get-role-definitions
Retrieve and list available Azure role definitions for specific scopes to manage access control efficiently using the Azure MCP Server.
Instructions
List available role definitions
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| scope | No | Scope for role definitions. Leave empty for subscription level. |
Input Schema (JSON Schema)
{
"properties": {
"scope": {
"description": "Scope for role definitions. Leave empty for subscription level.",
"type": "string"
}
},
"required": [],
"type": "object"
}
Implementation Reference
- src/AzureServer.ts:730-773 (handler)The handler function that parses input arguments, checks for authorization client, lists role definitions at the specified scope using Azure SDK, formats the results, and handles errors.private async handleGetRoleDefinitions(args: any) { const { scope } = z .object({ scope: z.string().optional(), }) .parse(args); if (!this.context.authorizationClient) { throw new AzureMCPError( "Authorization client not initialized", "NO_CLIENT" ); } try { const roleDefinitions = []; const definitionScope = scope || `/subscriptions/${this.context.selectedSubscription}`; for await (const definition of this.context.authorizationClient.roleDefinitions.list( definitionScope )) { roleDefinitions.push({ id: definition.id, name: definition.name, roleName: definition.roleName, description: definition.description, type: definition.type, permissions: definition.permissions?.map((p) => ({ actions: p.actions, notActions: p.notActions, dataActions: p.dataActions, notDataActions: p.notDataActions, })), }); } return { roleDefinitions, total: roleDefinitions.length }; } catch (error) { this.logWithContext("error", `Error getting role definitions: ${error}`, { error, }); throw new AzureResourceError(`Failed to get role definitions: ${error}`); }
- src/AzureServer.ts:268-282 (registration)The tool registration in the listTools response, including name, description, and input schema definition.{ name: "get-role-definitions", description: "List available role definitions", inputSchema: { type: "object", properties: { scope: { type: "string", description: "Scope for role definitions. Leave empty for subscription level.", }, }, required: [], }, },
- src/AzureServer.ts:731-773 (schema)Input schema validation using Zod within the handler.const { scope } = z .object({ scope: z.string().optional(), }) .parse(args); if (!this.context.authorizationClient) { throw new AzureMCPError( "Authorization client not initialized", "NO_CLIENT" ); } try { const roleDefinitions = []; const definitionScope = scope || `/subscriptions/${this.context.selectedSubscription}`; for await (const definition of this.context.authorizationClient.roleDefinitions.list( definitionScope )) { roleDefinitions.push({ id: definition.id, name: definition.name, roleName: definition.roleName, description: definition.description, type: definition.type, permissions: definition.permissions?.map((p) => ({ actions: p.actions, notActions: p.notActions, dataActions: p.dataActions, notDataActions: p.notDataActions, })), }); } return { roleDefinitions, total: roleDefinitions.length }; } catch (error) { this.logWithContext("error", `Error getting role definitions: ${error}`, { error, }); throw new AzureResourceError(`Failed to get role definitions: ${error}`); }
- src/AzureServer.ts:457-459 (registration)Dispatcher case in handleCallTool that routes to the handler.case "get-role-definitions": result = await this.handleGetRoleDefinitions(args); break;