forked from Ba4bes/Bicep-RoleAssignments
-
Notifications
You must be signed in to change notification settings - Fork 0
/
04 - rollassignment-Resource.bicep
42 lines (35 loc) · 1.03 KB
/
04 - rollassignment-Resource.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
@description('Principal type of the assignee.')
@allowed([
'Device'
'ForeignGroup'
'Group'
'ServicePrincipal'
'User'
])
param principalType string
@description('the id for the role defintion, to define what permission should be assigned')
param RoleDefinitionId string
@description('the id of the principal that would get the permission')
param principalId string
param location string = resourceGroup().location
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-08-01' = {
name: 'example'
location: location
sku: {
name: 'Standard_LRS'
}
kind: 'StorageV2'
}
resource roleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {
scope: resourceGroup()
name: RoleDefinitionId
}
resource RoleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = {
name: guid(storageAccount.id, RoleDefinitionId, principalId)
scope: storageAccount
properties: {
roleDefinitionId: roleDefinition.id
principalId: principalId
principalType: principalType
}
}