diff --git a/src/Resources/Authorization.Management.Sdk/Generated/AuthorizationManagementClient.cs b/src/Resources/Authorization.Management.Sdk/Generated/AuthorizationManagementClient.cs
index 2017f856a539..5b36e589dc4b 100644
--- a/src/Resources/Authorization.Management.Sdk/Generated/AuthorizationManagementClient.cs
+++ b/src/Resources/Authorization.Management.Sdk/Generated/AuthorizationManagementClient.cs
@@ -294,6 +294,9 @@ public AuthorizationManagementClient(System.Uri baseUri, Microsoft.Rest.ServiceC
///
/// Optional. The http client handler used to handle http transport.
///
+ ///
+ /// Optional. The delegating handlers to add to the http client pipeline.
+ ///
///
/// Thrown when a required parameter is null
///
diff --git a/src/Resources/Authorization.Management.Sdk/Generated/DenyAssignmentsOperations.cs b/src/Resources/Authorization.Management.Sdk/Generated/DenyAssignmentsOperations.cs
index b814a358ce2d..c2425c2794cf 100644
--- a/src/Resources/Authorization.Management.Sdk/Generated/DenyAssignmentsOperations.cs
+++ b/src/Resources/Authorization.Management.Sdk/Generated/DenyAssignmentsOperations.cs
@@ -132,8 +132,14 @@ internal DenyAssignmentsOperations (AuthorizationManagementClient client)
{
throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "resourceName");
}
-
- string apiVersion = "2018-07-01-preview";
+ if (resourceName != null)
+ {
+ if (!System.Text.RegularExpressions.Regex.IsMatch(resourceName, "^[a-zA-Z0-9._-]+$"))
+ {
+ throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.Pattern, "resourceName", "^[a-zA-Z0-9._-]+$");
+ }
+ }
+ string apiVersion = "2024-07-01-preview";
// Tracing
bool _shouldTrace = Microsoft.Rest.ServiceClientTracing.IsEnabled;
string _invocationId = null;
@@ -156,7 +162,7 @@ internal DenyAssignmentsOperations (AuthorizationManagementClient client)
// Construct URL
var _baseUrl = this.Client.BaseUri.AbsoluteUri;
- var _url = new System.Uri(new System.Uri(_baseUrl + (_baseUrl.EndsWith("/") ? "" : "/")), "subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/denyAssignments").ToString();
+ var _url = new System.Uri(new System.Uri(_baseUrl + (_baseUrl.EndsWith("/") ? "" : "/")), "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/denyAssignments").ToString();
_url = _url.Replace("{subscriptionId}", System.Uri.EscapeDataString(this.Client.SubscriptionId));
_url = _url.Replace("{resourceGroupName}", System.Uri.EscapeDataString(resourceGroupName));
_url = _url.Replace("{resourceProviderNamespace}", resourceProviderNamespace);
@@ -237,11 +243,11 @@ internal DenyAssignmentsOperations (AuthorizationManagementClient client)
if ((int)_statusCode != 200)
{
- var ex = new ErrorResponseException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
+ var ex = new ErrorResponseAutoGeneratedException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
try
{
_responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
- ErrorResponse _errorBody = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject(_responseContent, this.Client.DeserializationSettings);
+ ErrorResponseAutoGenerated _errorBody = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject(_responseContent, this.Client.DeserializationSettings);
if (_errorBody != null)
{
ex.Body = _errorBody;
@@ -365,7 +371,7 @@ internal DenyAssignmentsOperations (AuthorizationManagementClient client)
throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.MinLength, "resourceGroupName", 1);
}
}
- string apiVersion = "2018-07-01-preview";
+ string apiVersion = "2024-07-01-preview";
// Tracing
bool _shouldTrace = Microsoft.Rest.ServiceClientTracing.IsEnabled;
string _invocationId = null;
@@ -461,11 +467,11 @@ internal DenyAssignmentsOperations (AuthorizationManagementClient client)
if ((int)_statusCode != 200)
{
- var ex = new ErrorResponseException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
+ var ex = new ErrorResponseAutoGeneratedException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
try
{
_responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
- ErrorResponse _errorBody = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject(_responseContent, this.Client.DeserializationSettings);
+ ErrorResponseAutoGenerated _errorBody = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject(_responseContent, this.Client.DeserializationSettings);
if (_errorBody != null)
{
ex.Body = _errorBody;
@@ -571,7 +577,7 @@ internal DenyAssignmentsOperations (AuthorizationManagementClient client)
throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.MinLength, "Client.SubscriptionId", 1);
}
}
- string apiVersion = "2018-07-01-preview";
+ string apiVersion = "2024-07-01-preview";
// Tracing
bool _shouldTrace = Microsoft.Rest.ServiceClientTracing.IsEnabled;
string _invocationId = null;
@@ -665,11 +671,11 @@ internal DenyAssignmentsOperations (AuthorizationManagementClient client)
if ((int)_statusCode != 200)
{
- var ex = new ErrorResponseException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
+ var ex = new ErrorResponseAutoGeneratedException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
try
{
_responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
- ErrorResponse _errorBody = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject(_responseContent, this.Client.DeserializationSettings);
+ ErrorResponseAutoGenerated _errorBody = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject(_responseContent, this.Client.DeserializationSettings);
if (_errorBody != null)
{
ex.Body = _errorBody;
@@ -734,7 +740,7 @@ internal DenyAssignmentsOperations (AuthorizationManagementClient client)
/// Get the specified deny assignment.
///
///
- /// The scope of the deny assignment.
+ /// The scope at which the operation is performed.
///
///
/// The ID of the deny assignment to get.
@@ -770,13 +776,19 @@ internal DenyAssignmentsOperations (AuthorizationManagementClient client)
{
throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "scope");
}
-
+ if (scope != null)
+ {
+ if (scope.Length < 1)
+ {
+ throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.MinLength, "scope", 1);
+ }
+ }
if (denyAssignmentId == null)
{
throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "denyAssignmentId");
}
- string apiVersion = "2018-07-01-preview";
+ string apiVersion = "2024-07-01-preview";
// Tracing
bool _shouldTrace = Microsoft.Rest.ServiceClientTracing.IsEnabled;
string _invocationId = null;
@@ -864,11 +876,232 @@ internal DenyAssignmentsOperations (AuthorizationManagementClient client)
if ((int)_statusCode != 200)
{
- var ex = new ErrorResponseException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
+ var ex = new ErrorResponseAutoGeneratedException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
+ try
+ {
+ _responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
+ ErrorResponseAutoGenerated _errorBody = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject(_responseContent, this.Client.DeserializationSettings);
+ if (_errorBody != null)
+ {
+ ex.Body = _errorBody;
+ }
+ }
+ catch (Newtonsoft.Json.JsonException)
+ {
+ // Ignore the exception
+ }
+ ex.Request = new Microsoft.Rest.HttpRequestMessageWrapper(_httpRequest, _requestContent);
+ ex.Response = new Microsoft.Rest.HttpResponseMessageWrapper(_httpResponse, _responseContent);
+ if (_shouldTrace)
+ {
+ Microsoft.Rest.ServiceClientTracing.Error(_invocationId, ex);
+ }
+ _httpRequest.Dispose();
+ if (_httpResponse != null)
+ {
+ _httpResponse.Dispose();
+ }
+ throw ex;
+ }
+ // Create Result
+ var _result = new Microsoft.Rest.Azure.AzureOperationResponse();
+ _result.Request = _httpRequest;
+ _result.Response = _httpResponse;
+
+ if (_httpResponse.Headers.Contains("x-ms-request-id"))
+ {
+ _result.RequestId = _httpResponse.Headers.GetValues("x-ms-request-id").FirstOrDefault();
+ }
+ // Deserialize Response
+ if ((int)_statusCode == 200)
+ {
+ _responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
+ try
+ {
+ _result.Body = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject(_responseContent, this.Client.DeserializationSettings);
+ }
+ catch (Newtonsoft.Json.JsonException ex)
+ {
+ _httpRequest.Dispose();
+ if (_httpResponse != null)
+ {
+ _httpResponse.Dispose();
+ }
+ throw new Microsoft.Rest.SerializationException("Unable to deserialize the response.", _responseContent, ex);
+ }
+ }
+ if (_shouldTrace)
+ {
+ Microsoft.Rest.ServiceClientTracing.Exit(_invocationId, _result);
+ }
+ return _result;
+
+
+
+
+
+ }
+ ///
+ /// Create or update a deny assignment by scope and name.
+ ///
+ ///
+ /// The scope at which the operation is performed.
+ ///
+ ///
+ /// The ID of the deny assignment to create. A new GUID should be used for each
+ /// new deny assignment.
+ ///
+ ///
+ /// Parameters for the deny assignment.
+ ///
+ ///
+ /// Headers that will be added to request.
+ ///
+ ///
+ /// The cancellation token.
+ ///
+ ///
+ /// Thrown when the operation returned an invalid status code
+ ///
+ ///
+ /// Thrown when unable to deserialize the response
+ ///
+ ///
+ /// Thrown when a required parameter is null
+ ///
+ ///
+ /// Thrown when a required parameter is null
+ ///
+ ///
+ /// A response object containing the response body and response headers.
+ ///
+ public async System.Threading.Tasks.Task> CreateOrUpdateWithHttpMessagesAsync(string scope, string denyAssignmentId, DenyAssignment parameters, System.Collections.Generic.Dictionary> customHeaders = null, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken))
+ {
+
+
+
+
+ if (parameters == null)
+ {
+ throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "parameters");
+ }
+
+ if (scope == null)
+ {
+ throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "scope");
+ }
+ if (scope != null)
+ {
+ if (scope.Length < 1)
+ {
+ throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.MinLength, "scope", 1);
+ }
+ }
+ if (denyAssignmentId == null)
+ {
+ throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "denyAssignmentId");
+ }
+
+ string apiVersion = "2024-07-01-preview";
+ // Tracing
+ bool _shouldTrace = Microsoft.Rest.ServiceClientTracing.IsEnabled;
+ string _invocationId = null;
+ if (_shouldTrace)
+ {
+ _invocationId = Microsoft.Rest.ServiceClientTracing.NextInvocationId.ToString();
+ System.Collections.Generic.Dictionary tracingParameters = new System.Collections.Generic.Dictionary();
+ tracingParameters.Add("scope", scope);
+ tracingParameters.Add("denyAssignmentId", denyAssignmentId);
+ tracingParameters.Add("apiVersion", apiVersion);
+
+ tracingParameters.Add("parameters", parameters);
+
+ tracingParameters.Add("cancellationToken", cancellationToken);
+ Microsoft.Rest.ServiceClientTracing.Enter(_invocationId, this, "CreateOrUpdate", tracingParameters);
+ }
+ // Construct URL
+
+ var _baseUrl = this.Client.BaseUri.AbsoluteUri;
+ var _url = new System.Uri(new System.Uri(_baseUrl + (_baseUrl.EndsWith("/") ? "" : "/")), "{scope}/providers/Microsoft.Authorization/denyAssignments/{denyAssignmentId}").ToString();
+ _url = _url.Replace("{scope}", scope);
+ _url = _url.Replace("{denyAssignmentId}", System.Uri.EscapeDataString(denyAssignmentId));
+
+ System.Collections.Generic.List _queryParameters = new System.Collections.Generic.List();
+ if (apiVersion != null)
+ {
+ _queryParameters.Add(string.Format("api-version={0}", System.Uri.EscapeDataString(apiVersion)));
+ }
+ if (_queryParameters.Count > 0)
+ {
+ _url += (_url.Contains("?") ? "&" : "?") + string.Join("&", _queryParameters);
+ }
+ // Create HTTP transport objects
+ var _httpRequest = new System.Net.Http.HttpRequestMessage();
+ System.Net.Http.HttpResponseMessage _httpResponse = null;
+ _httpRequest.Method = new System.Net.Http.HttpMethod("PUT");
+ _httpRequest.RequestUri = new System.Uri(_url);
+ // Set Headers
+ if (this.Client.GenerateClientRequestId != null && this.Client.GenerateClientRequestId.Value)
+ {
+ _httpRequest.Headers.TryAddWithoutValidation("x-ms-client-request-id", System.Guid.NewGuid().ToString());
+ }
+ if (this.Client.AcceptLanguage != null)
+ {
+ if (_httpRequest.Headers.Contains("accept-language"))
+ {
+ _httpRequest.Headers.Remove("accept-language");
+ }
+ _httpRequest.Headers.TryAddWithoutValidation("accept-language", this.Client.AcceptLanguage);
+ }
+
+ if (customHeaders != null)
+ {
+ foreach(var _header in customHeaders)
+ {
+ if (_httpRequest.Headers.Contains(_header.Key))
+ {
+ _httpRequest.Headers.Remove(_header.Key);
+ }
+ _httpRequest.Headers.TryAddWithoutValidation(_header.Key, _header.Value);
+ }
+ }
+ // Serialize Request
+ string _requestContent = null;
+ if(parameters != null)
+ {
+ _requestContent = Microsoft.Rest.Serialization.SafeJsonConvert.SerializeObject(parameters, this.Client.SerializationSettings);
+ _httpRequest.Content = new System.Net.Http.StringContent(_requestContent, System.Text.Encoding.UTF8);
+ _httpRequest.Content.Headers.ContentType =System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json; charset=utf-8");
+ }
+ // Set Credentials
+ if (this.Client.Credentials != null)
+ {
+ cancellationToken.ThrowIfCancellationRequested();
+ await this.Client.Credentials.ProcessHttpRequestAsync(_httpRequest, cancellationToken).ConfigureAwait(false);
+ }
+ // Send Request
+ if (_shouldTrace)
+ {
+ Microsoft.Rest.ServiceClientTracing.SendRequest(_invocationId, _httpRequest);
+ }
+ cancellationToken.ThrowIfCancellationRequested();
+ _httpResponse = await this.Client.HttpClient.SendAsync(_httpRequest, cancellationToken).ConfigureAwait(false);
+ if (_shouldTrace)
+ {
+ Microsoft.Rest.ServiceClientTracing.ReceiveResponse(_invocationId, _httpResponse);
+ }
+
+ System.Net.HttpStatusCode _statusCode = _httpResponse.StatusCode;
+ cancellationToken.ThrowIfCancellationRequested();
+ string _responseContent = null;
+
+ if ((int)_statusCode != 200 && (int)_statusCode != 201)
+ {
+ var ex = new ErrorResponseAutoGeneratedException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
try
{
_responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
- ErrorResponse _errorBody = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject(_responseContent, this.Client.DeserializationSettings);
+ ErrorResponseAutoGenerated _errorBody = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject(_responseContent, this.Client.DeserializationSettings);
if (_errorBody != null)
{
ex.Body = _errorBody;
@@ -918,6 +1151,208 @@ internal DenyAssignmentsOperations (AuthorizationManagementClient client)
throw new Microsoft.Rest.SerializationException("Unable to deserialize the response.", _responseContent, ex);
}
}
+ // Deserialize Response
+ if ((int)_statusCode == 201)
+ {
+ _responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
+ try
+ {
+ _result.Body = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject(_responseContent, this.Client.DeserializationSettings);
+ }
+ catch (Newtonsoft.Json.JsonException ex)
+ {
+ _httpRequest.Dispose();
+ if (_httpResponse != null)
+ {
+ _httpResponse.Dispose();
+ }
+ throw new Microsoft.Rest.SerializationException("Unable to deserialize the response.", _responseContent, ex);
+ }
+ }
+ if (_shouldTrace)
+ {
+ Microsoft.Rest.ServiceClientTracing.Exit(_invocationId, _result);
+ }
+ return _result;
+
+
+
+
+
+ }
+ ///
+ /// Delete a deny assignment by scope and name.
