search

MicrosoftDocs / feedback

📢 docs.microsoft.com site feedback
https://learn.microsoft.com
Creative Commons Attribution 4.0 International
240 stars 159 forks source link

Bug ? in get roleAssignment RESTful API #1718

Open seungyoon20-zz opened 5 years ago

seungyoon20-zz commented 5 years ago

Describe the bug I am looking at this page: https://docs.microsoft.com/en-us/rest/api/authorization/roleassignments/listforresource.

I notice that if i specifies the resource be a blob storage account, I get all the roleAssignments that inherited from upper level, roleAssignments at storage account level, and roleAssignments of lower level(roles that i assign to lower level blob containers).

But if I specifies the resource to be a container, I only get the roleAssignments at storage account and roles that storage accounts inherited. I could't get roles that I assign to the container.

I also tried to specify the resource to be a blob file under container, and I got same roles as I specified resource as container.

To Reproduce Steps to reproduce the behavior(I used Python requests to trigger the APIs):

  1. Get your management bearer token
  2. session = requests.Session(), s.headers.update({'Authorization': 'Bearer ' + bearer, 'tenant_id': 'common', 'x-ms-date': datetime.datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT'), 'x-ms-version': '2018-03-28' })
  3. Recourse is a blob file: resp = s.get("https://management.azure.com/subscriptions/<subscriptionID>/resourceGroups/<group-name>/providers/Microsoft.Storage/storageAccounts/<blobstorage>/blobServices/default/containers/<container>/blobs/<fileName>/providers/Microsoft.Authorization/roleAssignments?api-version=2019-04-01-preview")

Resource is a container: resp = s.get("https://management.azure.com/subscriptions/<subscriptionID>/resourceGroups/<group-name>/providers/Microsoft.Storage/storageAccounts/<blobstorage>/blobServices/default/containers/<container>/providers/Microsoft.Authorization/roleAssignments?api-version=2019-04-01-preview")

Resource is a storage account: resp = s.get("https://management.azure.com/subscriptions/<subscriptionID>/resourceGroups/<group-name>/providers/Microsoft.Storage/storageAccounts/<blobstorage>/providers/Microsoft.Authorization/roleAssignments?api-version=2019-04-01-preview")

Expected behavior I am not sure what I should expect from giving container or blob file as resource because the documentation didn't specifies, but i think definitely not the current behavior

welcome[bot] commented 5 years ago

Thank you for creating the issue! One of our team members will get back to you shortly with additional information. If this is a product issue, please close this and contact the particular product's support instead (see https://support.microsoft.com/allproducts for the list of support websites).

ryanmajidi commented 5 years ago

@rloutlaw can you please take a look at this issue?