)"

Remove a user from all assigned roles of a Digital Twins instance.

az dt role-assignment delete -n {instance_name} --assignee "removeuser@microsoft.com"

Required Parameters

--dt-name --dtn -n

Digital Twins instance name.

Optional Parameters

--assignee

Represent a user, group, or service principal. supported format: object id, user sign-in name, or service principal name.

--resource-group -g

Digital Twins instance resource group. You can configure the default group using az configure --defaults group=<name>.

--role

Role name or Id.

az dt role-assignment list

List the existing role assignments of a Digital Twins instance.

az dt role-assignment list --dt-name
                           [--include-inherited {false, true}]
                           [--resource-group]
                           [--role]

Examples

List the role assignments on a target instance.

az dt role-assignment list -n {instance_name}

List the role assignments on a target instance and filter by role.

az dt role-assignment list -n {instance_name} --role {role_name_or_id}

Required Parameters

--dt-name --dtn -n

Digital Twins instance name.

Optional Parameters

--include-inherited

Include assignments applied on parent scopes.

accepted values: false, true
--resource-group -g

Digital Twins instance resource group. You can configure the default group using az configure --defaults group=<name>.

--role

Role name or Id.