+ ///
+ ///
+ /// The scope at which the operation is performed.
+ ///
+ ///
+ /// The ID of the deny assignment to delete.
+ ///
+ ///
+ /// Headers that will be added to request.
+ ///
+ ///
+ /// The cancellation token.
+ ///
+ ///
+ /// Thrown when the operation returned an invalid status code
+ ///
+ ///
+ /// Thrown when a required parameter is null
+ ///
+ ///
+ /// Thrown when a required parameter is null
+ ///
+ ///
+ /// A response object containing the response body and response headers.
+ ///
+ public async System.Threading.Tasks.Task DeleteWithHttpMessagesAsync(string scope, string denyAssignmentId, System.Collections.Generic.Dictionary> customHeaders = null, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken))
+ {
+
+
+
+
+ if (scope == null)
+ {
+ throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "scope");
+ }
+ if (scope != null)
+ {
+ if (scope.Length < 1)
+ {
+ throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.MinLength, "scope", 1);
+ }
+ }
+ if (denyAssignmentId == null)
+ {
+ throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "denyAssignmentId");
+ }
+
+ string apiVersion = "2024-07-01-preview";
+ // Tracing
+ bool _shouldTrace = Microsoft.Rest.ServiceClientTracing.IsEnabled;
+ string _invocationId = null;
+ if (_shouldTrace)
+ {
+ _invocationId = Microsoft.Rest.ServiceClientTracing.NextInvocationId.ToString();
+ System.Collections.Generic.Dictionary tracingParameters = new System.Collections.Generic.Dictionary();
+ tracingParameters.Add("scope", scope);
+ tracingParameters.Add("denyAssignmentId", denyAssignmentId);
+ tracingParameters.Add("apiVersion", apiVersion);
+
+
+ tracingParameters.Add("cancellationToken", cancellationToken);
+ Microsoft.Rest.ServiceClientTracing.Enter(_invocationId, this, "Delete", tracingParameters);
+ }
+ // Construct URL
+
+ var _baseUrl = this.Client.BaseUri.AbsoluteUri;
+ var _url = new System.Uri(new System.Uri(_baseUrl + (_baseUrl.EndsWith("/") ? "" : "/")), "{scope}/providers/Microsoft.Authorization/denyAssignments/{denyAssignmentId}").ToString();
+ _url = _url.Replace("{scope}", scope);
+ _url = _url.Replace("{denyAssignmentId}", System.Uri.EscapeDataString(denyAssignmentId));
+
+ System.Collections.Generic.List _queryParameters = new System.Collections.Generic.List();
+ if (apiVersion != null)
+ {
+ _queryParameters.Add(string.Format("api-version={0}", System.Uri.EscapeDataString(apiVersion)));
+ }
+ if (_queryParameters.Count > 0)
+ {
+ _url += (_url.Contains("?") ? "&" : "?") + string.Join("&", _queryParameters);
+ }
+ // Create HTTP transport objects
+ var _httpRequest = new System.Net.Http.HttpRequestMessage();
+ System.Net.Http.HttpResponseMessage _httpResponse = null;
+ _httpRequest.Method = new System.Net.Http.HttpMethod("DELETE");
+ _httpRequest.RequestUri = new System.Uri(_url);
+ // Set Headers
+ if (this.Client.GenerateClientRequestId != null && this.Client.GenerateClientRequestId.Value)
+ {
+ _httpRequest.Headers.TryAddWithoutValidation("x-ms-client-request-id", System.Guid.NewGuid().ToString());
+ }
+ if (this.Client.AcceptLanguage != null)
+ {
+ if (_httpRequest.Headers.Contains("accept-language"))
+ {
+ _httpRequest.Headers.Remove("accept-language");
+ }
+ _httpRequest.Headers.TryAddWithoutValidation("accept-language", this.Client.AcceptLanguage);
+ }
+
+ if (customHeaders != null)
+ {
+ foreach(var _header in customHeaders)
+ {
+ if (_httpRequest.Headers.Contains(_header.Key))
+ {
+ _httpRequest.Headers.Remove(_header.Key);
+ }
+ _httpRequest.Headers.TryAddWithoutValidation(_header.Key, _header.Value);
+ }
+ }
+ // Serialize Request
+ string _requestContent = null;
+ // Set Credentials
+ if (this.Client.Credentials != null)
+ {
+ cancellationToken.ThrowIfCancellationRequested();
+ await this.Client.Credentials.ProcessHttpRequestAsync(_httpRequest, cancellationToken).ConfigureAwait(false);
+ }
+ // Send Request
+ if (_shouldTrace)
+ {
+ Microsoft.Rest.ServiceClientTracing.SendRequest(_invocationId, _httpRequest);
+ }
+ cancellationToken.ThrowIfCancellationRequested();
+ _httpResponse = await this.Client.HttpClient.SendAsync(_httpRequest, cancellationToken).ConfigureAwait(false);
+ if (_shouldTrace)
+ {
+ Microsoft.Rest.ServiceClientTracing.ReceiveResponse(_invocationId, _httpResponse);
+ }
+
+ System.Net.HttpStatusCode _statusCode = _httpResponse.StatusCode;
+ cancellationToken.ThrowIfCancellationRequested();
+ string _responseContent = null;
+
+ if ((int)_statusCode != 200 && (int)_statusCode != 204)
+ {
+ var ex = new ErrorResponseAutoGeneratedException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
+ try
+ {
+ _responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
+ ErrorResponseAutoGenerated _errorBody = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject(_responseContent, this.Client.DeserializationSettings);
+ if (_errorBody != null)
+ {
+ ex.Body = _errorBody;
+ }
+ }
+ catch (Newtonsoft.Json.JsonException)
+ {
+ // Ignore the exception
+ }
+ ex.Request = new Microsoft.Rest.HttpRequestMessageWrapper(_httpRequest, _requestContent);
+ ex.Response = new Microsoft.Rest.HttpResponseMessageWrapper(_httpResponse, _responseContent);
+ if (_shouldTrace)
+ {
+ Microsoft.Rest.ServiceClientTracing.Error(_invocationId, ex);
+ }
+ _httpRequest.Dispose();
+ if (_httpResponse != null)
+ {
+ _httpResponse.Dispose();
+ }
+ throw ex;
+ }
+ // Create Result
+ var _result = new Microsoft.Rest.Azure.AzureOperationResponse();
+ _result.Request = _httpRequest;
+ _result.Response = _httpResponse;
+
+ if (_httpResponse.Headers.Contains("x-ms-request-id"))
+ {
+ _result.RequestId = _httpResponse.Headers.GetValues("x-ms-request-id").FirstOrDefault();
+ }
if (_shouldTrace)
{
Microsoft.Rest.ServiceClientTracing.Exit(_invocationId, _result);
@@ -971,7 +1406,7 @@ internal DenyAssignmentsOperations (AuthorizationManagementClient client)
throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "denyAssignmentId");
}
- string apiVersion = "2018-07-01-preview";
+ string apiVersion = "2024-07-01-preview";
// Tracing
bool _shouldTrace = Microsoft.Rest.ServiceClientTracing.IsEnabled;
string _invocationId = null;
@@ -1057,11 +1492,11 @@ internal DenyAssignmentsOperations (AuthorizationManagementClient client)
if ((int)_statusCode != 200)
{
- var ex = new ErrorResponseException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
+ var ex = new ErrorResponseAutoGeneratedException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
try
{
_responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
- ErrorResponse _errorBody = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject(_responseContent, this.Client.DeserializationSettings);
+ ErrorResponseAutoGenerated _errorBody = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject(_responseContent, this.Client.DeserializationSettings);
if (_errorBody != null)
{
ex.Body = _errorBody;
@@ -1129,7 +1564,7 @@ internal DenyAssignmentsOperations (AuthorizationManagementClient client)
///
///
///
- /// The scope of the deny assignments.
+ /// The scope at which the operation is performed.
///
///
/// Headers that will be added to request.
@@ -1163,8 +1598,14 @@ internal DenyAssignmentsOperations (AuthorizationManagementClient client)
{
throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "scope");
}
-
- string apiVersion = "2018-07-01-preview";
+ if (scope != null)
+ {
+ if (scope.Length < 1)
+ {
+ throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.MinLength, "scope", 1);
+ }
+ }
+ string apiVersion = "2024-07-01-preview";
// Tracing
bool _shouldTrace = Microsoft.Rest.ServiceClientTracing.IsEnabled;
string _invocationId = null;
@@ -1259,11 +1700,11 @@ internal DenyAssignmentsOperations (AuthorizationManagementClient client)
if ((int)_statusCode != 200)
{
- var ex = new ErrorResponseException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
+ var ex = new ErrorResponseAutoGeneratedException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
try
{
_responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
- ErrorResponse _errorBody = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject(_responseContent, this.Client.DeserializationSettings);
+ ErrorResponseAutoGenerated _errorBody = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject(_responseContent, this.Client.DeserializationSettings);
if (_errorBody != null)
{
ex.Body = _errorBody;
@@ -1436,11 +1877,11 @@ internal DenyAssignmentsOperations (AuthorizationManagementClient client)
if ((int)_statusCode != 200)
{
- var ex = new ErrorResponseException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
+ var ex = new ErrorResponseAutoGeneratedException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
try
{
_responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
- ErrorResponse _errorBody = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject(_responseContent, this.Client.DeserializationSettings);
+ ErrorResponseAutoGenerated _errorBody = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject(_responseContent, this.Client.DeserializationSettings);
if (_errorBody != null)
{
ex.Body = _errorBody;
@@ -1613,11 +2054,11 @@ internal DenyAssignmentsOperations (AuthorizationManagementClient client)
if ((int)_statusCode != 200)
{
- var ex = new ErrorResponseException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
+ var ex = new ErrorResponseAutoGeneratedException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
try
{
_responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
- ErrorResponse _errorBody = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject(_responseContent, this.Client.DeserializationSettings);
+ ErrorResponseAutoGenerated _errorBody = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject(_responseContent, this.Client.DeserializationSettings);
if (_errorBody != null)
{
ex.Body = _errorBody;
@@ -1790,11 +2231,11 @@ internal DenyAssignmentsOperations (AuthorizationManagementClient client)
if ((int)_statusCode != 200)
{
- var ex = new ErrorResponseException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
+ var ex = new ErrorResponseAutoGeneratedException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
try
{
_responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
- ErrorResponse _errorBody = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject(_responseContent, this.Client.DeserializationSettings);
+ ErrorResponseAutoGenerated _errorBody = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject(_responseContent, this.Client.DeserializationSettings);
if (_errorBody != null)
{
ex.Body = _errorBody;
@@ -1967,11 +2408,11 @@ internal DenyAssignmentsOperations (AuthorizationManagementClient client)
if ((int)_statusCode != 200)
{
- var ex = new ErrorResponseException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
+ var ex = new ErrorResponseAutoGeneratedException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
try
{
_responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
- ErrorResponse _errorBody = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject(_responseContent, this.Client.DeserializationSettings);
+ ErrorResponseAutoGenerated _errorBody = Microsoft.Rest.Serialization.SafeJsonConvert.DeserializeObject(_responseContent, this.Client.DeserializationSettings);
if (_errorBody != null)
{
ex.Body = _errorBody;
diff --git a/src/Resources/Authorization.Management.Sdk/Generated/DenyAssignmentsOperationsExtensions.cs b/src/Resources/Authorization.Management.Sdk/Generated/DenyAssignmentsOperationsExtensions.cs
index c7d1cad6bd6b..8b354a8e024f 100644
--- a/src/Resources/Authorization.Management.Sdk/Generated/DenyAssignmentsOperationsExtensions.cs
+++ b/src/Resources/Authorization.Management.Sdk/Generated/DenyAssignmentsOperationsExtensions.cs
@@ -154,7 +154,7 @@ public static partial class DenyAssignmentsOperationsExtensions
/// The operations group for this extension method.
