New-AzRoleAssignment

In this Azure PowerShell article, we will discuss the syntax and usage of the New-AzRoleAssignment Azure PowerShell cmdlet with examples.

Table of Contents

New-AzRoleAssignment
- Syntax
- New-AzRoleAssignment Examples
  - Example-1:
  - Example-2:
Wrapping Up

New-AzRoleAssignment is a very good PowerShell command that you can use to assign an RBAC role to a specific principal for a specified scope. Let’s discuss the Syntax of the New-AzRoleAssignment Azure PowerShell cmdlet.

Syntax

Below is the syntax of the New-AzRoleAssignment PowerShell command.

New-AzRoleAssignment
   -ObjectId <String>

   -RoleDefinitionName <String>
[-Scope <String>]

New-AzRoleAssignment
   -ObjectId <String>

 -RoleDefinitionName <String>
  -ResourceGroupName <String>

New-AzRoleAssignment
   -SignInName <String>
-RoleDefinitionName <String>
 -ResourceName <String>
-ResourceType <String>
-ResourceGroupName <String>

New-AzRoleAssignment Examples

Now, let’s discuss some examples of how to use the New-AzRoleAssignment PowerShell command.

Example-1:

You can execute the below Azure PowerShell command to grant a contributor role to the user “User2@tsinfotechnologies.onmicrosoft.com” under the resource group “MyNewResGrp” scope, and the role assignment is available for delegation.

New-AzRoleAssignment  -SignInName tsinfouser@fewlines4bijuhotmail.onmicrosoft.com -ResourceGroupName MyNewResGrp -RoleDefinitionName Contributor -AllowDelegation

After executing the above command, I got the expected output as below.

RoleAssignmentName : 4b45ffa3-cf5d-4ff7-9b56-22dd1d6d895b
RoleAssignmentId   : /subscriptions/1cdf4300-dee5-4518-9c9c-feaa72a5cbd1/resourceGroups/MyNewResGrp/provider
                     s/Microsoft.Authorization/roleAssignments/4b45ffa3-cf5d-4ff7-9b56-22dd1d6d895b
Scope              : /subscriptions/1cdf4300-dee5-4518-9c9c-feaa72a5cbd1/resourceGroups/MyNewResGrp
DisplayName        : tsinfonewuser
SignInName         : tsinfouser@fewlines4bijuhotmail.onmicrosoft.com
RoleDefinitionName : Contributor
RoleDefinitionId   : b24988ac-6180-42a0-ab88-20f7382dd24c
ObjectId           : 5e013a07-e22a-4d46-a6be-ca68b893b6df
ObjectType         : User
CanDelegate        : False
Description        : 
ConditionVersion   : 
Condition          :

The exact output is shown in the screenshot below.

Check out New-azroleassignment : ‘principalid’ cannot be null. If you are getting this issue fix that.

Example-2:

Below Azure PowerShell cmdlet can help you to grant owner access to the user “tsinfouser@fewlines4bijuhotmail.onmicrosoft.com” to the “TsInfoweb” website.

New-AzRoleAssignment -SignInName tsinfouser@fewlines4bijuhotmail.onmicrosoft.com -RoleDefinitionName Owner -Scope "/subscriptions/1cdf4300-dee5-4518-9c9c-feaa72a5cbd1/resourcegroups/MyNewResGrp/providers/Microsoft.Web/sites/TsInfoweb"

After executing the above script, I got the expected output, as shown in the screenshot below.

You may also like following the articles below

Wrapping Up

In this Azure PowerShell article, we discussed the syntax and usage of the New-AzRoleAssignment Azure PowerShell cmdlet with examples. Thanks for reading this article !!!

Rajkishore

I am Rajkishore, and I am a Microsoft Certified IT Consultant. I have over 14 years of experience in Microsoft Azure and AWS, with good experience in Azure Functions, Storage, Virtual Machines, Logic Apps, PowerShell Commands, CLI Commands, Machine Learning, AI, Azure Cognitive Services, DevOps, etc. Not only that, I do have good real-time experience in designing and developing cloud-native data integrations on Azure or AWS, etc. I hope you will learn from these practical Azure tutorials. Read more.