diff --git a/infra-as-code/bicep/modules/roleAssignments/generateddocs/roleAssignmentManagementGroup.bicep.md b/infra-as-code/bicep/modules/roleAssignments/generateddocs/roleAssignmentManagementGroup.bicep.md index 0d60797f1..636ff5b11 100644 --- a/infra-as-code/bicep/modules/roleAssignments/generateddocs/roleAssignmentManagementGroup.bicep.md +++ b/infra-as-code/bicep/modules/roleAssignments/generateddocs/roleAssignmentManagementGroup.bicep.md @@ -11,7 +11,7 @@ parRoleDefinitionId | Yes | Role Definition Id (i.e. GUID, Reader Role Defi parAssigneePrincipalType | Yes | Principal type of the assignee. Allowed values are 'Group' (Security Group) or 'ServicePrincipal' (Service Principal or System/User Assigned Managed Identity) parAssigneeObjectId | Yes | Object ID of groups, service principals or managed identities. For managed identities use the principal id. For service principals, use the object ID and not the app ID parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment telemetry. -parRoleAssignmentCondition | No | The role assignment condition. Only built-in and custom RBAC roles with `Microsoft.Authorization/roleAssignments/write` and/or `Microsoft.Authorization/roleAssignments/delete` permissions support having a condition defined. Example of built-in roles that support conditions: (Owner, User Access Administrator, Role Based Access Control Administrator). To generate conditions code: - Create a role assignemnt with a condition from the portal for the privileged role that will be assigned. - Select the code view from the advanced editor and copy the condition's code. - Remove all newlines from the code - Escape any single quote using a backslash (only in Bicep, no need in JSON parameters file) +parRoleAssignmentCondition | No | The role assignment condition. Only built-in and custom RBAC roles with `Microsoft.Authorization/roleAssignments/write` and/or `Microsoft.Authorization/roleAssignments/delete` permissions can have a condition defined. Example: Owner, User Access Administrator and Role Based Access Control Administrator). parRoleAssignmentConditionVersion | No | Role assignment condition version. Currently the only accepted value is '2.0' ### parRoleAssignmentNameGuid @@ -54,12 +54,7 @@ Set Parameter to true to Opt-out of deployment telemetry. ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -The role assignment condition. Only built-in and custom RBAC roles with `Microsoft.Authorization/roleAssignments/write` and/or `Microsoft.Authorization/roleAssignments/delete` permissions support having a condition defined. Example of built-in roles that support conditions: (Owner, User Access Administrator, Role Based Access Control Administrator). To generate conditions code: -- Create a role assignemnt with a condition from the portal for the privileged role that will be assigned. -- Select the code view from the advanced editor and copy the condition's code. -- Remove all newlines from the code -- Escape any single quote using a backslash (only in Bicep, no need in JSON parameters file) - +The role assignment condition. Only built-in and custom RBAC roles with `Microsoft.Authorization/roleAssignments/write` and/or `Microsoft.Authorization/roleAssignments/delete` permissions can have a condition defined. Example: Owner, User Access Administrator and Role Based Access Control Administrator). ### parRoleAssignmentConditionVersion diff --git a/infra-as-code/bicep/modules/roleAssignments/generateddocs/roleAssignmentManagementGroupMany.bicep.md b/infra-as-code/bicep/modules/roleAssignments/generateddocs/roleAssignmentManagementGroupMany.bicep.md index 4656b20d9..eeb04f6aa 100644 --- a/infra-as-code/bicep/modules/roleAssignments/generateddocs/roleAssignmentManagementGroupMany.bicep.md +++ b/infra-as-code/bicep/modules/roleAssignments/generateddocs/roleAssignmentManagementGroupMany.bicep.md @@ -11,7 +11,7 @@ parRoleDefinitionId | Yes | Role Definition Id (i.e. GUID, Reader Role Defi parAssigneePrincipalType | Yes | Principal type of the assignee. Allowed values are 'Group' (Security Group) or 'ServicePrincipal' (Service Principal or System/User Assigned Managed Identity) parAssigneeObjectId | Yes | Object ID of groups, service principals or managed identities. For managed identities use the principal id. For service principals, use the object ID and not the app ID parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment telemetry -parRoleAssignmentCondition | No | The role assignment condition. Only built-in and custom RBAC roles with `Microsoft.Authorization/roleAssignments/write` and/or `Microsoft.Authorization/roleAssignments/delete` permissions support having a condition defined. Example of built-in roles that support conditions: (Owner, User Access Administrator, Role Based Access Control Administrator). To generate conditions code: - Create a role assignemnt with a condition from the portal for the privileged role that will be assigned. - Select the code view from the advanced editor and copy the condition's code. - Remove all newlines from the code - Escape any single quote using a backslash (only in Bicep, no need in JSON parameters file) +parRoleAssignmentCondition | No | The role assignment condition. Only built-in and custom RBAC roles with `Microsoft.Authorization/roleAssignments/write` and/or `Microsoft.Authorization/roleAssignments/delete` permissions can have a condition defined. Example: Owner, User Access Administrator and Role Based Access Control Administrator). parRoleAssignmentConditionVersion | No | Role assignment condition version. Currently the only accepted value is '2.0' ### parManagementGroupIds @@ -52,12 +52,7 @@ Set Parameter to true to Opt-out of deployment telemetry ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -The role assignment condition. Only built-in and custom RBAC roles with `Microsoft.Authorization/roleAssignments/write` and/or `Microsoft.Authorization/roleAssignments/delete` permissions support having a condition defined. Example of built-in roles that support conditions: (Owner, User Access Administrator, Role Based Access Control Administrator). To generate conditions code: -- Create a role assignemnt with a condition from the portal for the privileged role that will be assigned. -- Select the code view from the advanced editor and copy the condition's code. -- Remove all newlines from the code -- Escape any single quote using a backslash (only in Bicep, no need in JSON parameters file) - +The role assignment condition. Only built-in and custom RBAC roles with `Microsoft.Authorization/roleAssignments/write` and/or `Microsoft.Authorization/roleAssignments/delete` permissions can have a condition defined. Example: Owner, User Access Administrator and Role Based Access Control Administrator). ### parRoleAssignmentConditionVersion diff --git a/infra-as-code/bicep/modules/roleAssignments/generateddocs/roleAssignmentResourceGroup.bicep.md b/infra-as-code/bicep/modules/roleAssignments/generateddocs/roleAssignmentResourceGroup.bicep.md index 3e442a017..c80d81d05 100644 --- a/infra-as-code/bicep/modules/roleAssignments/generateddocs/roleAssignmentResourceGroup.bicep.md +++ b/infra-as-code/bicep/modules/roleAssignments/generateddocs/roleAssignmentResourceGroup.bicep.md @@ -11,7 +11,7 @@ parRoleDefinitionId | Yes | Role Definition Id (i.e. GUID, Reader Role Defi parAssigneePrincipalType | Yes | Principal type of the assignee. Allowed values are 'Group' (Security Group) or 'ServicePrincipal' (Service Principal or System/User Assigned Managed Identity) parAssigneeObjectId | Yes | Object ID of groups, service principals or managed identities. For managed identities use the principal id. For service principals, use the object ID and not the app ID parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment telemetry. -parRoleAssignmentCondition | No | The role assignment condition. Only built-in and custom RBAC roles with `Microsoft.Authorization/roleAssignments/write` and/or `Microsoft.Authorization/roleAssignments/delete` permissions support having a condition defined. Example of built-in roles that support conditions: (Owner, User Access Administrator, Role Based Access Control Administrator). To generate conditions code: - Create a role assignemnt with a condition from the portal for the privileged role that will be assigned. - Select the code view from the advanced editor and copy the condition's code. - Remove all newlines from the code - Escape any single quote using a backslash (only in Bicep, no need in JSON parameters file) +parRoleAssignmentCondition | No | The role assignment condition. Only built-in and custom RBAC roles with `Microsoft.Authorization/roleAssignments/write` and/or `Microsoft.Authorization/roleAssignments/delete` permissions can have a condition defined. Example: Owner, User Access Administrator and Role Based Access Control Administrator). parRoleAssignmentConditionVersion | No | Role assignment condition version. Currently the only accepted value is '2.0' ### parRoleAssignmentNameGuid @@ -54,12 +54,7 @@ Set Parameter to true to Opt-out of deployment telemetry. ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -The role assignment condition. Only built-in and custom RBAC roles with `Microsoft.Authorization/roleAssignments/write` and/or `Microsoft.Authorization/roleAssignments/delete` permissions support having a condition defined. Example of built-in roles that support conditions: (Owner, User Access Administrator, Role Based Access Control Administrator). To generate conditions code: -- Create a role assignemnt with a condition from the portal for the privileged role that will be assigned. -- Select the code view from the advanced editor and copy the condition's code. -- Remove all newlines from the code -- Escape any single quote using a backslash (only in Bicep, no need in JSON parameters file) - +The role assignment condition. Only built-in and custom RBAC roles with `Microsoft.Authorization/roleAssignments/write` and/or `Microsoft.Authorization/roleAssignments/delete` permissions can have a condition defined. Example: Owner, User Access Administrator and Role Based Access Control Administrator). ### parRoleAssignmentConditionVersion