///
///
- /// The scope of the deny assignment.
+ /// The scope at which the operation is performed.
///
///
/// The ID of the deny assignment to get.
@@ -171,7 +171,7 @@ public static DenyAssignment Get(this IDenyAssignmentsOperations operations, str
/// The operations group for this extension method.
///
///
- /// The scope of the deny assignment.
+ /// The scope at which the operation is performed.
///
///
/// The ID of the deny assignment to get.
@@ -187,6 +187,83 @@ public static DenyAssignment Get(this IDenyAssignmentsOperations operations, str
}
}
///
+ /// Create or update a deny assignment by scope and name.
+ ///
+ ///
+ /// The operations group for this extension method.
+ ///
+ ///
+ /// The scope at which the operation is performed.
+ ///
+ ///
+ /// The ID of the deny assignment to create. A new GUID should be used for each
+ /// new deny assignment.
+ ///
+ public static DenyAssignment CreateOrUpdate(this IDenyAssignmentsOperations operations, string scope, string denyAssignmentId, DenyAssignment parameters)
+ {
+ return ((IDenyAssignmentsOperations)operations).CreateOrUpdateAsync(scope, denyAssignmentId, parameters).GetAwaiter().GetResult();
+ }
+
+ ///
+ /// Create or update a deny assignment by scope and name.
+ ///
+ ///
+ /// The operations group for this extension method.
+ ///
+ ///
+ /// The scope at which the operation is performed.
+ ///
+ ///
+ /// The ID of the deny assignment to create. A new GUID should be used for each
+ /// new deny assignment.
+ ///
+ ///
+ /// The cancellation token.
+ ///
+ public static async System.Threading.Tasks.Task CreateOrUpdateAsync(this IDenyAssignmentsOperations operations, string scope, string denyAssignmentId, DenyAssignment parameters, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken))
+ {
+ using (var _result = await operations.CreateOrUpdateWithHttpMessagesAsync(scope, denyAssignmentId, parameters, null, cancellationToken).ConfigureAwait(false))
+ {
+ return _result.Body;
+ }
+ }
+ ///
+ /// Delete a deny assignment by scope and name.
+ ///
+ ///
+ /// The operations group for this extension method.
+ ///
+ ///
+ /// The scope at which the operation is performed.
+ ///
+ ///
+ /// The ID of the deny assignment to delete.
+ ///
+ public static void Delete(this IDenyAssignmentsOperations operations, string scope, string denyAssignmentId)
+ {
+ ((IDenyAssignmentsOperations)operations).DeleteAsync(scope, denyAssignmentId).GetAwaiter().GetResult();
+ }
+
+ ///
+ /// Delete a deny assignment by scope and name.
+ ///
+ ///
+ /// The operations group for this extension method.
+ ///
+ ///
+ /// The scope at which the operation is performed.
+ ///
+ ///
+ /// The ID of the deny assignment to delete.
+ ///
+ ///
+ /// The cancellation token.
+ ///
+ public static async System.Threading.Tasks.Task DeleteAsync(this IDenyAssignmentsOperations operations, string scope, string denyAssignmentId, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken))
+ {
+ (await operations.DeleteWithHttpMessagesAsync(scope, denyAssignmentId, null, cancellationToken).ConfigureAwait(false)).Dispose();
+ }
+ ///
/// Gets a deny assignment by ID.
///
///
@@ -237,7 +314,7 @@ public static DenyAssignment GetById(this IDenyAssignmentsOperations operations,
///
///
///
- /// The scope of the deny assignments.
+ /// The scope at which the operation is performed.
///
public static Microsoft.Rest.Azure.IPage ListForScope(this IDenyAssignmentsOperations operations, string scope, Microsoft.Rest.Azure.OData.ODataQuery odataQuery = default(Microsoft.Rest.Azure.OData.ODataQuery))
{
@@ -254,7 +331,7 @@ public static DenyAssignment GetById(this IDenyAssignmentsOperations operations,
///
///
///
- /// The scope of the deny assignments.
+ /// The scope at which the operation is performed.
///
///
/// The cancellation token.
diff --git a/src/Resources/Authorization.Management.Sdk/Generated/IDenyAssignmentsOperations.cs b/src/Resources/Authorization.Management.Sdk/Generated/IDenyAssignmentsOperations.cs
index 49c3b9a5e706..4758dff3fe75 100644
--- a/src/Resources/Authorization.Management.Sdk/Generated/IDenyAssignmentsOperations.cs
+++ b/src/Resources/Authorization.Management.Sdk/Generated/IDenyAssignmentsOperations.cs
@@ -107,7 +107,7 @@ public partial interface IDenyAssignmentsOperations
/// Get the specified deny assignment.
///
///
- /// The scope of the deny assignment.
+ /// The scope at which the operation is performed.
///
///
/// The ID of the deny assignment to get.
@@ -126,6 +126,59 @@ public partial interface IDenyAssignmentsOperations
///
System.Threading.Tasks.Task> GetWithHttpMessagesAsync(string scope, string denyAssignmentId, System.Collections.Generic.Dictionary> customHeaders = null, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken));
+ ///
+ /// Create or update a deny assignment by scope and name.
+ ///
+ ///
+ /// Create or update a deny assignment by scope and name.
+ ///
+ ///
+ /// The scope at which the operation is performed.
+ ///
+ ///
+ /// The ID of the deny assignment to create. A new GUID should be used for each
+ /// new deny assignment.
+ ///
+ ///
+ /// Parameters for the deny assignment.
+ ///
+ ///
+ /// The headers that will be added to request.
+ ///
+ ///
+ /// The cancellation token.
+ ///
+ ///
+ /// Thrown when the operation returned an invalid status code
+ ///
+ ///
+ /// Thrown when unable to deserialize the response
+ ///
+ System.Threading.Tasks.Task> CreateOrUpdateWithHttpMessagesAsync(string scope, string denyAssignmentId, DenyAssignment parameters, System.Collections.Generic.Dictionary> customHeaders = null, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken));
+
+ ///
+ /// Delete a deny assignment by scope and name.
+ ///
+ ///
+ /// Delete a deny assignment by scope and name.
+ ///
+ ///
+ /// The scope at which the operation is performed.
+ ///
+ ///
+ /// The ID of the deny assignment to delete.
+ ///
+ ///
+ /// The headers that will be added to request.
+ ///
+ ///
+ /// The cancellation token.
+ ///
+ ///
+ /// Thrown when the operation returned an invalid status code
+ ///
+ System.Threading.Tasks.Task DeleteWithHttpMessagesAsync(string scope, string denyAssignmentId, System.Collections.Generic.Dictionary> customHeaders = null, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken));
+
///
/// Gets a deny assignment by ID.
///
@@ -163,7 +216,7 @@ public partial interface IDenyAssignmentsOperations
///
///
///
- /// The scope of the deny assignments.
+ /// The scope at which the operation is performed.
///
///
/// The headers that will be added to request.
diff --git a/src/Resources/Authorization.Management.Sdk/Generated/Models/CreatedByType.cs b/src/Resources/Authorization.Management.Sdk/Generated/Models/CreatedByType.cs
new file mode 100644
index 000000000000..45a3104d5d9a
--- /dev/null
+++ b/src/Resources/Authorization.Management.Sdk/Generated/Models/CreatedByType.cs
@@ -0,0 +1,21 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+// Code generated by Microsoft (R) AutoRest Code Generator.
+// Changes may cause incorrect behavior and will be lost if the code is regenerated.
+
+namespace Microsoft.Azure.Management.Authorization.Models
+{
+
+ ///
+ /// Defines values for CreatedByType.
+ ///
+
+
+ public static class CreatedByType
+ {
+ public const string User = "User";
+ public const string Application = "Application";
+ public const string ManagedIdentity = "ManagedIdentity";
+ public const string Key = "Key";
+ }
+}
\ No newline at end of file
diff --git a/src/Resources/Authorization.Management.Sdk/Generated/Models/DenyAssignment.cs b/src/Resources/Authorization.Management.Sdk/Generated/Models/DenyAssignment.cs
index efcee5ebbd8d..3ea8e02e52f6 100644
--- a/src/Resources/Authorization.Management.Sdk/Generated/Models/DenyAssignment.cs
+++ b/src/Resources/Authorization.Management.Sdk/Generated/Models/DenyAssignment.cs
@@ -11,7 +11,7 @@ namespace Microsoft.Azure.Management.Authorization.Models
/// Deny Assignment
///
[Microsoft.Rest.Serialization.JsonTransformation]
- public partial class DenyAssignment
+ public partial class DenyAssignment : Microsoft.Rest.Azure.IResource
{
///
/// Initializes a new instance of the DenyAssignment class.
@@ -34,6 +34,10 @@ public DenyAssignment()
/// The deny assignment type.
///
+ /// Azure Resource Manager metadata containing createdBy and modifiedBy
+ /// information.
+ ///
+
/// The display name of the deny assignment.
///
@@ -59,12 +63,38 @@ public DenyAssignment()
/// Specifies whether this deny assignment was created by Azure and cannot be
/// edited or deleted.
///
- public DenyAssignment(string id = default(string), string name = default(string), string type = default(string), string denyAssignmentName = default(string), string description = default(string), System.Collections.Generic.IList permissions = default(System.Collections.Generic.IList), string scope = default(string), bool? doNotApplyToChildScopes = default(bool?), System.Collections.Generic.IList principals = default(System.Collections.Generic.IList), System.Collections.Generic.IList excludePrincipals = default(System.Collections.Generic.IList), bool? isSystemProtected = default(bool?))
+
+ /// The effect of the deny assignment. 'enforced' blocks access, 'audit' logs
+ /// without blocking.
+ /// Possible values include: 'enforced', 'audit'
+
+ /// The conditions on the deny assignment. This limits the resources it can be
+ /// assigned to. e.g.:
+ /// @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName]
+ /// StringEqualsIgnoreCase 'foo_storage_container'
+ ///
+
+ /// Version of the condition.
+ ///
+
+ /// Time it was created
+ ///
+
+ /// Time it was updated
+ ///
+
+ /// Id of the user who created the assignment
+ ///
+
+ /// Id of the user who updated the assignment
+ ///
+ public DenyAssignment(string id = default(string), string name = default(string), string type = default(string), SystemData systemData = default(SystemData), string denyAssignmentName = default(string), string description = default(string), System.Collections.Generic.IList permissions = default(System.Collections.Generic.IList), string scope = default(string), bool? doNotApplyToChildScopes = default(bool?), System.Collections.Generic.IList principals = default(System.Collections.Generic.IList), System.Collections.Generic.IList excludePrincipals = default(System.Collections.Generic.IList), bool? isSystemProtected = default(bool?), string denyAssignmentEffect = default(string), string condition = default(string), string conditionVersion = default(string), System.DateTime? createdOn = default(System.DateTime?), System.DateTime? updatedOn = default(System.DateTime?), string createdBy = default(string), string updatedBy = default(string))
{
this.Id = id;
this.Name = name;
this.Type = type;
+ this.SystemData = systemData;
this.DenyAssignmentName = denyAssignmentName;
this.Description = description;
this.Permissions = permissions;
@@ -73,6 +103,13 @@ public DenyAssignment()
this.Principals = principals;
this.ExcludePrincipals = excludePrincipals;
this.IsSystemProtected = isSystemProtected;
+ this.DenyAssignmentEffect = denyAssignmentEffect;
+ this.Condition = condition;
+ this.ConditionVersion = conditionVersion;
+ this.CreatedOn = createdOn;
+ this.UpdatedOn = updatedOn;
+ this.CreatedBy = createdBy;
+ this.UpdatedBy = updatedBy;
CustomInit();
}
@@ -100,6 +137,13 @@ public DenyAssignment()
[Newtonsoft.Json.JsonProperty(PropertyName = "type")]
public string Type {get; private set; }
+ ///
+ /// Gets azure Resource Manager metadata containing createdBy and modifiedBy
+ /// information.
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "systemData")]
+ public SystemData SystemData {get; private set; }
+
///
/// Gets or sets the display name of the deny assignment.
///
@@ -120,10 +164,10 @@ public DenyAssignment()
public System.Collections.Generic.IList Permissions {get; set; }
///
- /// Gets or sets the deny assignment scope.
+ /// Gets the deny assignment scope.
///
[Newtonsoft.Json.JsonProperty(PropertyName = "properties.scope")]
- public string Scope {get; set; }
+ public string Scope {get; private set; }
///
/// Gets or sets determines if the deny assignment applies to child scopes.
@@ -136,14 +180,14 @@ public DenyAssignment()
/// Gets or sets array of principals to which the deny assignment applies.
///
[Newtonsoft.Json.JsonProperty(PropertyName = "properties.principals")]
- public System.Collections.Generic.IList Principals {get; set; }
+ public System.Collections.Generic.IList Principals {get; set; }
///
/// Gets or sets array of principals to which the deny assignment does not
/// apply.
