{ "swagger": "2.0", "schemes": [ "https" ], "host": "management.azure.com", "info": { "description": "To manage and control access to your resources, you can define customized policies and assign them at a scope.", "title": "PolicyClient", "version": "2018-03-01", "x-apisguru-categories": [ "cloud" ], "x-logo": { "url": "https://api.apis.guru/v2/cache/logo/https_assets.onestore.ms_cdnfiles_onestorerolling-1606-01000_shell_v3_images_logo_microsoft.png" }, "x-origin": [ { "format": "swagger", "url": "https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/specification/resources/resource-manager/Microsoft.Authorization/stable/2018-03-01/policyAssignments.json", "version": "2.0" } ], "x-preferred": false, "x-providerName": "azure.com", "x-serviceName": "resources-policyAssignments", "x-tags": [ "Azure", "Microsoft" ] }, "consumes": [ "application/json" ], "produces": [ "application/json" ], "securityDefinitions": { "azure_auth": { "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", "description": "Azure Active Directory OAuth2 Flow", "flow": "implicit", "scopes": { "user_impersonation": "impersonate your user account" }, "type": "oauth2" } }, "security": [ { "azure_auth": [ "user_impersonation" ] } ], "parameters": { "ApiVersionParameter": { "description": "The API version to use for the operation.", "in": "query", "name": "api-version", "required": true, "type": "string" }, "SubscriptionIdParameter": { "description": "The ID of the target subscription.", "in": "path", "name": "subscriptionId", "required": true, "type": "string" } }, "paths": { "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyAssignments": { "get": { "description": "This operation retrieves the list of all policy assignments associated with the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the subscription, including those that apply directly or from management groups that contain the given subscription, as well as any applied to objects contained within the subscription. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the subscription, which is everything in the unfiltered list except those applied to objects contained within the subscription. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}.", "operationId": "PolicyAssignments_List", "parameters": [ { "description": "The filter to apply on the operation. Valid values for $filter are: 'atScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed.", "in": "query", "name": "$filter", "required": false, "type": "string" }, { "$ref": "#/parameters/ApiVersionParameter" }, { "$ref": "#/parameters/SubscriptionIdParameter" } ], "responses": { "200": { "description": "OK - Returns an array of policy assignments.", "schema": { "$ref": "#/definitions/PolicyAssignmentListResult" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "#/definitions/ErrorResponse" } } }, "summary": "Retrieves all policy assignments that apply to a subscription.", "tags": [ "PolicyAssignments" ], "x-ms-examples": { "List policy assignments that apply to a subscription": { "parameters": { "$filter": "atScope()", "api-version": "2018-03-01", "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { "body": { "value": [ { "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", "name": "CostManagement", "properties": { "description": "Minimize the risk of accidental cost overruns", "displayName": "Storage Cost Management", "metadata": { "category": "Cost Management" }, "notScopes": [], "parameters": { "allowedSkus": { "type": "Array" } }, "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/storageSkus", "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "sku": { "name": "A0", "tier": "Free" }, "type": "Microsoft.Authorization/policyAssignments" }, { "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/TagEnforcement", "name": "TagEnforcement", "properties": { "description": "Ensure a given tag key and value are present on all resources", "displayName": "Enforces a tag key and value", "notScopes": [], "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "sku": { "name": "A0", "tier": "Free" }, "type": "Microsoft.Authorization/policyAssignments" } ] }, "headers": {} } } } }, "x-ms-odata": "#/definitions/PolicyAssignment", "x-ms-pageable": { "nextLinkName": "nextLink" } } }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Authorization/policyAssignments": { "get": { "description": "This operation retrieves the list of all policy assignments associated with the given resource group in the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the resource group, including those that apply directly or apply from containing scopes, as well as any applied to resources contained within the resource group. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the resource group, which is everything in the unfiltered list except those applied to resources contained within the resource group. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the resource group.", "operationId": "PolicyAssignments_ListForResourceGroup", "parameters": [ { "description": "The name of the resource group that contains policy assignments.", "in": "path", "maxLength": 90, "minLength": 1, "name": "resourceGroupName", "pattern": "^[-\\w\\._\\(\\)]+$", "required": true, "type": "string" }, { "description": "The filter to apply on the operation. Valid values for $filter are: 'atScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed.", "in": "query", "name": "$filter", "required": false, "type": "string", "x-ms-skip-url-encoding": true }, { "$ref": "#/parameters/ApiVersionParameter" }, { "$ref": "#/parameters/SubscriptionIdParameter" } ], "responses": { "200": { "description": "OK - Returns an array of policy assignments.", "schema": { "$ref": "#/definitions/PolicyAssignmentListResult" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "#/definitions/ErrorResponse" } } }, "summary": "Retrieves all policy assignments that apply to a resource group.", "tags": [ "PolicyAssignments" ], "x-ms-examples": { "List policy assignments that apply to a resource group": { "parameters": { "$filter": "atScope()", "api-version": "2018-03-01", "resourceGroupName": "TestResourceGroup", "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { "body": { "value": [ { "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement", "name": "TestCostManagement", "properties": { "description": "Minimize the risk of accidental cost overruns", "displayName": "Storage Cost Management", "metadata": { "category": "Cost Management" }, "notScopes": [], "parameters": { "allowedSkus": { "type": "Array" } }, "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/storageSkus", "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup" }, "sku": { "name": "A0", "tier": "Free" }, "type": "Microsoft.Authorization/policyAssignments" }, { "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement", "name": "TestTagEnforcement", "properties": { "description": "Ensure a given tag key and value are present on all resources", "displayName": "Enforces a tag key and value", "notScopes": [], "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup" }, "sku": { "name": "A0", "tier": "Free" }, "type": "Microsoft.Authorization/policyAssignments" } ] }, "headers": {} } } } }, "x-ms-pageable": { "nextLinkName": "nextLink" } } }, "/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/policyAssignments": { "get": { "deprecated": false, "description": "This operation retrieves the list of all policy assignments associated with the specified resource in the given resource group and subscription that match the optional given $filter. Valid values for $filter are: 'atScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the resource, including those that apply directly or from all containing scopes, as well as any applied to resources contained within the resource. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the resource, which is everything in the unfiltered list except those applied to resources contained within the resource. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the resource. Three parameters plus the resource name are used to identify a specific resource. If the resource is not part of a parent resource (the more common case), the parent resource path should not be provided (or provided as ''). For example a web app could be specified as ({resourceProviderNamespace} == 'Microsoft.Web', {parentResourcePath} == '', {resourceType} == 'sites', {resourceName} == 'MyWebApp'). If the resource is part of a parent resource, then all parameters should be provided. For example a virtual machine DNS name could be specified as ({resourceProviderNamespace} == 'Microsoft.Compute', {parentResourcePath} == 'virtualMachines/MyVirtualMachine', {resourceType} == 'domainNames', {resourceName} == 'MyComputerName'). A convenient alternative to providing the namespace and type name separately is to provide both in the {resourceType} parameter, format: ({resourceProviderNamespace} == '', {parentResourcePath} == '', {resourceType} == 'Microsoft.Web/sites', {resourceName} == 'MyWebApp').", "operationId": "PolicyAssignments_ListForResource", "parameters": [ { "description": "The name of the resource group containing the resource.", "in": "path", "maxLength": 90, "minLength": 1, "name": "resourceGroupName", "pattern": "^[-\\w\\._\\(\\)]+$", "required": true, "type": "string" }, { "description": "The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines)", "in": "path", "name": "resourceProviderNamespace", "required": true, "type": "string" }, { "description": "The parent resource path. Use empty string if there is none.", "in": "path", "name": "parentResourcePath", "required": true, "type": "string", "x-ms-skip-url-encoding": true }, { "description": "The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites).", "in": "path", "name": "resourceType", "required": true, "type": "string", "x-ms-skip-url-encoding": true }, { "description": "The name of the resource.", "in": "path", "name": "resourceName", "required": true, "type": "string" }, { "description": "The filter to apply on the operation. Valid values for $filter are: 'atScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed.", "in": "query", "name": "$filter", "required": false, "type": "string" }, { "$ref": "#/parameters/ApiVersionParameter" }, { "$ref": "#/parameters/SubscriptionIdParameter" } ], "responses": { "200": { "description": "OK - Returns an array of policy