Azure PowerShell or CLI command to Provide a User

2019-08-18 05:53发布

问题:

I have around 100 Azure Web Apps and Azure Functions which I created using Azure PowerShell and CLI, now I need to assign Owner Access to these Web Apps to users (Separate users for each Web Apps)

I am unable to find any sample for this, most sample are pointing to Assigning Resource Group Level Access, but not to the Specific Resource.

The task is achievable in the Azure Portal, just need the PowerShell or CLI command to assign users owner or contributor rights to these specific resources.

If possible please provide a sample command

回答1:

For Power Shell, you could use New-AzureRmRoleAssignment to do this.

For example.

New-AzureRmRoleAssignment -SignInName "test@hotmail.com" -RoleDefinitionName Owner -Scope "/subscriptions/*************/resourceGroups/shuiapp/providers/Microsoft.Web/sites/shuicli"

or

New-AzureRmRoleAssignment -ObjectId "859f0f40-057b-4afc-9d05-fe8b3933ae87" -RoleDefinitionName Owner -Scope "/subscriptions/*****************/resourceGroups/shuiapp/providers/Microsoft.Web/sites/shuicli"

Note: You could get your user object ID with cmdlet get-azureaduser.

Azure CLI

You could use az role assignment create to do this.

For example.

az role assignment create --assignee <user object id> --role Owner --scope "/subscriptions/3b4d41fa-e91d-4bc7-bc11-13d221b3b77d/resourceGroups/shuiapp/providers/Microsoft.Web/sites/shuicli"

Note: If your user is Azure AD user, you could use az ad user list to get user's object id. If your user is a service principal, you could use az ad sp list to get object id.