///
[Newtonsoft.Json.JsonProperty(PropertyName = "properties.excludePrincipals")]
- public System.Collections.Generic.IList ExcludePrincipals {get; set; }
+ public System.Collections.Generic.IList ExcludePrincipals {get; set; }
///
/// Gets or sets specifies whether this deny assignment was created by Azure
@@ -151,5 +195,51 @@ public DenyAssignment()
///
[Newtonsoft.Json.JsonProperty(PropertyName = "properties.isSystemProtected")]
public bool? IsSystemProtected {get; set; }
+
+ ///
+ /// Gets or sets the effect of the deny assignment. 'enforced' blocks access,
+ /// 'audit' logs without blocking. Possible values include: 'enforced', 'audit'
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "properties.denyAssignmentEffect")]
+ public string DenyAssignmentEffect {get; set; }
+
+ ///
+ /// Gets or sets the conditions on the deny assignment. This limits the
+ /// resources it can be assigned to. e.g.:
+ /// @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName]
+ /// StringEqualsIgnoreCase 'foo_storage_container'
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "properties.condition")]
+ public string Condition {get; set; }
+
+ ///
+ /// Gets or sets version of the condition.
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "properties.conditionVersion")]
+ public string ConditionVersion {get; set; }
+
+ ///
+ /// Gets time it was created
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "properties.createdOn")]
+ public System.DateTime? CreatedOn {get; private set; }
+
+ ///
+ /// Gets time it was updated
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "properties.updatedOn")]
+ public System.DateTime? UpdatedOn {get; private set; }
+
+ ///
+ /// Gets id of the user who created the assignment
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "properties.createdBy")]
+ public string CreatedBy {get; private set; }
+
+ ///
+ /// Gets id of the user who updated the assignment
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "properties.updatedBy")]
+ public string UpdatedBy {get; private set; }
}
}
\ No newline at end of file
diff --git a/src/Resources/Authorization.Management.Sdk/Generated/Models/DenyAssignmentEffect.cs b/src/Resources/Authorization.Management.Sdk/Generated/Models/DenyAssignmentEffect.cs
new file mode 100644
index 000000000000..7fadb7f9123c
--- /dev/null
+++ b/src/Resources/Authorization.Management.Sdk/Generated/Models/DenyAssignmentEffect.cs
@@ -0,0 +1,19 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+// Code generated by Microsoft (R) AutoRest Code Generator.
+// Changes may cause incorrect behavior and will be lost if the code is regenerated.
+
+namespace Microsoft.Azure.Management.Authorization.Models
+{
+
+ ///
+ /// Defines values for DenyAssignmentEffect.
+ ///
+
+
+ public static class DenyAssignmentEffect
+ {
+ public const string Enforced = "enforced";
+ public const string Audit = "audit";
+ }
+}
\ No newline at end of file
diff --git a/src/Resources/Authorization.Management.Sdk/Generated/Models/DenyAssignmentPermission.cs b/src/Resources/Authorization.Management.Sdk/Generated/Models/DenyAssignmentPermission.cs
index 5b263b427dcb..3bf07b1c090f 100644
--- a/src/Resources/Authorization.Management.Sdk/Generated/Models/DenyAssignmentPermission.cs
+++ b/src/Resources/Authorization.Management.Sdk/Generated/Models/DenyAssignmentPermission.cs
@@ -36,13 +36,22 @@ public DenyAssignmentPermission()
/// Data actions to exclude from that the deny assignment does not grant
/// access.
///
- public DenyAssignmentPermission(System.Collections.Generic.IList actions = default(System.Collections.Generic.IList), System.Collections.Generic.IList notActions = default(System.Collections.Generic.IList), System.Collections.Generic.IList dataActions = default(System.Collections.Generic.IList), System.Collections.Generic.IList notDataActions = default(System.Collections.Generic.IList))
+
+ /// The conditions on the Deny assignment permission. This limits the resources
+ /// it applies to.
+ ///
+
+ /// Version of the condition.
+ ///
+ public DenyAssignmentPermission(System.Collections.Generic.IList actions = default(System.Collections.Generic.IList), System.Collections.Generic.IList notActions = default(System.Collections.Generic.IList), System.Collections.Generic.IList dataActions = default(System.Collections.Generic.IList), System.Collections.Generic.IList notDataActions = default(System.Collections.Generic.IList), string condition = default(string), string conditionVersion = default(string))
{
this.Actions = actions;
this.NotActions = notActions;
this.DataActions = dataActions;
this.NotDataActions = notDataActions;
+ this.Condition = condition;
+ this.ConditionVersion = conditionVersion;
CustomInit();
}
@@ -78,5 +87,18 @@ public DenyAssignmentPermission()
///
[Newtonsoft.Json.JsonProperty(PropertyName = "notDataActions")]
public System.Collections.Generic.IList NotDataActions {get; set; }
+
+ ///
+ /// Gets or sets the conditions on the Deny assignment permission. This limits
+ /// the resources it applies to.
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "condition")]
+ public string Condition {get; set; }
+
+ ///
+ /// Gets or sets version of the condition.
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "conditionVersion")]
+ public string ConditionVersion {get; set; }
}
}
\ No newline at end of file
diff --git a/src/Resources/Authorization.Management.Sdk/Generated/Models/DenyAssignmentPrincipal.cs b/src/Resources/Authorization.Management.Sdk/Generated/Models/DenyAssignmentPrincipal.cs
new file mode 100644
index 000000000000..0113f733f06d
--- /dev/null
+++ b/src/Resources/Authorization.Management.Sdk/Generated/Models/DenyAssignmentPrincipal.cs
@@ -0,0 +1,59 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+// Code generated by Microsoft (R) AutoRest Code Generator.
+// Changes may cause incorrect behavior and will be lost if the code is regenerated.
+
+namespace Microsoft.Azure.Management.Authorization.Models
+{
+ using System.Linq;
+
+ ///
+ /// Deny assignment principal.
+ ///
+ public partial class DenyAssignmentPrincipal
+ {
+ ///
+ /// Initializes a new instance of the DenyAssignmentPrincipal class.
+ ///
+ public DenyAssignmentPrincipal()
+ {
+ CustomInit();
+ }
+
+ ///
+ /// Initializes a new instance of the DenyAssignmentPrincipal class.
+ ///
+
+ /// The object ID of the principal.
+ ///
+
+ /// The type of the principal such as user, group, servicePrincipal, etc.
+ /// Possible values include:
+ public DenyAssignmentPrincipal(string id = default(string), string type = default(string))
+
+ {
+ this.Id = id;
+ this.Type = type;
+ CustomInit();
+ }
+
+ ///
+ /// An initialization method that performs custom operations like setting defaults
+ ///
+ partial void CustomInit();
+
+
+ ///
+ /// Gets or sets the object ID of the principal.
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "id")]
+ public string Id {get; set; }
+
+ ///
+ /// Gets or sets the type of the principal such as user, group,
+ /// servicePrincipal, etc. Possible values include:
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "type")]
+ public string Type {get; set; }
+ }
+}
\ No newline at end of file
diff --git a/src/Resources/Authorization.Management.Sdk/Generated/Models/DenyAssignmentPrincipalType.cs b/src/Resources/Authorization.Management.Sdk/Generated/Models/DenyAssignmentPrincipalType.cs
new file mode 100644
index 000000000000..b2e2a31a11f6
--- /dev/null
+++ b/src/Resources/Authorization.Management.Sdk/Generated/Models/DenyAssignmentPrincipalType.cs
@@ -0,0 +1,17 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+// Code generated by Microsoft (R) AutoRest Code Generator.
+// Changes may cause incorrect behavior and will be lost if the code is regenerated.
+
+namespace Microsoft.Azure.Management.Authorization.Models
+{
+
+ ///
+ /// Defines values for DenyAssignmentPrincipalType.
+ ///
+
+
+ public static class DenyAssignmentPrincipalType
+ {
+ }
+}
\ No newline at end of file
diff --git a/src/Resources/Authorization.Management.Sdk/Generated/Models/DenyAssignmentProperties.cs b/src/Resources/Authorization.Management.Sdk/Generated/Models/DenyAssignmentProperties.cs
index f28b9e0e4ef8..7e62ddb6f13d 100644
--- a/src/Resources/Authorization.Management.Sdk/Generated/Models/DenyAssignmentProperties.cs
+++ b/src/Resources/Authorization.Management.Sdk/Generated/Models/DenyAssignmentProperties.cs
@@ -49,7 +49,32 @@ public DenyAssignmentProperties()
/// Specifies whether this deny assignment was created by Azure and cannot be
/// edited or deleted.
///
- public DenyAssignmentProperties(string denyAssignmentName = default(string), string description = default(string), System.Collections.Generic.IList permissions = default(System.Collections.Generic.IList), string scope = default(string), bool? doNotApplyToChildScopes = default(bool?), System.Collections.Generic.IList principals = default(System.Collections.Generic.IList), System.Collections.Generic.IList excludePrincipals = default(System.Collections.Generic.IList), bool? isSystemProtected = default(bool?))
+
+ /// The effect of the deny assignment. 'enforced' blocks access, 'audit' logs
+ /// without blocking.
+ /// Possible values include: 'enforced', 'audit'
+
+ /// The conditions on the deny assignment. This limits the resources it can be
+ /// assigned to. e.g.:
+ /// @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName]
+ /// StringEqualsIgnoreCase 'foo_storage_container'
+ ///
+
+ /// Version of the condition.
+ ///
+
+ /// Time it was created
+ ///
+
+ /// Time it was updated
+ ///
+
+ /// Id of the user who created the assignment
+ ///
+
+ /// Id of the user who updated the assignment
+ ///
+ public DenyAssignmentProperties(string denyAssignmentName = default(string), string description = default(string), System.Collections.Generic.IList permissions = default(System.Collections.Generic.IList), string scope = default(string), bool? doNotApplyToChildScopes = default(bool?), System.Collections.Generic.IList principals = default(System.Collections.Generic.IList), System.Collections.Generic.IList excludePrincipals = default(System.Collections.Generic.IList), bool? isSystemProtected = default(bool?), string denyAssignmentEffect = default(string), string condition = default(string), string conditionVersion = default(string), System.DateTime? createdOn = default(System.DateTime?), System.DateTime? updatedOn = default(System.DateTime?), string createdBy = default(string), string updatedBy = default(string))
{
this.DenyAssignmentName = denyAssignmentName;
@@ -60,6 +85,13 @@ public DenyAssignmentProperties()
this.Principals = principals;
this.ExcludePrincipals = excludePrincipals;
this.IsSystemProtected = isSystemProtected;
+ this.DenyAssignmentEffect = denyAssignmentEffect;
+ this.Condition = condition;
+ this.ConditionVersion = conditionVersion;
+ this.CreatedOn = createdOn;
+ this.UpdatedOn = updatedOn;
+ this.CreatedBy = createdBy;
+ this.UpdatedBy = updatedBy;
CustomInit();
}
@@ -89,10 +121,10 @@ public DenyAssignmentProperties()
public System.Collections.Generic.IList Permissions {get; set; }
///
- /// Gets or sets the deny assignment scope.
+ /// Gets the deny assignment scope.
///
[Newtonsoft.Json.JsonProperty(PropertyName = "scope")]
- public string Scope {get; set; }
+ public string Scope {get; private set; }
///
/// Gets or sets determines if the deny assignment applies to child scopes.
@@ -105,14 +137,14 @@ public DenyAssignmentProperties()
/// Gets or sets array of principals to which the deny assignment applies.
///
[Newtonsoft.Json.JsonProperty(PropertyName = "principals")]
- public System.Collections.Generic.IList Principals {get; set; }
+ public System.Collections.Generic.IList Principals {get; set; }
///
/// Gets or sets array of principals to which the deny assignment does not
/// apply.
///
[Newtonsoft.Json.JsonProperty(PropertyName = "excludePrincipals")]
- public System.Collections.Generic.IList ExcludePrincipals {get; set; }
+ public System.Collections.Generic.IList ExcludePrincipals {get; set; }
///
/// Gets or sets specifies whether this deny assignment was created by Azure
@@ -120,5 +152,51 @@ public DenyAssignmentProperties()
///
[Newtonsoft.Json.JsonProperty(PropertyName = "isSystemProtected")]
public bool? IsSystemProtected {get; set; }
+
+ ///
+ /// Gets or sets the effect of the deny assignment. 'enforced' blocks access,
+ /// 'audit' logs without blocking. Possible values include: 'enforced', 'audit'
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "denyAssignmentEffect")]
+ public string DenyAssignmentEffect {get; set; }
+
+ ///
+ /// Gets or sets the conditions on the deny assignment. This limits the
+ /// resources it can be assigned to. e.g.:
+ /// @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName]
+ /// StringEqualsIgnoreCase 'foo_storage_container'
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "condition")]
+ public string Condition {get; set; }
+
+ ///
+ /// Gets or sets version of the condition.
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "conditionVersion")]
+ public string ConditionVersion {get; set; }
+
+ ///
+ /// Gets time it was created
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "createdOn")]
+ public System.DateTime? CreatedOn {get; private set; }
+
+ ///
+ /// Gets time it was updated
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "updatedOn")]
+ public System.DateTime? UpdatedOn {get; private set; }
+
+ ///
+ /// Gets id of the user who created the assignment
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "createdBy")]
+ public string CreatedBy {get; private set; }
+
+ ///
+ /// Gets id of the user who updated the assignment
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "updatedBy")]
+ public string UpdatedBy {get; private set; }
}
}
\ No newline at end of file
diff --git a/src/Resources/Authorization.Management.Sdk/Generated/Models/ErrorDetailAutoGenerated.cs b/src/Resources/Authorization.Management.Sdk/Generated/Models/ErrorDetailAutoGenerated.cs
new file mode 100644
index 000000000000..8003653eea2a
--- /dev/null
+++ b/src/Resources/Authorization.Management.Sdk/Generated/Models/ErrorDetailAutoGenerated.cs
@@ -0,0 +1,88 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+// Code generated by Microsoft (R) AutoRest Code Generator.
