How do I lookup an existing roleDefinition ID by name using Bicep?

Question

I want to look up the roleDefinition ID in Azure to allow me to use a role name rather than ID - as it is more user friendly

This is what I have tried

param roleDefinitionName string = ''

resource existingRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
  name: 'Storage Blob Data Reader'
}

output test string = 'ID is ${existingRoleDefinition.id}'

The output returned however is

/subscriptions/xxx/resourceGroups/rg-my-ab-h-uks-01/providers/Microsoft.Authorization/roleDefinitions/Storage Blob Data Reader

rather than 2a2b9908-6ea1-4ae2-8e65-a410df84e7d1

Can anyone help?

score 0 · Answer 1 · answered Oct 03 '22 at 15:44

Currently there's no way to do this in the template language - you can provide your own mapping for built-in roles (which some users do) but that adds a bit of overhead/maintenance so really depends on the problem you're trying to solve to see if that's worth it...

How do I lookup an existing roleDefinition ID by name using Bicep?

1 Answers1