Reputation: 566
Azure Authorization: what is scope parameter in REST API?
I am creating a Azure custom role for blob storage access.
I started with Azure cli, and when I convert the json file to Terraform file, there is an extra parameter, scope.
It appears that it is the scope parameter in Azure REST API, controls where the role is defined (subscription, tenant or deeper).
Is it correct?
Upvotes: 2
Views: 1987
Answers (1)
Reputation: 136126
That's correct. Value for your scope parameter would depend on the level at which the role is defined. It could be one of the following values:
subscriptions/{subscriptionId}: Custom role is scoped at a subscription level.subscriptions/{subscriptionId1}/resourceGroups/{resourceGroup1}: Custom role is scoped at a resource group level.subscriptions/{subscriptionId1}/resourceGroups/{resourceGroup1}/providers/Microsoft.Web/sites/{site1}: Custom role is scoped at a resource level.providers/Microsoft.Management/managementGroups/{groupId1}: Custom role is scoped at a management group level.
Upvotes: 1
Related Questions
- user_impersonation scope - why?
- The provided value for the input parameter 'scope' is not valid when calling Access Token API
- Subscription-scope authorization for Azure Resource Manager API user
- how to pass scope in api while generating token for azure AD
- How to request access token with scope in azure ad (customer API)
- What are proper scopes for API requests
- What use are 'Scopes' in Azure B2C Authentication?
- Request Azure Active Directory token with limited scopes for Azure Service Management API
- WebAPI scope authorization through azure app registrations
- What is the Resource parameter in Windows Azure AD tenant application oAuth 2.0 specification