+// Changes may cause incorrect behavior and will be lost if the code is regenerated.
+
+namespace Microsoft.Azure.Management.Authorization.Models
+{
+ using System.Linq;
+
+ ///
+ /// The error detail.
+ ///
+ public partial class ErrorDetailAutoGenerated
+ {
+ ///
+ /// Initializes a new instance of the ErrorDetailAutoGenerated class.
+ ///
+ public ErrorDetailAutoGenerated()
+ {
+ CustomInit();
+ }
+
+ ///
+ /// Initializes a new instance of the ErrorDetailAutoGenerated class.
+ ///
+
+ /// The error code.
+ ///
+
+ /// The error message.
+ ///
+
+ /// The error target.
+ ///
+
+ /// The error details.
+ ///
+
+ /// The error additional info.
+ ///
+ public ErrorDetailAutoGenerated(string code = default(string), string message = default(string), string target = default(string), System.Collections.Generic.IList details = default(System.Collections.Generic.IList), System.Collections.Generic.IList additionalInfo = default(System.Collections.Generic.IList))
+
+ {
+ this.Code = code;
+ this.Message = message;
+ this.Target = target;
+ this.Details = details;
+ this.AdditionalInfo = additionalInfo;
+ CustomInit();
+ }
+
+ ///
+ /// An initialization method that performs custom operations like setting defaults
+ ///
+ partial void CustomInit();
+
+
+ ///
+ /// Gets the error code.
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "code")]
+ public string Code {get; private set; }
+
+ ///
+ /// Gets the error message.
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "message")]
+ public string Message {get; private set; }
+
+ ///
+ /// Gets the error target.
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "target")]
+ public string Target {get; private set; }
+
+ ///
+ /// Gets the error details.
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "details")]
+ public System.Collections.Generic.IList Details {get; private set; }
+
+ ///
+ /// Gets the error additional info.
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "additionalInfo")]
+ public System.Collections.Generic.IList AdditionalInfo {get; private set; }
+ }
+}
\ No newline at end of file
diff --git a/src/Resources/Authorization.Management.Sdk/Generated/Models/ErrorResponseAutoGenerated.cs b/src/Resources/Authorization.Management.Sdk/Generated/Models/ErrorResponseAutoGenerated.cs
new file mode 100644
index 000000000000..1a22d5dbcc71
--- /dev/null
+++ b/src/Resources/Authorization.Management.Sdk/Generated/Models/ErrorResponseAutoGenerated.cs
@@ -0,0 +1,55 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+// Code generated by Microsoft (R) AutoRest Code Generator.
+// Changes may cause incorrect behavior and will be lost if the code is regenerated.
+
+namespace Microsoft.Azure.Management.Authorization.Models
+{
+ using System.Linq;
+
+ ///
+ /// Common error response for all Azure Resource Manager APIs to return error
+ /// details for failed operations. (This also follows the OData error response
+ /// format.).
+ ///
+ ///
+ /// Common error response for all Azure Resource Manager APIs to return error
+ /// details for failed operations. (This also follows the OData error response
+ /// format.).
+ ///
+ public partial class ErrorResponseAutoGenerated
+ {
+ ///
+ /// Initializes a new instance of the ErrorResponseAutoGenerated class.
+ ///
+ public ErrorResponseAutoGenerated()
+ {
+ CustomInit();
+ }
+
+ ///
+ /// Initializes a new instance of the ErrorResponseAutoGenerated class.
+ ///
+
+ /// The error object.
+ ///
+ public ErrorResponseAutoGenerated(ErrorDetailAutoGenerated error = default(ErrorDetailAutoGenerated))
+
+ {
+ this.Error = error;
+ CustomInit();
+ }
+
+ ///
+ /// An initialization method that performs custom operations like setting defaults
+ ///
+ partial void CustomInit();
+
+
+ ///
+ /// Gets or sets the error object.
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "error")]
+ public ErrorDetailAutoGenerated Error {get; set; }
+ }
+}
\ No newline at end of file
diff --git a/src/Resources/Authorization.Management.Sdk/Generated/Models/ErrorResponseAutoGeneratedException.cs b/src/Resources/Authorization.Management.Sdk/Generated/Models/ErrorResponseAutoGeneratedException.cs
new file mode 100644
index 000000000000..51fbd29a1148
--- /dev/null
+++ b/src/Resources/Authorization.Management.Sdk/Generated/Models/ErrorResponseAutoGeneratedException.cs
@@ -0,0 +1,55 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+// Code generated by Microsoft (R) AutoRest Code Generator.
+// Changes may cause incorrect behavior and will be lost if the code is regenerated.
+
+namespace Microsoft.Azure.Management.Authorization.Models
+{
+
+ ///
+ /// Exception thrown for an invalid response with ErrorResponseAutoGenerated information.
+ ///
+ public partial class ErrorResponseAutoGeneratedException : Microsoft.Rest.RestException
+ {
+ ///
+ /// Gets information about the associated HTTP request.
+ ///
+ public Microsoft.Rest.HttpRequestMessageWrapper Request { get; set; }
+
+ ///
+ /// Gets information about the associated HTTP response.
+ ///
+ public Microsoft.Rest.HttpResponseMessageWrapper Response { get; set; }
+
+ ///
+ /// Gets or sets the body object.
+ ///
+ public ErrorResponseAutoGenerated Body { get; set; }
+
+ ///
+ /// Initializes a new instance of the ErrorResponseAutoGeneratedException class.
+ ///
+ public ErrorResponseAutoGeneratedException()
+ {
+ }
+
+ ///
+ /// Initializes a new instance of the ErrorResponseAutoGenerated class.
+ ///
+ /// The exception message.
+ public ErrorResponseAutoGeneratedException(string message)
+ : this(message, null)
+ {
+ }
+
+ ///
+ /// Initializes a new instance of the ErrorResponseAutoGenerated class.
+ ///
+ /// The exception message.
+ /// Inner exception.
+ public ErrorResponseAutoGeneratedException(string message, System.Exception innerException)
+ : base(message, innerException)
+ {
+ }
+ }
+}
\ No newline at end of file
diff --git a/src/Resources/Authorization.Management.Sdk/Generated/Models/SystemData.cs b/src/Resources/Authorization.Management.Sdk/Generated/Models/SystemData.cs
new file mode 100644
index 000000000000..8a5eee39fae6
--- /dev/null
+++ b/src/Resources/Authorization.Management.Sdk/Generated/Models/SystemData.cs
@@ -0,0 +1,98 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+// Code generated by Microsoft (R) AutoRest Code Generator.
+// Changes may cause incorrect behavior and will be lost if the code is regenerated.
+
+namespace Microsoft.Azure.Management.Authorization.Models
+{
+ using System.Linq;
+
+ ///
+ /// Metadata pertaining to creation and last modification of the resource.
+ ///
+ public partial class SystemData
+ {
+ ///
+ /// Initializes a new instance of the SystemData class.
+ ///
+ public SystemData()
+ {
+ CustomInit();
+ }
+
+ ///
+ /// Initializes a new instance of the SystemData class.
+ ///
+
+ /// The identity that created the resource.
+ ///
+
+ /// The type of identity that created the resource.
+ /// Possible values include: 'User', 'Application', 'ManagedIdentity', 'Key'
+
+ /// The timestamp of resource creation (UTC).
+ ///
+
+ /// The identity that last modified the resource.
+ ///
+
+ /// The type of identity that last modified the resource.
+ /// Possible values include: 'User', 'Application', 'ManagedIdentity', 'Key'
+
+ /// The timestamp of resource last modification (UTC)
+ ///
+ public SystemData(string createdBy = default(string), string createdByType = default(string), System.DateTime? createdAt = default(System.DateTime?), string lastModifiedBy = default(string), string lastModifiedByType = default(string), System.DateTime? lastModifiedAt = default(System.DateTime?))
+
+ {
+ this.CreatedBy = createdBy;
+ this.CreatedByType = createdByType;
+ this.CreatedAt = createdAt;
+ this.LastModifiedBy = lastModifiedBy;
+ this.LastModifiedByType = lastModifiedByType;
+ this.LastModifiedAt = lastModifiedAt;
+ CustomInit();
+ }
+
+ ///
+ /// An initialization method that performs custom operations like setting defaults
+ ///
+ partial void CustomInit();
+
+
+ ///
+ /// Gets or sets the identity that created the resource.
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "createdBy")]
+ public string CreatedBy {get; set; }
+
+ ///
+ /// Gets or sets the type of identity that created the resource. Possible values include: 'User', 'Application', 'ManagedIdentity', 'Key'
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "createdByType")]
+ public string CreatedByType {get; set; }
+
+ ///
+ /// Gets or sets the timestamp of resource creation (UTC).
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "createdAt")]
+ public System.DateTime? CreatedAt {get; set; }
+
+ ///
+ /// Gets or sets the identity that last modified the resource.
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "lastModifiedBy")]
+ public string LastModifiedBy {get; set; }
+
+ ///
+ /// Gets or sets the type of identity that last modified the resource. Possible values include: 'User', 'Application', 'ManagedIdentity', 'Key'
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "lastModifiedByType")]
+ public string LastModifiedByType {get; set; }
+
+ ///
+ /// Gets or sets the timestamp of resource last modification (UTC)
+ ///
+ [Newtonsoft.Json.JsonProperty(PropertyName = "lastModifiedAt")]
+ public System.DateTime? LastModifiedAt {get; set; }
+ }
+}
\ No newline at end of file
diff --git a/src/Resources/Authorization.Management.Sdk/README.md b/src/Resources/Authorization.Management.Sdk/README.md
index 77b88bf75fbe..107cecbf1f1a 100644
--- a/src/Resources/Authorization.Management.Sdk/README.md
+++ b/src/Resources/Authorization.Management.Sdk/README.md
@@ -23,16 +23,20 @@ payload-flattening-threshold: 2
###
``` yaml
-commit: 526e6049f46d58a5077850731dce19ab9767988f
+commit: 31fb4b3e5acb94b16df4a9e6b513057280bd5678
+# Updated 2026-03-29: Swagger PR #41104 merged. Commit hash updated to merge commit.
+# Path structure changed: specs moved under /Authorization/ subfolder.
+# DenyAssignmentGetCalls (2018-07-01-preview, GET-only) replaced with DenyAssignmentCalls (2024-07-01-preview, full CRUD).
+# ClassicAdminCalls moved from preview/2015-06-01 to stable/2015-06-01.
input-file:
- - https://github.com/Azure/azure-rest-api-specs/blob/$(commit)/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/authorization-RoleDefinitionsCalls.json
- - https://github.com/Azure/azure-rest-api-specs/blob/$(commit)/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-05-01-preview/common-types.json
- - https://github.com/Azure/azure-rest-api-specs/blob/$(commit)/specification/authorization/resource-manager/Microsoft.Authorization/preview/2015-06-01/authorization-ClassicAdminCalls.json
- - https://github.com/Azure/azure-rest-api-specs/blob/$(commit)/specification/authorization/resource-manager/Microsoft.Authorization/stable/2015-07-01/authorization-ElevateAccessCalls.json
- - https://github.com/Azure/azure-rest-api-specs/blob/$(commit)/specification/authorization/resource-manager/Microsoft.Authorization/preview/2018-01-01-preview/authorization-ProviderOperationsCalls.json
- - https://github.com/Azure/azure-rest-api-specs/blob/$(commit)/specification/authorization/resource-manager/Microsoft.Authorization/preview/2018-07-01-preview/authorization-DenyAssignmentGetCalls.json
- - https://github.com/Azure/azure-rest-api-specs/blob/$(commit)/specification/authorization/resource-manager/Microsoft.Authorization/preview/2019-08-01-preview/authorization-UsageMetricsCalls.json
- - https://github.com/Azure/azure-rest-api-specs/blob/$(commit)/specification/authorization/resource-manager/Microsoft.Authorization/preview/2020-08-01-preview/authorization-RoleAssignmentsCalls.json
+ - https://github.com/Azure/azure-rest-api-specs/blob/$(commit)/specification/authorization/resource-manager/Microsoft.Authorization/Authorization/preview/2022-05-01-preview/authorization-RoleDefinitionsCalls.json
+ - https://github.com/Azure/azure-rest-api-specs/blob/$(commit)/specification/authorization/resource-manager/Microsoft.Authorization/Authorization/preview/2022-05-01-preview/common-types.json
+ - https://github.com/Azure/azure-rest-api-specs/blob/$(commit)/specification/authorization/resource-manager/Microsoft.Authorization/Authorization/stable/2015-06-01/authorization-ClassicAdminCalls.json
+ - https://github.com/Azure/azure-rest-api-specs/blob/$(commit)/specification/authorization/resource-manager/Microsoft.Authorization/Authorization/stable/2015-07-01/authorization-ElevateAccessCalls.json
+ - https://github.com/Azure/azure-rest-api-specs/blob/$(commit)/specification/authorization/resource-manager/Microsoft.Authorization/Authorization/preview/2018-01-01-preview/authorization-ProviderOperationsCalls.json
+ - https://github.com/Azure/azure-rest-api-specs/blob/$(commit)/specification/authorization/resource-manager/Microsoft.Authorization/Authorization/preview/2024-07-01-preview/authorization-DenyAssignmentCalls.json
+ - https://github.com/Azure/azure-rest-api-specs/blob/$(commit)/specification/authorization/resource-manager/Microsoft.Authorization/Authorization/preview/2019-08-01-preview/authorization-UsageMetricsCalls.json
+ - https://github.com/Azure/azure-rest-api-specs/blob/$(commit)/specification/authorization/resource-manager/Microsoft.Authorization/Authorization/preview/2020-08-01-preview/authorization-RoleAssignmentsCalls.json
output-folder: Generated
diff --git a/src/Resources/Resources.Test/ScenarioTests/DenyAssignmentCrudTests.cs b/src/Resources/Resources.Test/ScenarioTests/DenyAssignmentCrudTests.cs
new file mode 100644
index 000000000000..09d783da44ef
--- /dev/null
+++ b/src/Resources/Resources.Test/ScenarioTests/DenyAssignmentCrudTests.cs
@@ -0,0 +1,127 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.WindowsAzure.Commands.ScenarioTest;
+using Xunit;
+using Xunit.Abstractions;
+
+namespace Microsoft.Azure.Commands.Resources.Test.ScenarioTests
+{
+ ///
+ /// Tests for New-AzDenyAssignment and Remove-AzDenyAssignment cmdlets.
