Yes, using ARM, not Bicep, I know, it’s bad!<\/p>\n\n\n\n
Ran into a whole bunch of constrains and issue trying to assign an array of principals vs roles on keyvault using the RBAC access method, so sharing my working solution here as I couldn’t find a single good example on google:<\/p>\n\n\n
\n {\n \"type\": \"Microsoft.KeyVault\/vaults\/providers\/roleAssignments\",\n \"apiVersion\": \"2018-09-01-preview\",\n \"copy\": {\n \"name\": \"rbac-access-policy-loop\",\n \"count\": \"[length(parameters('accessPolicies'))]\"\n }, \n \"name\": \"[concat(variables('vaultName'),'\/Microsoft.Authorization\/',guid(concat(variables('vaultName'), parameters('accessPolicies')[copyIndex('rbac-access-policy-loop')].objectId, parameters('accessPolicies')[copyIndex('rbac-access-policy-loop')].roleId)))]\",\n \"dependsOn\": [\n \"[resourceId('Microsoft.KeyVault\/vaults', variables('vaultName'))]\"\n ],\n \"properties\": {\n \"roleDefinitionId\": \"[concat('\/providers\/Microsoft.Authorization\/roledefinitions\/',parameters('accessPolicies')[copyIndex('rbac-access-policy-loop')].roleId)]\",\n \"principalId\": \"[parameters('accessPolicies')[copyIndex('rbac-access-policy-loop')].objectId]\",\n \"scope\": \"[resourceId('Microsoft.KeyVault\/vaults', variables('vaultName'))]\",\n \"principalType\": \"Group\"\n }\n } \n<\/pre><\/div>\n\n\nAn example param would then look like this:<\/p>\n\n\n
\n \"accessPolicies\": {\n \"value\": [\n {\n \"roleId\": \"b86a8fe4-44ce-4948-aee5-eccb2c155cd7\",\n \"objectId\": \"2d9cbd23-20b1-4921-a8e4-54b55161ad04\"\n } \n ]\n } \n<\/pre><\/div>\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"
Yes, using ARM, not Bicep, I know, it’s bad! Ran into a whole bunch of constrains and issue trying to assign an array of principals vs roles on keyvault using the RBAC access method, so sharing my working solution here as I couldn’t find a single good example on google: An example param would then … Continue reading Keyvault RBAC model ARM role assignment<\/span>