assignments.", "schema": { "$ref": "#/definitions/PolicyAssignmentListResult" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "#/definitions/ErrorResponse" } } }, "summary": "Retrieves all policy assignments that apply to a resource.", "tags": [ "PolicyAssignments" ], "x-ms-examples": { "List all policy assignments that apply to a resource": { "parameters": { "api-version": "2018-03-01", "parentResourcePath": "virtualMachines/MyTestVm", "resourceGroupName": "TestResourceGroup", "resourceName": "MyTestComputer.cloudapp.net", "resourceProviderNamespace": "Microsoft.Compute", "resourceType": "domainNames", "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { "body": { "value": [ { "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement", "name": "TestCostManagement", "properties": { "description": "Minimize the risk of accidental cost overruns", "displayName": "VM Cost Management", "metadata": { "category": "Cost Management" }, "notScopes": [], "parameters": { "allowedSkus": { "type": "Array" } }, "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/vmSkus", "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup" }, "sku": { "name": "A0", "tier": "Free" }, "type": "Microsoft.Authorization/policyAssignments" }, { "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement", "name": "TestTagEnforcement", "properties": { "description": "Ensure a given tag key and value are present on all resources", "displayName": "Enforces a tag key and value", "notScopes": [], "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup" }, "sku": { "name": "A0", "tier": "Free" }, "type": "Microsoft.Authorization/policyAssignments" } ] }, "headers": {} } } } }, "x-ms-odata": "#/definitions/PolicyAssignment", "x-ms-pageable": { "nextLinkName": "nextLink" } } }, "/{policyAssignmentId}": { "delete": { "description": "This operation deletes the policy with the given ID. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid formats for {scope} are: '/providers/Microsoft.Management/managementGroups/{managementGroup}' (management group), '/subscriptions/{subscriptionId}' (subscription), '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}' (resource group), or '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' (resource).", "operationId": "PolicyAssignments_DeleteById", "parameters": [ { "description": "The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", "in": "path", "name": "policyAssignmentId", "required": true, "type": "string", "x-ms-skip-url-encoding": true }, { "$ref": "#/parameters/ApiVersionParameter" } ], "responses": { "200": { "description": "OK - Returns information about the policy assignment.", "schema": { "$ref": "#/definitions/PolicyAssignment" } }, "204": { "description": "No Content - the policy assignment doesn't exist." }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "#/definitions/ErrorResponse" } } }, "summary": "Deletes a policy assignment.", "tags": [ "PolicyAssignments" ], "x-ms-examples": { "Delete a policy assignment by ID": { "parameters": { "api-version": "2018-03-01", "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage" }, "responses": { "200": { "body": { "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", "name": "LowCostStorage", "properties": { "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", "displayName": "Enforce storage account SKU", "metadata": { "assignedBy": "Cheapskate Boss" }, "notScopes": [], "parameters": { "listOfAllowedSKUs": { "value": [ "Standard_GRS", "Standard_LRS" ] } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1" }, "type": "Microsoft.Authorization/policyAssignments" }, "headers": {} }, "204": { "headers": {} } } } } }, "get": { "description": "The operation retrieves the policy assignment with the given ID. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'.", "operationId": "PolicyAssignments_GetById", "parameters": [ { "description": "The ID of the policy assignment to get. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", "in": "path", "name": "policyAssignmentId", "required": true, "type": "string", "x-ms-skip-url-encoding": true }, { "$ref": "#/parameters/ApiVersionParameter" } ], "responses": { "200": { "description": "OK - Returns information about the policy assignment.", "schema": { "$ref": "#/definitions/PolicyAssignment" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "#/definitions/ErrorResponse" } } }, "summary": "Retrieves the policy assignment with the given ID.", "tags": [ "PolicyAssignments" ], "x-ms-examples": { "Retrieve a policy assignment by ID": { "parameters": { "api-version": "2018-03-01", "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage" }, "responses": { "200": { "body": { "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", "name": "LowCostStorage", "properties": { "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", "displayName": "Enforce storage account SKU", "metadata": { "assignedBy": "Cheapskate Boss" }, "notScopes": [], "parameters": { "listOfAllowedSKUs": { "value": [ "Standard_GRS", "Standard_LRS" ] } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1" }, "type": "Microsoft.Authorization/policyAssignments" }, "headers": {} } } } } }, "put": { "description": "This operation creates or updates the policy assignment with the given ID. Policy assignments made on a scope apply to all resources contained in that scope. For example, when you assign a policy to a resource group that policy applies to all resources in the group. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'.", "operationId": "PolicyAssignments_CreateById", "parameters": [ { "description": "The ID of the policy assignment to create. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", "in": "path", "name": "policyAssignmentId", "required": true, "type": "string", "x-ms-skip-url-encoding": true }, { "description": "Parameters for policy assignment.", "in": "body", "name": "parameters", "required": true, "schema": { "$ref": "#/definitions/PolicyAssignment" } }, { "$ref": "#/parameters/ApiVersionParameter" } ], "responses": { "201": { "description": "Created - Returns information about the policy assignment.", "schema": { "$ref": "#/definitions/PolicyAssignment" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "#/definitions/ErrorResponse" } } }, "summary": "Creates or updates a policy assignment.", "tags": [ "PolicyAssignments" ], "x-ms-examples": { "Create or update policy assignment by ID": { "parameters": { "api-version": "2018-03-01", "parameters": { "properties": { "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", "displayName": "Enforce storage account SKU", "metadata": { "assignedBy": "Cheapskate Boss" }, "parameters": { "listOfAllowedSKUs": { "value": [ "Standard_GRS", "Standard_LRS" ] } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1" } }, "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage" }, "responses": { "201": { "body": { "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", "name": "LowCostStorage", "properties": { "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", "displayName": "Enforce storage account SKU", "metadata": { "assignedBy": "Cheapskate Boss" }, "notScopes": [], "parameters": { "listOfAllowedSKUs": { "value": [ "Standard_GRS", "Standard_LRS" ] } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1" }, "type": "Microsoft.Authorization/policyAssignments" }, "headers": {} } } } } } }, "/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}": { "delete": { "description": "This operation deletes a policy assignment, given its name and the scope it was created in. The scope of a policy assignment is the part of its ID preceding '/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", "operationId": "PolicyAssignments_Delete", "parameters": [ { "description": "The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", "in": "path", "name": "scope", "required": true, "type": "string", "x-ms-skip-url-encoding": true }, { "description": "The name of the policy assignment to delete.", "in": "path", "name": "policyAssignmentName", "required": true, "type": "string" }, { "$ref": "#/parameters/ApiVersionParameter" } ], "responses": { "200": { "description": "OK - Returns information about the deleted assignment.", "schema": { "$ref": "#/definitions/PolicyAssignment" } }, "204": { "description": "No Content - the policy assignment doesn't exist." }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "#/definitions/ErrorResponse" } } }, "summary": "Deletes a policy assignment.", "tags": [ "PolicyAssignments" ], "x-ms-examples": { "Delete a policy assignment": { "parameters": { "api-version": "2018-03-01", "policyAssignmentName": "EnforceNaming", "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { "body": { "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", "name": "EnforceNaming", "properties": { "description": "Force resource names to begin with given DeptA and end with -LC", "displayName": "Enforce resource naming rules", "metadata": { "assignedBy": "Special Someone" }, "notScopes": [], "parameters": { "prefix": { "value": "DeptA" }, "suffix": { "value": "-LC" } }, "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "type": "Microsoft.Authorization/policyAssignments" }, "headers": {} }, "204": { "headers": {} } } } } }, "get": { "description": "This operation retrieves a single policy assignment, given its name and the scope it was created at.", "operationId": "PolicyAssignments_Get", "parameters": [ { "description": "The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", "in": "path", "name": "scope", "required": true, "type": "string", "x-ms-skip-url-encoding": true }, { "description": "The name of the policy assignment to get.", "in": "path", "name": "policyAssignmentName", "required": true, "type": "string" }, { "$ref": "#/parameters/ApiVersionParameter" } ], "responses": { "200": { "description": "OK - Returns information about the policy assignment.", "schema": { "$ref": "#/definitions/PolicyAssignment" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "#/definitions/ErrorResponse" } } }, "summary": "Retrieves a policy assignment.", "tags": [ "PolicyAssignments" ], "x-ms-examples": { "Retrieve a policy assignment": { "parameters": { "api-version": "2018-03-01", "policyAssignmentName": "EnforceNaming", "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { "body": { "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", "name": "EnforceNaming", "properties": { "description": "Force