az blueprint artifact role
Note
This reference is part of the blueprint extension for the Azure CLI (version 2.50.0 or higher). The extension will automatically install the first time you run an az blueprint artifact role command. Learn more about extensions.
Blueprints and associated commands will be deprecated as early as July 2026. Customers are encouraged to transition to Template Specs and Deployments Stacks to support their scenarios beyond that date. Migration documentation is available at https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/migrate-blueprint. This command group is implicitly deprecated because command group 'az blueprint' is deprecated and will be removed in a future release.
Commands to manage blueprint role assignment artifact.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az blueprint artifact role create |
Create blueprint role artifact. |
Extension | Deprecated |
| az blueprint artifact role update |
Update blueprint role artifact. |
Extension | Deprecated |
az blueprint artifact role create
This command is implicitly deprecated because command group 'az blueprint' is deprecated and will be removed in a future release. Blueprints and associated commands will be deprecated as early as July 2026. Customers are encouraged to transition to Template Specs and Deployments Stacks to support their scenarios beyond that date. Migration documentation is available at https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/migrate-blueprint.
Create blueprint role artifact.
az blueprint artifact role create --artifact-name
--blueprint-name
--principal-ids
--role-definition-id
[--depends-on]
[--description]
[--display-name]
[--management-group]
[--resource-group-art]
[--subscription]Examples
Create a role artifact
az blueprint artifact role create \
--blueprint-name MyBlueprint --artifact-name MyRole --role-definition-id \
"/providers/Microsoft.Authorization/roleDefinitions/00000000-0000-0000-0000-000000000000" \
--principal-ids "[parameters('[Usergrouporapplicationname]:MyRoleAssignmentName')]"Required Parameters
Name of the blueprint artifact.
Name of the blueprint definition.
Array of user or group identities in Azure Active Directory or a reference to the corresponding parameter in blueprint definiton. The roleDefinition will apply to each identity.
The full role definition id. Only built-in roles are supported.
Optional Parameters
Artifacts which need to be deployed before the specified artifact.
Description of the blueprint artifact.
DisplayName of this artifact.
Use management group for the scope of the blueprint.
Name of the resource group artifact to which the policy will be assigned.
Use subscription for the scope of the blueprint. If --management-group is not specified, --subscription value or the default subscription will be used as the scope.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az blueprint artifact role update
This command is implicitly deprecated because command group 'az blueprint' is deprecated and will be removed in a future release. Blueprints and associated commands will be deprecated as early as July 2026. Customers are encouraged to transition to Template Specs and Deployments Stacks to support their scenarios beyond that date. Migration documentation is available at https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/migrate-blueprint.
Update blueprint role artifact.
az blueprint artifact role update --artifact-name
--blueprint-name
[--depends-on]
[--description]
[--display-name]
[--management-group]
[--resource-group-art]
[--subscription]Examples
Update a role artifact
az blueprint artifact role update \
--blueprint-name MyBlueprint --artifact-name MyRole --display-name "My Big Role"Required Parameters
Name of the blueprint artifact.
Name of the blueprint definition.
Optional Parameters
Artifacts which need to be deployed before the specified artifact. Use '--depends-on' with no values to remove dependencies.
Description of the blueprint artifact.
DisplayName of this artifact.
Use management group for the scope of the blueprint.
Name of the resource group artifact to which the policy will be assigned.
Use subscription for the scope of the blueprint. If --management-group is not specified, --subscription value or the default subscription will be used as the scope.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
