Schemas/rbac.schema.json
{
"$id": "#/properties/permissions/items/anyOf/0", "type": "object", "title": "Azure RBAC Permission", "description": "Apply an AAD Role to any scoped object", "default": {}, "examples": [ { "comment": "Security SP Needs to be able to manage lake permissions", "type": "rbac", "scope": "/subscriptions/312312-23123123-23131231/resourceGroups/RGNAME/providers/Microsoft.Storage/storageAccounts/strgAccountName", "principalType": "Application", "principalName": "my-application-name-from-aad", "role": "Storage Blob Data Reader" } ], "required": [ "type", "scope", "principalType", "principalName", "role" ], "properties": { "comment": { "$id": "#/properties/permissions/items/anyOf/0/properties/comment", "type": "string", "title": "Comment", "description": "Description or explanation for the permission", "default": "", "examples": [ "Application SP needs to read data in the lake" ] }, "type": { "$id": "#/properties/permissions/items/anyOf/0/properties/type", "type": "string", "enum": [ "rbac" ], "title": "The type of permissions", "description": "An explanation about the purpose of this instance.", "default": "rbac", "examples": [ "rbac" ] }, "scope": { "$id": "#/properties/permissions/items/anyOf/0/properties/scope", "type": "string", "title": "The scope schema", "description": "Scope to the Azure Resource (See the properties Blade in the portal)", "default": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}", "examples": [ "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{storageAccountName}" ] }, "principalType": { "$id": "#/properties/permissions/items/anyOf/0/properties/principalType", "type": "string", "title": "AAD Object Type", "description": "Application/Group/User/MSI", "default": "Group", "enum": ["Group", "Application", "User", "MSI"], "examples": [ "Application" ] }, "principalName": { "$id": "#/properties/permissions/items/anyOf/0/properties/principalName", "type": "string", "title": "Principal Name", "description": "AAD Display Name of the principal - must be exact match", "default": "", "examples": [] }, "role": { "$id": "#/properties/permissions/items/anyOf/0/properties/role", "type": "string", "title": "Azure Role", "description": "The name of the Azure Role - such as Contributor", "default": "Reader", "examples": [ "Storage Blob Data Contributor", "Owner", "Contributor", "Reader" ] } }, "additionalProperties": false } |