+ /// PP1 model: principals = Everyone (SystemDefined), excludePrincipals required.
+ ///
+ public class DenyAssignmentCrudTests : ResourcesTestRunner
+ {
+ public DenyAssignmentCrudTests(ITestOutputHelper output) : base(output)
+ {
+ }
+
+ // =============================================
+ // New-AzDenyAssignment tests
+ // =============================================
+
+ [Fact]
+ [Trait(Category.AcceptanceType, Category.LiveOnly)]
+ public void NewDaAtSubscriptionScope()
+ {
+ TestRunner.RunTestScript("Test-NewDaAtSubscriptionScope");
+ }
+
+ [Fact]
+ [Trait(Category.AcceptanceType, Category.LiveOnly)]
+ public void NewDaAtResourceGroupScope()
+ {
+ TestRunner.RunTestScript("Test-NewDaAtResourceGroupScope");
+ }
+
+ [Fact]
+ [Trait(Category.AcceptanceType, Category.LiveOnly)]
+ public void NewDaWithDataActions()
+ {
+ TestRunner.RunTestScript("Test-NewDaWithDataActions");
+ }
+
+ [Fact]
+ [Trait(Category.AcceptanceType, Category.LiveOnly)]
+ public void NewDaWithExcludePrincipals()
+ {
+ TestRunner.RunTestScript("Test-NewDaWithExcludePrincipals");
+ }
+
+ [Fact]
+ [Trait(Category.AcceptanceType, Category.LiveOnly)]
+ public void NewDaDoNotApplyToChildScopes()
+ {
+ TestRunner.RunTestScript("Test-NewDaDoNotApplyToChildScopes");
+ }
+
+ [Fact]
+ [Trait(Category.AcceptanceType, Category.LiveOnly)]
+ public void NewDaFromInputFile()
+ {
+ TestRunner.RunTestScript("Test-NewDaFromInputFile");
+ }
+
+ [Fact]
+ [Trait(Category.AcceptanceType, Category.LiveOnly)]
+ public void NewDaWithCustomId()
+ {
+ TestRunner.RunTestScript("Test-NewDaWithCustomId");
+ }
+
+ // =============================================
+ // Remove-AzDenyAssignment tests
+ // =============================================
+
+ [Fact]
+ [Trait(Category.AcceptanceType, Category.LiveOnly)]
+ public void RemoveDaById()
+ {
+ TestRunner.RunTestScript("Test-RemoveDaById");
+ }
+
+ [Fact]
+ [Trait(Category.AcceptanceType, Category.LiveOnly)]
+ public void RemoveDaByNameAndScope()
+ {
+ TestRunner.RunTestScript("Test-RemoveDaByNameAndScope");
+ }
+
+ [Fact]
+ [Trait(Category.AcceptanceType, Category.LiveOnly)]
+ public void RemoveDaByInputObject()
+ {
+ TestRunner.RunTestScript("Test-RemoveDaByInputObject");
+ }
+
+ [Fact]
+ [Trait(Category.AcceptanceType, Category.LiveOnly)]
+ public void RemoveDaWithPassThru()
+ {
+ TestRunner.RunTestScript("Test-RemoveDaWithPassThru");
+ }
+
+ // =============================================
+ // End-to-end: Create then Delete
+ // =============================================
+
+ [Fact]
+ [Trait(Category.AcceptanceType, Category.LiveOnly)]
+ public void NewAndRemoveDaEndToEnd()
+ {
+ TestRunner.RunTestScript("Test-NewAndRemoveDaEndToEnd");
+ }
+ }
+}
diff --git a/src/Resources/Resources.Test/ScenarioTests/DenyAssignmentCrudTests.ps1 b/src/Resources/Resources.Test/ScenarioTests/DenyAssignmentCrudTests.ps1
new file mode 100644
index 000000000000..277034891222
--- /dev/null
+++ b/src/Resources/Resources.Test/ScenarioTests/DenyAssignmentCrudTests.ps1
@@ -0,0 +1,399 @@
+# ----------------------------------------------------------------------------------
+#
+# Copyright Microsoft Corporation
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ----------------------------------------------------------------------------------
+
+# Scenario tests for New-AzDenyAssignment and Remove-AzDenyAssignment
+
+# Helper: Get a valid user principal ID for the exclude list.
+# In Record mode with SP auth, Graph API calls (Get-AzADUser) may fail
+# due to insufficient permissions. Use the known tenant admin user ID.
+function Get-TestExcludePrincipalId
+{
+ # Prefer environment variable for CI/CD flexibility
+ if ($env:TEST_EXCLUDE_PRINCIPAL_ID) {
+ return $env:TEST_EXCLUDE_PRINCIPAL_ID
+ }
+ try {
+ return (Get-AzADUser -SignedIn).Id
+ } catch {
+ # SP auth fallback: known user in the test tenant — override via TEST_EXCLUDE_PRINCIPAL_ID
+ return "1840cc0e-55b5-442d-bbf6-52c0c7e27302"
+ }
+}
+#
+# PP1 API model:
+# - Principals must be Everyone (SystemDefined with Guid.Empty)
+# - ExcludePrincipals is required (at least one)
+# - DataActions not supported
+# - DoNotApplyToChildScopes not supported
+# - Read actions cannot be denied; only write/delete/action
+
+<#
+.SYNOPSIS
+Creates a deny assignment at subscription scope with basic parameters.
+#>
+function Test-NewDaAtSubscriptionScope
+{
+ $subscriptionScope = "/subscriptions/$((Get-AzContext).Subscription.Id)"
+ $excludePrincipalId = Get-TestExcludePrincipalId
+ $daName = "Test-DA-SubScope-" + [Guid]::NewGuid().ToString().Substring(0, 8)
+
+ try
+ {
+ $da = New-AzDenyAssignment `
+ -DenyAssignmentName $daName `
+ -Description "Test deny assignment at subscription scope" `
+ -Scope $subscriptionScope `
+ -Action "Microsoft.Storage/storageAccounts/write" `
+ -ExcludePrincipalId $excludePrincipalId
+
+ Assert-NotNull $da
+ Assert-AreEqual $daName $da.DenyAssignmentName
+ Assert-AreEqual $subscriptionScope $da.Scope
+ Assert-NotNull $da.Id
+ }
+ finally
+ {
+ if ($da)
+ {
+ Remove-AzDenyAssignment -Id $da.Id -Force
+ }
+ }
+}
+
+<#
+.SYNOPSIS
+Creates a deny assignment at resource group scope.
+#>
+function Test-NewDaAtResourceGroupScope
+{
+ $rgName = "PowershellTest"
+ $rg = Get-AzResourceGroup -Name $rgName
+ $rgScope = $rg.ResourceId
+ $excludePrincipalId = Get-TestExcludePrincipalId
+ $daName = "Test-DA-RGScope-" + [Guid]::NewGuid().ToString().Substring(0, 8)
+
+ try
+ {
+ $da = New-AzDenyAssignment `
+ -DenyAssignmentName $daName `
+ -Description "Test deny assignment at resource group scope" `
+ -Scope $rgScope `
+ -Action "Microsoft.Storage/storageAccounts/write" `
+ -ExcludePrincipalId $excludePrincipalId
+
+ Assert-NotNull $da
+ Assert-AreEqual $daName $da.DenyAssignmentName
+ Assert-True { $da.Scope -like "*$rgName*" }
+ }
+ finally
+ {
+ if ($da)
+ {
+ Remove-AzDenyAssignment -Id $da.Id -Force
+ }
+ }
+}
+
+<#
+.SYNOPSIS
+Verifies that data actions are rejected by PP1 API.
+#>
+function Test-NewDaWithDataActions
+{
+ $subscriptionScope = "/subscriptions/$((Get-AzContext).Subscription.Id)"
+ $excludePrincipalId = Get-TestExcludePrincipalId
+
+ Assert-Throws {
+ New-AzDenyAssignment `
+ -DenyAssignmentName "Test-DA-DataActions" `
+ -Scope $subscriptionScope `
+ -DataAction "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read" `
+ -ExcludePrincipalId $excludePrincipalId
+ }
+}
+
+<#
+.SYNOPSIS
+Creates a deny assignment with multiple excluded principals.
+#>
+function Test-NewDaWithExcludePrincipals
+{
+ $subscriptionScope = "/subscriptions/$((Get-AzContext).Subscription.Id)"
+ $excludeUser = Get-TestExcludePrincipalId
+ $spId = "c090fe3f-66fa-4e18-8142-107d8f4cd0e4" # DenyAssignmentTestApp
+ $daName = "Test-DA-ExcludePrincipals-" + [Guid]::NewGuid().ToString().Substring(0, 8)
+
+ try
+ {
+ # Exclude both the user and the test service principal
+ $da = New-AzDenyAssignment `
+ -DenyAssignmentName $daName `
+ -Description "Test deny assignment with multiple exclude principals" `
+ -Scope $subscriptionScope `
+ -Action "Microsoft.Storage/storageAccounts/write" `
+ -ExcludePrincipalId @($excludeUser, $spId) `
+ -ExcludePrincipalType @("User", "ServicePrincipal")
+
+ Assert-NotNull $da
+ Assert-True { $da.ExcludePrincipals.Count -ge 2 }
+ }
+ finally
+ {
+ if ($da)
+ {
+ Remove-AzDenyAssignment -Id $da.Id -Force
+ }
+ }
+}
+
+<#
+.SYNOPSIS
+Verifies that DoNotApplyToChildScopes is rejected by PP1 API.
+#>
+function Test-NewDaDoNotApplyToChildScopes
+{
+ $subscriptionScope = "/subscriptions/$((Get-AzContext).Subscription.Id)"
+ $excludePrincipalId = Get-TestExcludePrincipalId
+
+ Assert-Throws {
+ New-AzDenyAssignment `
+ -DenyAssignmentName "Test-DA-ChildScopes" `
+ -Scope $subscriptionScope `
+ -Action "Microsoft.Storage/storageAccounts/write" `
+ -ExcludePrincipalId $excludePrincipalId `
+ -DoNotApplyToChildScope
+ }
+}
+
+<#
+.SYNOPSIS
+Creates a deny assignment from a JSON input file.
+#>
+function Test-NewDaFromInputFile
+{
+ $subscriptionScope = "/subscriptions/$((Get-AzContext).Subscription.Id)"
+ $excludePrincipalId = Get-TestExcludePrincipalId
+ $daName = "Test-DA-InputFile-" + [Guid]::NewGuid().ToString().Substring(0, 8)
+
+ $inputObj = @{
+ denyAssignmentName = $daName
+ description = "Created from input file"
+ actions = @("Microsoft.Storage/storageAccounts/write")
+ notActions = @()
+ dataActions = @()
+ notDataActions = @()
+ excludePrincipalIds = @($excludePrincipalId)
+ }
+
+ $tempFile = [System.IO.Path]::GetTempFileName() + ".json"
+ $inputObj | ConvertTo-Json -Depth 5 | Set-Content -Path $tempFile
+
+ try
+ {
+ $da = New-AzDenyAssignment `
+ -InputFile $tempFile `
+ -Scope $subscriptionScope
+
+ Assert-NotNull $da
+ Assert-AreEqual $daName $da.DenyAssignmentName
+ }
+ finally
+ {
+ if ($da)
+ {
+ Remove-AzDenyAssignment -Id $da.Id -Force
+ }
+ Remove-Item -Path $tempFile -Force -ErrorAction SilentlyContinue
+ }
+}
+
+<#
+.SYNOPSIS
+Creates a deny assignment with a specific GUID.
+#>
+function Test-NewDaWithCustomId
+{
+ $subscriptionScope = "/subscriptions/$((Get-AzContext).Subscription.Id)"
+ $excludePrincipalId = Get-TestExcludePrincipalId
+ $customId = [Guid]::NewGuid()
+ $daName = "Test-DA-CustomId-" + $customId.ToString().Substring(0, 8)
+
+ try
+ {
+ $da = New-AzDenyAssignment `
+ -DenyAssignmentName $daName `
+ -Description "Test deny assignment with custom ID" `
+ -Scope $subscriptionScope `
+ -Action "Microsoft.Storage/storageAccounts/write" `
+ -ExcludePrincipalId $excludePrincipalId `
+ -DenyAssignmentId $customId
+
+ Assert-NotNull $da
+ Assert-True { $da.Id -like "*$customId*" }
+ }
+ finally
+ {
+ if ($da)
+ {
+ Remove-AzDenyAssignment -Id $da.Id -Force
+ }
+ }
+}
+
+<#
+.SYNOPSIS
+Removes a deny assignment by its ID.
