Is there is an Azure API available that would allow me to do the steps outlined here:
The closest thing I can find is:
https://docs.microsoft.com/en-us/rest/api/authorization/roleassignments
I use the Python SDK, the interface to that API is here - https://github.com/Azure/azure-sdk-for-python/tree/master/azure-mgmt-authorization
This API seems to be for granting access to resources under an Azure subscription, not to the subscription itself...
Actually, The REST API Role Assignments and the API create(scope, role_assignment_name, properties=None, custom_headers=None, raw=False, **operation_config) of azure-mgmt-authorization in Azure Python SDk are you want. Please notes the scope property/argument in the APis which has many different formats for different scopes as below. For example, you need to use use /subscriptions/{subscription-id}/ for a subscription.
scope (str) – The scope of the role assignment to create. The scope can be any REST resource instance. For example, use ‘/subscriptions/{subscription-id}/’ for a subscription, ‘/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}’ for a resource group, and ‘/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/{resource-provider}/{resource-type}/{resource-name}’ for a resource.
Hope it helps.
