Share via

Role Assignments - List For Scope

Service:
Key Vault
API Version:
2025-07-01

Gets role assignments for a scope.

GET {vaultBaseUrl}/{scope}/providers/Microsoft.Authorization/roleAssignments?api-version=2025-07-01
With optional parameters: 
GET {vaultBaseUrl}/{scope}/providers/Microsoft.Authorization/roleAssignments?api-version=2025-07-01&$filter={$filter}

URI Parameters

Name In Required Type Description
scope
 path True

string

The scope of the role assignments.
vaultBaseUrl
 path True

string (uri)

api-version
 query True

string

minLength: 1

The API version to use for this operation.
$filter
 query

string

The filter to apply on the operation. Use $filter=atScope() to return all role assignments at or above the scope. Use $filter=principalId eq {id} to return all role assignments at, above or below the scope for the specified principal.

Responses

Name Type Description
200 OK

RoleAssignmentListResult

The request has succeeded.
Other Status Codes

KeyVaultError

An unexpected error response.

Security

OAuth2Auth

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
https://vault.azure.net/.default

Examples

Get role assignments for a scope

Sample request

GET https://myvault.vault.azure.net//keys/providers/Microsoft.Authorization/roleAssignments?api-version=2025-07-01

Sample response

Status code:
200 
{
  "value": [
    {
      "properties": {
        "roleDefinitionId": "/keys/providers/Microsoft.Authorization/roleDefinitions/roleDefinitionId",
        "principalId": "principalId",
        "scope": "/keys"
      },
      "id": "/keys/providers/Microsoft.Authorization/roleAssignments/roleAssignmentId",
      "type": "Microsoft.Authorization/roleAssignments",
      "name": "roleAssignmentId"
    }
  ]
}

Definitions

Name Description
Error
KeyVaultError

The key vault error exception.
RoleAssignment

Role Assignments
RoleAssignmentListResult

Role assignment list operation result.
RoleAssignmentPropertiesWithScope

Role assignment properties with scope.
RoleScope

The role scope.

Error

Object
Name Type Description
code

string

The error code.
innererror

Error

The key vault server error.
message

string

The error message.

KeyVaultError

Object

The key vault error exception.

Name Type Description
error

Error

The key vault server error.

RoleAssignment

Object

Role Assignments

Name Type Description
id

string

The role assignment ID.
name

string

The role assignment name.
properties

RoleAssignmentPropertiesWithScope

Role assignment properties.
type

string

The role assignment type.

RoleAssignmentListResult

Object

Role assignment list operation result.

Name Type Description
nextLink

string

The URL to use for getting the next set of results.
value

RoleAssignment[]

Role assignment list.

RoleAssignmentPropertiesWithScope

Object

Role assignment properties with scope.

Name Type Description
principalId

string

The principal ID.
roleDefinitionId

string

The role definition ID.
scope

RoleScope

The role scope.

RoleScope

Enumeration

The role scope.

Value Description
/

Global scope
/keys

Keys scope