az policy assignment identity

Manage a policy assignment's managed identity.

Commands

az policy assignment identity assign

Add a system assigned identity to a policy assignment.

az policy assignment identity remove

Remove a managed identity from a policy assignment.

az policy assignment identity show

Show a policy assignment's managed identity.

az policy assignment identity assign

Add a system assigned identity to a policy assignment.

az policy assignment identity assign --name
                                     [--identity-scope]
                                     [--resource-group]
                                     [--role]
                                     [--scope]

Examples

Add a system assigned managed identity to a policy assignment.

az policy assignment identity assign -g MyResourceGroup -n MyPolicyAssignment

Add a system assigned managed identity to a policy assignment and grant it the 'Contributor' role for the current resource group.

az policy assignment identity assign -g MyResourceGroup -n MyPolicyAssignment --role Contributor --identity-scope /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup

Required Parameters

--name -n

Name of the policy assignment.

Optional Parameters

--identity-scope

Scope that the system assigned identity can access.

--resource-group -g

The resource group where the policy will be applied.

--role

Role name or id that will be assigned to the managed identity.

default value: Contributor
--scope

Scope to which this policy assignment applies.

az policy assignment identity remove

Remove a managed identity from a policy assignment.

az policy assignment identity remove --name
                                     [--resource-group]
                                     [--scope]

Required Parameters

--name -n

Name of the policy assignment.

Optional Parameters

--resource-group -g

The resource group where the policy will be applied.

--scope

Scope to which this policy assignment applies.

az policy assignment identity show

Show a policy assignment's managed identity.

az policy assignment identity show --name
                                   [--query-examples]
                                   [--resource-group]
                                   [--scope]

Examples

Show a policy assignment's managed identity. (autogenerated)

az policy assignment identity show --name MyPolicyAssignment --scope '/providers/Microsoft.Management/managementGroups/MyManagementGroup'

Required Parameters

--name -n

Name of the policy assignment.

Optional Parameters

--query-examples

Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.

--resource-group -g

The resource group where the policy will be applied.

--scope

Scope to which this policy assignment applies.