0

I want to create a pipeline, where I use Bicep template file to assign more than one built-in Role to Managed Identity. I thought about creating Role Definition by Bicep first, but it's input demands putting specific permissions, which is a bit messy, bacause I'd need to put more than 70 permissions to that template, so I thought about deploying Role Assignment only instead. From what I see in MS documentation here it is possible, but only by specifying one specific Role Definition. Is it possible to define more than one Role Defintion in bicep template to assign them to a resource? I want to avoid creating role definition bicep template with a huge list of specific permissions.

Thomas
  • 24,234
  • 6
  • 81
  • 125
lubierzca
  • 160
  • 2
  • 14
  • 2
    just specify multiple role assignment resources – 4c74356b41 Apr 19 '23 at 13:20
  • But that would require defining parameter in bicep for each of the role definition, I'd rather have them defined as array, and trigger role assignment in some kind of loop, using list of roles as array parameter. Your method is fine too, but I was wondering if I can do that without defining multiple parameters. – lubierzca Apr 19 '23 at 14:08
  • sure, look up loops in bicep – 4c74356b41 Apr 19 '23 at 14:57
  • is it multiple role as the same scope ? yeah you could always pass an array of role and loop – Thomas Apr 20 '23 at 10:39

1 Answers1

2

You can always pass an array of role definition and loop through:

param storageAccountName string
param principalId string
param principalType string = 'ServicePrincipal'
param roleDefinitionIds array

// Get a reference to the existing resource
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-04-01' existing = {
  name: storageAccountName
}

// Create the role assignments
resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for roleDefinitionId in roleDefinitionIds: {
  scope: storageAccount
  name: guid(storageAccount.id, principalId, roleDefinitionId)
  properties: {
    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId)
    principalId: principalId
    principalType: principalType
  }
}]
Thomas
  • 24,234
  • 6
  • 81
  • 125