diff --git a/infra-as-code/bicep/modules/roleAssignments/generateddocs/roleAssignmentResourceGroupMany.bicep.md b/infra-as-code/bicep/modules/roleAssignments/generateddocs/roleAssignmentResourceGroupMany.bicep.md index 28d02bb4b..5aaa4a383 100644 --- a/infra-as-code/bicep/modules/roleAssignments/generateddocs/roleAssignmentResourceGroupMany.bicep.md +++ b/infra-as-code/bicep/modules/roleAssignments/generateddocs/roleAssignmentResourceGroupMany.bicep.md @@ -11,7 +11,7 @@ parRoleDefinitionId | Yes | Role Definition Id (i.e. GUID, Reader Role Defi parAssigneePrincipalType | Yes | Principal type of the assignee. Allowed values are 'Group' (Security Group) or 'ServicePrincipal' (Service Principal or System/User Assigned Managed Identity) parAssigneeObjectId | Yes | Object ID of groups, service principals or managed identities. For managed identities use the principal id. For service principals, use the object ID and not the app ID parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment telemetry -parRoleAssignmentCondition | No | The role assignment condition. Only built-in and custom RBAC roles with `Microsoft.Authorization/roleAssignments/write` and/or `Microsoft.Authorization/roleAssignments/delete` permissions support having a condition defined. Example of built-in roles that support conditions: (Owner, User Access Administrator, Role Based Access Control Administrator). To generate conditions code: - Create a role assignemnt with a condition from the portal for the privileged role that will be assigned. - Select the code view from the advanced editor and copy the condition's code. - Remove all newlines from the code - Escape any single quote using a backslash (only in Bicep, no need in JSON parameters file) +parRoleAssignmentCondition | No | The role assignment condition. Only built-in and custom RBAC roles with `Microsoft.Authorization/roleAssignments/write` and/or `Microsoft.Authorization/roleAssignments/delete` permissions can have a condition defined. Example: Owner, User Access Administrator and Role Based Access Control Administrator). parRoleAssignmentConditionVersion | No | Role assignment condition version. Currently the only accepted value is '2.0' ### parResourceGroupIds @@ -52,12 +52,7 @@ Set Parameter to true to Opt-out of deployment telemetry ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -The role assignment condition. Only built-in and custom RBAC roles with `Microsoft.Authorization/roleAssignments/write` and/or `Microsoft.Authorization/roleAssignments/delete` permissions support having a condition defined. Example of built-in roles that support conditions: (Owner, User Access Administrator, Role Based Access Control Administrator). To generate conditions code: -- Create a role assignemnt with a condition from the portal for the privileged role that will be assigned. -- Select the code view from the advanced editor and copy the condition's code. -- Remove all newlines from the code -- Escape any single quote using a backslash (only in Bicep, no need in JSON parameters file) - +The role assignment condition. Only built-in and custom RBAC roles with `Microsoft.Authorization/roleAssignments/write` and/or `Microsoft.Authorization/roleAssignments/delete` permissions can have a condition defined. Example: Owner, User Access Administrator and Role Based Access Control Administrator). ### parRoleAssignmentConditionVersion diff --git a/infra-as-code/bicep/modules/roleAssignments/generateddocs/roleAssignmentSubscription.bicep.md b/infra-as-code/bicep/modules/roleAssignments/generateddocs/roleAssignmentSubscription.bicep.md index ca269599f..ecc18e734 100644 --- a/infra-as-code/bicep/modules/roleAssignments/generateddocs/roleAssignmentSubscription.bicep.md +++ b/infra-as-code/bicep/modules/roleAssignments/generateddocs/roleAssignmentSubscription.bicep.md @@ -11,7 +11,7 @@ parRoleDefinitionId | Yes | Role Definition Id (i.e. GUID, Reader Role Defi parAssigneePrincipalType | Yes | Principal type of the assignee. Allowed values are 'Group' (Security Group) or 'ServicePrincipal' (Service Principal or System/User Assigned Managed Identity) parAssigneeObjectId | Yes | Object ID of groups, service principals or managed identities. For managed identities use the principal id. For service principals, use the object ID and not the app ID parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment telemetry. -parRoleAssignmentCondition | No | The role assignment condition. Only built-in and custom RBAC roles with `Microsoft.Authorization/roleAssignments/write` and/or `Microsoft.Authorization/roleAssignments/delete` permissions support having a condition defined. Example of built-in roles that support conditions: (Owner, User Access Administrator, Role Based Access Control Administrator). To generate conditions code: - Create a role assignemnt with a condition from the portal for the privileged role that will be assigned. - Select the code view from the advanced editor and copy the condition's code. - Remove all newlines from the code - Escape any single quote using a backslash (only in Bicep, no need in JSON parameters file) +parRoleAssignmentCondition | No | The role assignment condition. Only built-in and custom RBAC roles with `Microsoft.Authorization/roleAssignments/write` and/or `Microsoft.Authorization/roleAssignments/delete` permissions can have a condition defined. Example: Owner, User Access Administrator and Role Based Access Control Administrator). parRoleAssignmentConditionVersion | No | Role assignment condition version. Currently the only accepted value is '2.0' ### parRoleAssignmentNameGuid @@ -54,12 +54,7 @@ Set Parameter to true to Opt-out of deployment telemetry. ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -The role assignment condition. Only built-in and custom RBAC roles with `Microsoft.Authorization/roleAssignments/write` and/or `Microsoft.Authorization/roleAssignments/delete` permissions support having a condition defined. Example of built-in roles that support conditions: (Owner, User Access Administrator, Role Based Access Control Administrator). To generate conditions code: -- Create a role assignemnt with a condition from the portal for the privileged role that will be assigned. -- Select the code view from the advanced editor and copy the condition's code. -- Remove all newlines from the code -- Escape any single quote using a backslash (only in Bicep, no need in JSON parameters file) - +The role assignment condition. Only built-in and custom RBAC roles with `Microsoft.Authorization/roleAssignments/write` and/or `Microsoft.Authorization/roleAssignments/delete` permissions can have a condition defined. Example: Owner, User Access Administrator and Role Based Access Control Administrator). ### parRoleAssignmentConditionVersion diff --git a/infra-as-code/bicep/modules/roleAssignments/generateddocs/roleAssignmentSubscriptionMany.bicep.md b/infra-as-code/bicep/modules/roleAssignments/generateddocs/roleAssignmentSubscriptionMany.bicep.md index 0db2f990e..65879d38e 100644 --- a/infra-as-code/bicep/modules/roleAssignments/generateddocs/roleAssignmentSubscriptionMany.bicep.md +++ b/infra-as-code/bicep/modules/roleAssignments/generateddocs/roleAssignmentSubscriptionMany.bicep.md @@ -11,7 +11,7 @@ parRoleDefinitionId | Yes | Role Definition Id (i.e. GUID, Reader Role Defi parAssigneePrincipalType | Yes | Principal type of the assignee. Allowed values are 'Group' (Security Group) or 'ServicePrincipal' (Service Principal or System/User Assigned Managed Identity) parAssigneeObjectId | Yes | Object ID of groups, service principals or managed identities. For managed identities use the principal id. For service principals, use the object ID and not the app ID parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment telemetry -parRoleAssignmentCondition | No | The role assignment condition. Only built-in and custom RBAC roles with `Microsoft.Authorization/roleAssignments/write` and/or `Microsoft.Authorization/roleAssignments/delete` permissions support having a condition defined. Example of built-in roles that support conditions: (Owner, User Access Administrator, Role Based Access Control Administrator). To generate conditions code: - Create a role assignemnt with a condition from the portal for the privileged role that will be assigned. - Select the code view from the advanced editor and copy the condition's code. - Remove all newlines from the code - Escape any single quote using a backslash (only in Bicep, no need in JSON parameters file) +parRoleAssignmentCondition | No | The role assignment condition. Only built-in and custom RBAC roles with `Microsoft.Authorization/roleAssignments/write` and/or `Microsoft.Authorization/roleAssignments/delete` permissions can have a condition defined. Example: Owner, User Access Administrator and Role Based Access Control Administrator). parRoleAssignmentConditionVersion | No | Role assignment condition version. Currently the only accepted value is '2.0' ### parSubscriptionIds @@ -52,12 +52,7 @@ Set Parameter to true to Opt-out of deployment telemetry ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -The role assignment condition. Only built-in and custom RBAC roles with `Microsoft.Authorization/roleAssignments/write` and/or `Microsoft.Authorization/roleAssignments/delete` permissions support having a condition defined. Example of built-in roles that support conditions: (Owner, User Access Administrator, Role Based Access Control Administrator). To generate conditions code: -- Create a role assignemnt with a condition from the portal for the privileged role that will be assigned. -- Select the code view from the advanced editor and copy the condition's code. -- Remove all newlines from the code -- Escape any single quote using a backslash (only in Bicep, no need in JSON parameters file) - +The role assignment condition. Only built-in and custom RBAC roles with `Microsoft.Authorization/roleAssignments/write` and/or `Microsoft.Authorization/roleAssignments/delete` permissions can have a condition defined. Example: Owner, User Access Administrator and Role Based Access Control Administrator). ### parRoleAssignmentConditionVersion