+#>
+function Test-RemoveDaById
+{
+ $subscriptionScope = "/subscriptions/$((Get-AzContext).Subscription.Id)"
+ $excludePrincipalId = Get-TestExcludePrincipalId
+ $daName = "Test-DA-RemoveById-" + [Guid]::NewGuid().ToString().Substring(0, 8)
+
+ $da = New-AzDenyAssignment `
+ -DenyAssignmentName $daName `
+ -Description "Test removal by ID" `
+ -Scope $subscriptionScope `
+ -Action "Microsoft.Storage/storageAccounts/write" `
+ -ExcludePrincipalId $excludePrincipalId
+
+ Assert-NotNull $da
+
+ try
+ {
+ Remove-AzDenyAssignment -Id $da.Id -Force
+
+ $result = Get-AzDenyAssignment -Id $da.Id -ErrorAction SilentlyContinue
+ Assert-Null $result
+ }
+ catch
+ {
+ # Cleanup on failure
+ Remove-AzDenyAssignment -Id $da.Id -Force -ErrorAction SilentlyContinue
+ throw
+ }
+}
+
+<#
+.SYNOPSIS
+Removes a deny assignment by name and scope.
+#>
+function Test-RemoveDaByNameAndScope
+{
+ $subscriptionScope = "/subscriptions/$((Get-AzContext).Subscription.Id)"
+ $excludePrincipalId = Get-TestExcludePrincipalId
+ $daName = "Test-DA-RemoveByName-" + [Guid]::NewGuid().ToString().Substring(0, 8)
+
+ $da = New-AzDenyAssignment `
+ -DenyAssignmentName $daName `
+ -Description "Test removal by name and scope" `
+ -Scope $subscriptionScope `
+ -Action "Microsoft.Storage/storageAccounts/write" `
+ -ExcludePrincipalId $excludePrincipalId
+
+ Assert-NotNull $da
+
+ Remove-AzDenyAssignment -DenyAssignmentName $daName -Scope $subscriptionScope -Force
+
+ $result = Get-AzDenyAssignment -Id $da.Id -ErrorAction SilentlyContinue
+ Assert-Null $result
+}
+
+<#
+.SYNOPSIS
+Removes a deny assignment using pipeline InputObject.
+#>
+function Test-RemoveDaByInputObject
+{
+ $subscriptionScope = "/subscriptions/$((Get-AzContext).Subscription.Id)"
+ $excludePrincipalId = Get-TestExcludePrincipalId
+ $daName = "Test-DA-RemoveByObj-" + [Guid]::NewGuid().ToString().Substring(0, 8)
+
+ $da = New-AzDenyAssignment `
+ -DenyAssignmentName $daName `
+ -Description "Test removal by InputObject" `
+ -Scope $subscriptionScope `
+ -Action "Microsoft.Storage/storageAccounts/write" `
+ -ExcludePrincipalId $excludePrincipalId
+
+ Assert-NotNull $da
+
+ $da | Remove-AzDenyAssignment -Force
+
+ $result = Get-AzDenyAssignment -Id $da.Id -ErrorAction SilentlyContinue
+ Assert-Null $result
+}
+
+<#
+.SYNOPSIS
+Removes a deny assignment with PassThru and verifies the returned object.
+#>
+function Test-RemoveDaWithPassThru
+{
+ $subscriptionScope = "/subscriptions/$((Get-AzContext).Subscription.Id)"
+ $excludePrincipalId = Get-TestExcludePrincipalId
+ $daName = "Test-DA-PassThru-" + [Guid]::NewGuid().ToString().Substring(0, 8)
+
+ $da = New-AzDenyAssignment `
+ -DenyAssignmentName $daName `
+ -Description "Test removal with PassThru" `
+ -Scope $subscriptionScope `
+ -Action "Microsoft.Storage/storageAccounts/write" `
+ -ExcludePrincipalId $excludePrincipalId
+
+ Assert-NotNull $da
+
+ $result = Remove-AzDenyAssignment -Id $da.Id -PassThru -Force
+
+ Assert-NotNull $result
+ Assert-AreEqual $da.Id $result.Id
+}
+
+<#
+.SYNOPSIS
+End-to-end: Create a deny assignment, verify it via Get, then delete it and verify deletion.
+#>
+function Test-NewAndRemoveDaEndToEnd
+{
+ # Clear errors from module loading to avoid false test failures
+ $Error.Clear()
+ $subscriptionScope = "/subscriptions/$((Get-AzContext).Subscription.Id)"
+ $excludePrincipalId = Get-TestExcludePrincipalId
+ $daName = "Test-DA-E2E-" + [Guid]::NewGuid().ToString().Substring(0, 8)
+
+ # 1. Create
+ $da = New-AzDenyAssignment `
+ -DenyAssignmentName $daName `
+ -Description "End-to-end test deny assignment" `
+ -Scope $subscriptionScope `
+ -Action "Microsoft.Storage/storageAccounts/write" `
+ -ExcludePrincipalId $excludePrincipalId
+
+ Assert-NotNull $da
+ Assert-AreEqual $daName $da.DenyAssignmentName
+ Assert-AreEqual "End-to-end test deny assignment" $da.Description
+
+ # 2. Verify via Get
+ $fetched = Get-AzDenyAssignment -Id $da.Id
+ Assert-NotNull $fetched
+ Assert-AreEqual $da.DenyAssignmentName $fetched.DenyAssignmentName
+ Assert-AreEqual $da.Id $fetched.Id
+
+ # 3. Delete
+ Remove-AzDenyAssignment -Id $da.Id -Force
+
+ # 4. Verify gone
+ $gone = Get-AzDenyAssignment -Id $da.Id -ErrorAction SilentlyContinue
+ Assert-Null $gone
+}
diff --git a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/NewAndRemoveDaEndToEnd.json b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/NewAndRemoveDaEndToEnd.json
new file mode 100644
index 000000000000..c36862e1dcf9
--- /dev/null
+++ b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/NewAndRemoveDaEndToEnd.json
@@ -0,0 +1,551 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/79ec398b-bfd7-44fb-aac6-a7d378bd243c?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzc5ZWMzOThiLWJmZDctNDRmYi1hYWM2LWE3ZDM3OGJkMjQzYz9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "PUT",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "a3646292-cb64-40b8-96b0-65a00ae3cd00"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Content-Length": [
+ "660"
+ ]
+ },
+ "RequestBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-E2E-c03ba7c7\",\r\n \"description\": \"End-to-end test deny assignment\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ]\r\n }\r\n}",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "215cc3a8-3587-486d-b744-b4a42884701a"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/f27f22f9-dcec-4acd-8a53-d8b00d84cf7c"
+ ],
+ "x-ms-ratelimit-remaining-subscription-writes": [
+ "199"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-writes": [
+ "2999"
+ ],
+ "x-ms-correlation-request-id": [
+ "f0a2e913-87a3-4b94-8b32-5bd143811c83"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213851Z:f0a2e913-87a3-4b94-8b32-5bd143811c83"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 35A708E2BE46442AA917EB5FB69AACBF Ref B: AMS231032608033 Ref C: 2026-03-31T21:38:50Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:51 GMT"
+ ],
+ "Content-Length": [
+ "955"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-E2E-c03ba7c7\",\r\n \"description\": \"End-to-end test deny assignment\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:38:50.9153775Z\",\r\n \"updatedOn\": \"2026-03-31T21:38:50.9153775Z\",\r\n \"createdBy\": null,\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/79ec398b-bfd7-44fb-aac6-a7d378bd243c\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"79ec398b-bfd7-44fb-aac6-a7d378bd243c\"\r\n}",
+ "StatusCode": 201
+ },
+ {
+ "RequestUri": "/v1.0/directoryObjects/1840cc0e-55b5-442d-bbf6-52c0c7e27302",
+ "EncodedRequestUri": "L3YxLjAvZGlyZWN0b3J5T2JqZWN0cy8xODQwY2MwZS01NWI1LTQ0MmQtYmJmNi01MmMwYzdlMjczMDI=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "a3646292-cb64-40b8-96b0-65a00ae3cd00"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Commands.Common.MSGraph.Version1.0.MicrosoftGraphClient/1.3.110"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Transfer-Encoding": [
+ "chunked"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000"
+ ],
+ "request-id": [
+ "8070ef9b-29fa-403a-99e3-68aba9c95384"
+ ],
+ "client-request-id": [
+ "8070ef9b-29fa-403a-99e3-68aba9c95384"
+ ],
+ "x-ms-ags-diagnostic": [
+ "{\"ServerInfo\":{\"DataCenter\":\"West Europe\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"004\",\"RoleInstance\":\"AM2PEPF0000BE3B\"}}"
+ ],
+ "x-ms-resource-unit": [
+ "1"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:51 GMT"
+ ],
+ "Content-Type": [
+ "application/json"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"Authorization_RequestDenied\",\r\n \"message\": \"Insufficient privileges to complete the operation.\",\r\n \"innerError\": {\r\n \"date\": \"2026-03-31T21:38:52\",\r\n \"request-id\": \"8070ef9b-29fa-403a-99e3-68aba9c95384\",\r\n \"client-request-id\": \"8070ef9b-29fa-403a-99e3-68aba9c95384\"\r\n }\r\n }\r\n}",
+ "StatusCode": 403
+ },
+ {
+ "RequestUri": "/v1.0/directoryObjects/1840cc0e-55b5-442d-bbf6-52c0c7e27302",
+ "EncodedRequestUri": "L3YxLjAvZGlyZWN0b3J5T2JqZWN0cy8xODQwY2MwZS01NWI1LTQ0MmQtYmJmNi01MmMwYzdlMjczMDI=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "cb9619ee-13cf-493e-8cec-330187b90ff6"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Commands.Common.MSGraph.Version1.0.MicrosoftGraphClient/1.3.110"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Transfer-Encoding": [
+ "chunked"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000"
+ ],
+ "request-id": [
+ "8651d585-aaee-4c09-9fc5-9eff77cadfe6"
+ ],
+ "client-request-id": [
+ "8651d585-aaee-4c09-9fc5-9eff77cadfe6"
+ ],
+ "x-ms-ags-diagnostic": [
+ "{\"ServerInfo\":{\"DataCenter\":\"West Europe\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"008\",\"RoleInstance\":\"AM2PEPF0005DE89\"}}"
+ ],
+ "x-ms-resource-unit": [
+ "1"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:52 GMT"
+ ],
+ "Content-Type": [
+ "application/json"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"Authorization_RequestDenied\",\r\n \"message\": \"Insufficient privileges to complete the operation.\",\r\n \"innerError\": {\r\n \"date\": \"2026-03-31T21:38:52\",\r\n \"request-id\": \"8651d585-aaee-4c09-9fc5-9eff77cadfe6\",\r\n \"client-request-id\": \"8651d585-aaee-4c09-9fc5-9eff77cadfe6\"\r\n }\r\n }\r\n}",
+ "StatusCode": 403
+ },
+ {
+ "RequestUri": "/v1.0/directoryObjects/1840cc0e-55b5-442d-bbf6-52c0c7e27302",
+ "EncodedRequestUri": "L3YxLjAvZGlyZWN0b3J5T2JqZWN0cy8xODQwY2MwZS01NWI1LTQ0MmQtYmJmNi01MmMwYzdlMjczMDI=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "8cd2037a-0798-4669-b4d2-5afea76220c6"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Commands.Common.MSGraph.Version1.0.MicrosoftGraphClient/1.3.110"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Transfer-Encoding": [
+ "chunked"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000"
+ ],
+ "request-id": [
+ "667be4aa-e5af-4975-85b0-09dd50cf6da1"
+ ],
+ "client-request-id": [
+ "667be4aa-e5af-4975-85b0-09dd50cf6da1"
+ ],
+ "x-ms-ags-diagnostic": [
+ "{\"ServerInfo\":{\"DataCenter\":\"West Europe\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"010\",\"RoleInstance\":\"AM4PEPF000278FC\"}}"
+ ],
+ "x-ms-resource-unit": [
+ "1"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:53 GMT"
+ ],
+ "Content-Type": [
+ "application/json"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"Authorization_RequestDenied\",\r\n \"message\": \"Insufficient privileges to complete the operation.\",\r\n \"innerError\": {\r\n \"date\": \"2026-03-31T21:38:53\",\r\n \"request-id\": \"667be4aa-e5af-4975-85b0-09dd50cf6da1\",\r\n \"client-request-id\": \"667be4aa-e5af-4975-85b0-09dd50cf6da1\"\r\n }\r\n }\r\n}",
+ "StatusCode": 403
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/79ec398b-bfd7-44fb-aac6-a7d378bd243c?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzc5ZWMzOThiLWJmZDctNDRmYi1hYWM2LWE3ZDM3OGJkMjQzYz9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "cb9619ee-13cf-493e-8cec-330187b90ff6"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "bc46347c-8932-46fc-a40b-292abd2477c8"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/19ba20c9-e8bf-4149-9816-99745e80427c"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "249"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-reads": [
+ "3749"
+ ],
+ "x-ms-correlation-request-id": [
+ "66c58304-7e9f-4b5b-919d-0674b96b4b14"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213852Z:66c58304-7e9f-4b5b-919d-0674b96b4b14"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 08CF296BC8704ABEA6DD605279392E32 Ref B: AMS231020512017 Ref C: 2026-03-31T21:38:52Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:51 GMT"
+ ],
+ "Content-Length": [
+ "989"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-E2E-c03ba7c7\",\r\n \"description\": \"End-to-end test deny assignment\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:38:51.0843768Z\",\r\n \"updatedOn\": \"2026-03-31T21:38:51.0843768Z\",\r\n \"createdBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\",\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/79ec398b-bfd7-44fb-aac6-a7d378bd243c\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"79ec398b-bfd7-44fb-aac6-a7d378bd243c\"\r\n}",
+ "StatusCode": 200
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/79ec398b-bfd7-44fb-aac6-a7d378bd243c?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzc5ZWMzOThiLWJmZDctNDRmYi1hYWM2LWE3ZDM3OGJkMjQzYz9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "8cd2037a-0798-4669-b4d2-5afea76220c6"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "343a2997-386a-4ff1-b8dc-33e61624cd51"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/859a8992-b24c-4ba4-8837-7f4c862722a5"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "249"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-reads": [
+ "3749"
+ ],
+ "x-ms-correlation-request-id": [
+ "a781e93b-c7cb-4569-9ec6-151a500a37bc"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213853Z:a781e93b-c7cb-4569-9ec6-151a500a37bc"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 193DAC7FE5B54963BF597D53E8B3D994 Ref B: AMS231020614009 Ref C: 2026-03-31T21:38:52Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:53 GMT"
