Microsoft Azure CLI 'role' Command Module for Role-Based Access Control (RBAC)
This package is for the 'role' module.
i.e. 'az role'
.. :changelog:
Release History
2.6.4
+++++
2.6.3
+++++
2.6.2
+++++
- role assignment: support scope of management group
2.6.1
+++++
- create-for-rbac: hide '--password' as the preparations to pull the plug completely in 2019 May
2.6.0
+++++
- [BREAKING CHANGE] 'group create'/'app create'/'sp create-for-rbac': supports idempotent, hence confliction error will not be surfaced
2.5.0
+++++
- create-for-rbac: handle --years correctly
- [BREAKING CHANGE]
role assignment delete
: prompt when delete all assignments under the subscription unconditionally
2.4.3
+++++
ad app/sp credential reset
: support --end-datead app permission add
: support to add permissions on existing apiad app permission list
: fix a bad error when there is no permissionsad sp delete
: skip role assignment delete if the current account has no subscriptionad app create
: make --identifier-uris default to empty list if not provided
2.4.2
+++++
role definition update
: use id to resolve definition correctlyad app credential reset
: drop the assumption that app's service principal always exists
2.4.1
+++++
az ad app create/update
: support app roles
2.4.0
+++++
az identity
moved here from inside of the azure-cli-vm
command_module.
2.3.1
+++++
2.3.0
+++++
create-for-rbac
: deprecate --password
for securer password auto-generated by CLI
2.2.0
++++++
- BREAKING CHANGE:
az ad app/sp list
will by default output the first 100 objects instead of getting all of them.
2.1.11
++++++
- support custom identifier for password credential
2.1.10
++++++
ad app update
: address a failure caused by updating immutable credentials- graph: output warnings to communicate breaking changes in the near future for "ad app/sp list"
2.1.9
++++++
- support API permission management, signed-in-user, and application password & certificate credential management
ad sp create-for-rbac
: clarify the confusion between displayName and service principal name- support grant permissions to AAD apps
2.1.8
++++++
- support add/remove/list owner on AAD Applciation and Group objects
2.1.7
++++++
- ad app owner: Adds support for listing Azure AD app owners.
- ad sp owner: Adds support for listing Azure AD service principal owners.
2.1.6
++++++
- role: ensure role definition create & update commands accept multiple permission configurations
- create-for-rbac: ensure home page uri is always "https"
2.1.5
++++++
- support list user's group memberships
2.1.4
++++++
2.1.3
++++++
- role assignment: fix a recent regression that principalName is missing
2.1.2
++++++
- support for stack profile 2017-03-09-profile
2.1.1
+++++
ad app update
: Fixes issue where generic update parameters would not work correctly.
2.1.0
+++++
- BREAKING CHANGE: 'show' commands log error message and fail with exit code of 3 upon a missing resource.
2.0.27
++++++
2.0.26
++++++
2.0.25
++++++
- ad: remove stack traces from graph exceptions before surface to users
- ad sp create: do not throw if CLI can't resolve app id
2.0.24
++++++
- ad app update: add generic update support
2.0.23
++++++
- BREAKING CHANGE: remove deprecated
az ad sp reset-credentials
- Minor fixes.
2.0.22
++++++
sdist
is now compatible with wheel 0.31.0
2.0.21
++++++
- graph: support required access configuration and native client
- rbac: ensure collection has less than 1000 ids on resolving graph objects
- ad sp: new commands to manage credentials "az ad sp credential reset/list/delete"
- role assignments: (breaking change)list/show output has "properties" removed to align with SDK
- role definition: support
dataActions
and notDataActions
2.0.20
++++++
- role assignments: expose "role assignment list-changelogs" for rbac audit
2.0.18
++++++
- ad app update: expose "--available-to-other-tenants"
2.0.17
++++++
- role assignment: expose --assignee-object-id to bypass graph query
2.0.16
++++++
- Update for CLI core changes.
2.0.15
++++++
role assignment list
: show default assignments for classic administratorsad sp reset-credentials
: support to add credentials instead of overwritingcreate-for-rbac
: emit out an actionable error if provisioning application failed for lack of permissions
2.0.14
++++++
2.0.13 (2017-10-09)
+++++++++++++++++++
2.0.12 (2017-09-22)
+++++++++++++++++++
2.0.11 (2017-08-28)
+++++++++++++++++++
2.0.10 (2017-08-11)
+++++++++++++++++++
2.0.9 (2017-07-27)
++++++++++++++++++
2.0.8 (2017-07-07)
++++++++++++++++++
create-for-rbac: support output in SDK auth file format
2.0.7 (2017-06-21)
++++++++++++++++++
2.0.6 (2017-06-13)
++++++++++++++++++
- rbac: clean up role assignments and related AAD application when delete a service principal (#3610)
2.0.5 (2017-05-30)
++++++++++++++++++
- ad: for 'app create' command, mention time format in the arg descriptions for --start-date/--end-date
- output deprecating information on using '--expanded-view'
- Add Key Vault integration to the create-for-rbac and reset-credentials commands.
2.0.4 (2017-05-09)
++++++++++++++++++
2.0.3 (2017-04-28)
++++++++++++++++++
- create-for-rbac: ensure SP's end date will not exceed certificate's expiration date (#2989)
- RBAC: add full support for 'ad group' (#2016)
2.0.2 (2017-04-17)
++++++++++++++++++
- role: fix issues on role definition update (#2745)
- create-for-rbac: ensure user provided password is picked up
2.0.1 (2017-04-03)
++++++++++++++++++
- role: fix the error when supply role in guid format (#2667)
- Fix code style of azure-cli-role (#2608)
- rbac:catch more graph error (#2567)
- core: support login using service principal with a cert (#2457)
2.0.0 (2017-02-27)
++++++++++++++++++
0.1.2rc2 (2017-02-22)
+++++++++++++++++++++
0.1.2rc1 (2017-02-17)
+++++++++++++++++++++
- Support --skip-assignment for 'az ad sp create-for-rbac'
- Show commands return empty string with exit code 0 for 404 responses
0.1.1b2 (2017-01-30)
+++++++++++++++++++++
0.1.1b1 (2017-01-17)
+++++++++++++++++++++
- 'create-for-rbac' command accepts displayname.
0.1.0b11 (2016-12-12)
+++++++++++++++++++++