resource names to begin with given DeptA and end with -LC", "displayName": "Enforce resource naming rules", "metadata": { "assignedBy": "Special Someone" }, "notScopes": [], "parameters": { "prefix": { "value": "DeptA" }, "suffix": { "value": "-LC" } }, "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "type": "Microsoft.Authorization/policyAssignments" }, "headers": {} } } } } }, "put": { "description": " This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.", "operationId": "PolicyAssignments_Create", "parameters": [ { "description": "The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", "in": "path", "name": "scope", "required": true, "type": "string", "x-ms-skip-url-encoding": true }, { "description": "The name of the policy assignment.", "in": "path", "name": "policyAssignmentName", "required": true, "type": "string" }, { "description": "Parameters for the policy assignment.", "in": "body", "name": "parameters", "required": true, "schema": { "$ref": "#/definitions/PolicyAssignment" } }, { "$ref": "#/parameters/ApiVersionParameter" } ], "responses": { "201": { "description": "Created - Returns information about the new policy assignment.", "schema": { "$ref": "#/definitions/PolicyAssignment" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "#/definitions/ErrorResponse" } } }, "summary": "Creates or updates a policy assignment.", "tags": [ "PolicyAssignments" ], "x-ms-examples": { "Create or update a policy assignment": { "parameters": { "api-version": "2018-03-01", "parameters": { "properties": { "description": "Force resource names to begin with given DeptA and end with -LC", "displayName": "Enforce resource naming rules", "metadata": { "assignedBy": "Special Someone" }, "parameters": { "prefix": { "value": "DeptA" }, "suffix": { "value": "-LC" } }, "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming" } }, "policyAssignmentName": "EnforceNaming", "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "201": { "body": { "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", "name": "EnforceNaming", "properties": { "description": "Force resource names to begin with given DeptA and end with -LC", "displayName": "Enforce resource naming rules", "metadata": { "assignedBy": "Special Someone" }, "notScopes": [], "parameters": { "prefix": { "value": "DeptA" }, "suffix": { "value": "-LC" } }, "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "type": "Microsoft.Authorization/policyAssignments" }, "headers": {} } } } } } } }, "definitions": { "ErrorResponse": { "description": "Error response indicates Azure Resource Manager is not able to process the incoming request. The reason is provided in the error message.", "properties": { "errorCode": { "description": "Error code.", "type": "string" }, "errorMessage": { "description": "Error message indicating why the operation failed.", "type": "string" }, "httpStatus": { "description": "Http status code.", "type": "string" } }, "type": "object" }, "PolicyAssignment": { "description": "The policy assignment.", "properties": { "id": { "description": "The ID of the policy assignment.", "readOnly": true, "type": "string" }, "name": { "description": "The name of the policy assignment.", "readOnly": true, "type": "string" }, "properties": { "$ref": "#/definitions/PolicyAssignmentProperties", "description": "Properties for the policy assignment.", "x-ms-client-flatten": true }, "sku": { "$ref": "#/definitions/PolicySku", "description": "The policy sku. This property is optional, obsolete, and will be ignored." }, "type": { "description": "The type of the policy assignment.", "readOnly": true, "type": "string" } }, "x-ms-azure-resource": true }, "PolicyAssignmentListResult": { "description": "List of policy assignments.", "properties": { "nextLink": { "description": "The URL to use for getting the next set of results.", "type": "string" }, "value": { "description": "An array of policy assignments.", "items": { "$ref": "#/definitions/PolicyAssignment" }, "type": "array" } } }, "PolicyAssignmentProperties": { "description": "The policy assignment properties.", "properties": { "description": { "description": "This message will be part of response in case of policy violation.", "type": "string" }, "displayName": { "description": "The display name of the policy assignment.", "type": "string" }, "metadata": { "description": "The policy assignment metadata.", "type": "object" }, "notScopes": { "description": "The policy's excluded scopes.", "items": { "type": "string" }, "type": "array" }, "parameters": { "description": "Required if a parameter is used in policy rule.", "type": "object" }, "policyDefinitionId": { "description": "The ID of the policy definition or policy set definition being assigned.", "type": "string" }, "scope": { "description": "The scope for the policy assignment.", "type": "string" } } }, "PolicySku": { "description": "The policy sku. This property is optional, obsolete, and will be ignored.", "properties": { "name": { "description": "The name of the policy sku. Possible values are A0 and A1.", "type": "string" }, "tier": { "description": "The policy sku tier. Possible values are Free and Standard.", "type": "string" } }, "required": [ "name" ] } } }