az iot pnp role-assignment

Manage and configure PnP repository and model role assignments.

Commands

az iot pnp role-assignment create

Creates a role assignment for a user or service principal to a specific resource.

az iot pnp role-assignment delete

Deletes a role assignment for a user or service principal to a specific resource.

az iot pnp role-assignment list

Lists role assignments for a specific tenant or model. Can be filtered by subject-id.

az iot pnp role-assignment create

Creates a role assignment for a user or service principal to a specific resource.

az iot pnp role-assignment create --resource-id
                                  --resource-type {Model, Tenant}
                                  --role {ModelAdministrator, ModelReader, ModelsCreator, ModelsPublisher, TenantAdministrator}
                                  --subject-id
                                  --subject-type {ServicePrincipal, User}
                                  [--pnp-dns-suffix]

Examples

Assign a user the role of Tenant Administrator

az iot pnp role-assignment create --resource-id {tenant_id} --resource-type Tenant --role TenantAdministrator --subject-id {user_id} --subject-type User

Assign a service principal the role of Model Administrator

az iot pnp role-assignment create --resource-id {tenant_id} --resource-type Tenant --role ModelAdministrator --subject-id {spn_id} --subject-type ServicePrincipal

Required Parameters

--resource-id

The ID of the resource to manage role assignments for.

--resource-type

Resource Type for role.

accepted values: Model, Tenant
--role

Role for assignment.

accepted values: ModelAdministrator, ModelReader, ModelsCreator, ModelsPublisher, TenantAdministrator
--subject-id

The ID of a specific subject (User or Service Principal) to manage role assignments for.

--subject-type

Subject Type for role assignment.

accepted values: ServicePrincipal, User

Optional Parameters

--pnp-dns-suffix

An optional PnP DNS suffix used to interact with different PnP environments.

az iot pnp role-assignment delete

Deletes a role assignment for a user or service principal to a specific resource.

az iot pnp role-assignment delete --resource-id
                                  --resource-type {Model, Tenant}
                                  --role {ModelAdministrator, ModelReader, ModelsCreator, ModelsPublisher, TenantAdministrator}
                                  --subject-id
                                  [--pnp-dns-suffix]

Examples

Remove an assigned role for a specific user

az iot pnp role-assignment delete --resource-id {tenant_id} --resource-type Tenant --role {role} --subject-id {user_id}

Required Parameters

--resource-id

The ID of the resource to manage role assignments for.

--resource-type

Resource Type for role.

accepted values: Model, Tenant
--role

Role for assignment.

accepted values: ModelAdministrator, ModelReader, ModelsCreator, ModelsPublisher, TenantAdministrator
--subject-id

The ID of a specific subject (User or Service Principal) to manage role assignments for.

Optional Parameters

--pnp-dns-suffix

An optional PnP DNS suffix used to interact with different PnP environments.

az iot pnp role-assignment list

Lists role assignments for a specific tenant or model. Can be filtered by subject-id.

az iot pnp role-assignment list --resource-id
                                --resource-type {Model, Tenant}
                                [--pnp-dns-suffix]
                                [--subject-id]

Examples

List role assignments for a specific tenant repository

az iot pnp role-assignment list --resource-id {tenant_id} --resource-type Tenant

List role assignments for a specific model "dtmi:com:example:ClimateSensor;1" and subject.

az iot pnp role-assignment list --resource-id "dtmi:com:example:ClimateSensor;1" --resource-type Model --subject-id {user_or_spn_id}

Required Parameters

--resource-id

The ID of the resource to manage role assignments for.

--resource-type

Resource Type for role.

accepted values: Model, Tenant

Optional Parameters

--pnp-dns-suffix

An optional PnP DNS suffix used to interact with different PnP environments.

--subject-id

The ID of a specific subject (User or Service Principal) to manage role assignments for.