+ ],
+ "Content-Length": [
+ "989"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-E2E-c03ba7c7\",\r\n \"description\": \"End-to-end test deny assignment\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:38:51.0843768Z\",\r\n \"updatedOn\": \"2026-03-31T21:38:51.0843768Z\",\r\n \"createdBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\",\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/79ec398b-bfd7-44fb-aac6-a7d378bd243c\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"79ec398b-bfd7-44fb-aac6-a7d378bd243c\"\r\n}",
+ "StatusCode": 200
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/79ec398b-bfd7-44fb-aac6-a7d378bd243c?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzc5ZWMzOThiLWJmZDctNDRmYi1hYWM2LWE3ZDM3OGJkMjQzYz9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "43baf802-3b33-4df9-8a65-33ef92a1d9da"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "e5b668e8-30ad-4924-b9cf-61d55f502c77"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/6253bfef-1e00-4c14-9c6a-097f674dcd00"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "249"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-reads": [
+ "3749"
+ ],
+ "x-ms-correlation-request-id": [
+ "38b9cfc2-98e9-4d98-bcdc-8fb73379dd95"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213857Z:38b9cfc2-98e9-4d98-bcdc-8fb73379dd95"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 5684A71365D04E498FD0DD21F99D95EC Ref B: AMS231032607035 Ref C: 2026-03-31T21:38:56Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:57 GMT"
+ ],
+ "Content-Length": [
+ "129"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"DenyAssignmentNotFound\",\r\n \"message\": \"The deny assignment '79ec398b-bfd7-44fb-aac6-a7d378bd243c' was not found.\"\r\n }\r\n}",
+ "StatusCode": 404
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/79ec398b-bfd7-44fb-aac6-a7d378bd243c?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzc5ZWMzOThiLWJmZDctNDRmYi1hYWM2LWE3ZDM3OGJkMjQzYz9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "DELETE",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "8cd2037a-0798-4669-b4d2-5afea76220c6"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "d86109e9-97a1-4ff7-bc76-7db120b13fbf"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/4c820b05-824f-4520-841b-3cf8415bcbc1"
+ ],
+ "x-ms-ratelimit-remaining-subscription-deletes": [
+ "199"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-deletes": [
+ "2999"
+ ],
+ "x-ms-correlation-request-id": [
+ "80996bbb-a1ac-4963-8dac-089bc4db5105"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213856Z:80996bbb-a1ac-4963-8dac-089bc4db5105"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 41C7073C87FD49F69FAB6D22E62653DF Ref B: AMS231020614009 Ref C: 2026-03-31T21:38:53Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:56 GMT"
+ ],
+ "Content-Length": [
+ "989"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-E2E-c03ba7c7\",\r\n \"description\": \"End-to-end test deny assignment\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:38:51.0843768Z\",\r\n \"updatedOn\": \"2026-03-31T21:38:54.2133044Z\",\r\n \"createdBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\",\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/79ec398b-bfd7-44fb-aac6-a7d378bd243c\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"79ec398b-bfd7-44fb-aac6-a7d378bd243c\"\r\n}",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "34560e2c-8954-4848-a8d2-dc419301b9fc"
+ }
+}
\ No newline at end of file
diff --git a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/NewDaAtResourceGroupScope.json b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/NewDaAtResourceGroupScope.json
new file mode 100644
index 000000000000..127c70c7fd2c
--- /dev/null
+++ b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/NewDaAtResourceGroupScope.json
@@ -0,0 +1,419 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/resourcegroups/PowershellTest?api-version=2024-11-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvMzQ1NjBlMmMtODk1NC00ODQ4LWE4ZDItZGM0MTkzMDFiOWZjL3Jlc291cmNlZ3JvdXBzL1Bvd2Vyc2hlbGxUZXN0P2FwaS12ZXJzaW9uPTIwMjQtMTEtMDE=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "baaf4079-6b04-4e1f-a123-e1b35405b70c"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Resources.ResourceManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "249"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-reads": [
+ "3749"
+ ],
+ "x-ms-request-id": [
+ "2aed7c15-f764-47c9-b3b7-7d296c6379dc"
+ ],
+ "x-ms-correlation-request-id": [
+ "2aed7c15-f764-47c9-b3b7-7d296c6379dc"
+ ],
+ "x-ms-routing-request-id": [
+ "EASTUS2:20260331T213834Z:2aed7c15-f764-47c9-b3b7-7d296c6379dc"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 3800EE71F0F24BA2BCC7B02A8859244B Ref B: AMS231032608037 Ref C: 2026-03-31T21:38:34Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:34 GMT"
+ ],
+ "Content-Length": [
+ "226"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/resourceGroups/PowershellTest\",\r\n \"name\": \"PowershellTest\",\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"location\": \"eastus2\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\"\r\n }\r\n}",
+ "StatusCode": 200
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/resourceGroups/PowershellTest/providers/Microsoft.Authorization/denyAssignments/14665c70-2d1a-4052-bee0-3a88fdb902d2?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9yZXNvdXJjZUdyb3Vwcy9Qb3dlcnNoZWxsVGVzdC9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzE0NjY1YzcwLTJkMWEtNDA1Mi1iZWUwLTNhODhmZGI5MDJkMj9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "PUT",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "5beaa51b-f027-45ca-9b9b-6608ec5b0453"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Content-Length": [
+ "677"
+ ]
+ },
+ "RequestBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-RGScope-fedfa5ac\",\r\n \"description\": \"Test deny assignment at resource group scope\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ]\r\n }\r\n}",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "b14bfb0c-c80d-4dd3-8bdd-7d65c0bcd243"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/eastus2/af69d421-efcf-4e55-8028-506a9a76d83e"
+ ],
+ "x-ms-ratelimit-remaining-subscription-writes": [
+ "199"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-writes": [
+ "2999"
+ ],
+ "x-ms-correlation-request-id": [
+ "b6c044a0-3efb-4b13-beee-5a1c5736b307"
+ ],
+ "x-ms-routing-request-id": [
+ "EASTUS2:20260331T213837Z:b6c044a0-3efb-4b13-beee-5a1c5736b307"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 59182BC243BB443E95EAE6B5F8617DD4 Ref B: AMS231020615009 Ref C: 2026-03-31T21:38:35Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:37 GMT"
+ ],
+ "Content-Length": [
+ "1032"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-RGScope-fedfa5ac\",\r\n \"description\": \"Test deny assignment at resource group scope\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/resourceGroups/PowershellTest\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:38:36.3671103Z\",\r\n \"updatedOn\": \"2026-03-31T21:38:36.3671103Z\",\r\n \"createdBy\": null,\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/resourceGroups/PowershellTest/providers/Microsoft.Authorization/denyAssignments/14665c70-2d1a-4052-bee0-3a88fdb902d2\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"14665c70-2d1a-4052-bee0-3a88fdb902d2\"\r\n}",
+ "StatusCode": 201
+ },
+ {
+ "RequestUri": "/v1.0/directoryObjects/1840cc0e-55b5-442d-bbf6-52c0c7e27302",
+ "EncodedRequestUri": "L3YxLjAvZGlyZWN0b3J5T2JqZWN0cy8xODQwY2MwZS01NWI1LTQ0MmQtYmJmNi01MmMwYzdlMjczMDI=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "5beaa51b-f027-45ca-9b9b-6608ec5b0453"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Commands.Common.MSGraph.Version1.0.MicrosoftGraphClient/1.3.110"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Transfer-Encoding": [
+ "chunked"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000"
+ ],
+ "request-id": [
+ "11ac83a4-8f0f-401a-a0b9-5fdcf7784fdc"
+ ],
+ "client-request-id": [
+ "11ac83a4-8f0f-401a-a0b9-5fdcf7784fdc"
+ ],
+ "x-ms-ags-diagnostic": [
+ "{\"ServerInfo\":{\"DataCenter\":\"West Europe\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"007\",\"RoleInstance\":\"AM4PEPF000278EA\"}}"
+ ],
+ "x-ms-resource-unit": [
+ "1"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:38 GMT"
+ ],
+ "Content-Type": [
+ "application/json"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"Authorization_RequestDenied\",\r\n \"message\": \"Insufficient privileges to complete the operation.\",\r\n \"innerError\": {\r\n \"date\": \"2026-03-31T21:38:38\",\r\n \"request-id\": \"11ac83a4-8f0f-401a-a0b9-5fdcf7784fdc\",\r\n \"client-request-id\": \"11ac83a4-8f0f-401a-a0b9-5fdcf7784fdc\"\r\n }\r\n }\r\n}",
+ "StatusCode": 403
+ },
+ {
+ "RequestUri": "/v1.0/directoryObjects/1840cc0e-55b5-442d-bbf6-52c0c7e27302",
+ "EncodedRequestUri": "L3YxLjAvZGlyZWN0b3J5T2JqZWN0cy8xODQwY2MwZS01NWI1LTQ0MmQtYmJmNi01MmMwYzdlMjczMDI=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "a6bcfa5b-10da-430e-9ec0-6e8cc3f492ae"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Commands.Common.MSGraph.Version1.0.MicrosoftGraphClient/1.3.110"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Transfer-Encoding": [
+ "chunked"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000"
+ ],
+ "request-id": [
+ "a9ec823c-938f-400f-b955-b36aeed7cd3d"
+ ],
+ "client-request-id": [
+ "a9ec823c-938f-400f-b955-b36aeed7cd3d"
+ ],
+ "x-ms-ags-diagnostic": [
+ "{\"ServerInfo\":{\"DataCenter\":\"West Europe\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"006\",\"RoleInstance\":\"AM1PEPF0009BB4B\"}}"
+ ],
+ "x-ms-resource-unit": [
+ "1"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:38 GMT"
+ ],
+ "Content-Type": [
+ "application/json"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"Authorization_RequestDenied\",\r\n \"message\": \"Insufficient privileges to complete the operation.\",\r\n \"innerError\": {\r\n \"date\": \"2026-03-31T21:38:39\",\r\n \"request-id\": \"a9ec823c-938f-400f-b955-b36aeed7cd3d\",\r\n \"client-request-id\": \"a9ec823c-938f-400f-b955-b36aeed7cd3d\"\r\n }\r\n }\r\n}",
+ "StatusCode": 403
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/resourceGroups/PowershellTest/providers/Microsoft.Authorization/denyAssignments/14665c70-2d1a-4052-bee0-3a88fdb902d2?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9yZXNvdXJjZUdyb3Vwcy9Qb3dlcnNoZWxsVGVzdC9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzE0NjY1YzcwLTJkMWEtNDA1Mi1iZWUwLTNhODhmZGI5MDJkMj9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "a6bcfa5b-10da-430e-9ec0-6e8cc3f492ae"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "77ae7234-91e3-4a55-849f-a2a015d1d0f6"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/eastus2/6c1af7fc-009c-4fe2-a12c-54f04d72a3e0"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "249"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-reads": [
+ "3749"
+ ],
+ "x-ms-correlation-request-id": [
+ "34168544-4f0a-4c14-bf12-6c5b103e2fd5"
+ ],
+ "x-ms-routing-request-id": [
+ "EASTUS2:20260331T213838Z:34168544-4f0a-4c14-bf12-6c5b103e2fd5"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 9E6800F4A02345F69AD4327A0AB59C76 Ref B: AMS231020512031 Ref C: 2026-03-31T21:38:38Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:38 GMT"
+ ],
+ "Content-Length": [
+ "1066"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-RGScope-fedfa5ac\",\r\n \"description\": \"Test deny assignment at resource group scope\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/resourceGroups/PowershellTest\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:38:37.2364362Z\",\r\n \"updatedOn\": \"2026-03-31T21:38:37.2364362Z\",\r\n \"createdBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\",\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/resourceGroups/PowershellTest/providers/Microsoft.Authorization/denyAssignments/14665c70-2d1a-4052-bee0-3a88fdb902d2\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"14665c70-2d1a-4052-bee0-3a88fdb902d2\"\r\n}",
+ "StatusCode": 200
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/resourceGroups/PowershellTest/providers/Microsoft.Authorization/denyAssignments/14665c70-2d1a-4052-bee0-3a88fdb902d2?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9yZXNvdXJjZUdyb3Vwcy9Qb3dlcnNoZWxsVGVzdC9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzE0NjY1YzcwLTJkMWEtNDA1Mi1iZWUwLTNhODhmZGI5MDJkMj9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "DELETE",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "a6bcfa5b-10da-430e-9ec0-6e8cc3f492ae"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "6eac662f-c675-44dc-b898-3a701803335d"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/eastus2/94f83197-dd40-40c6-8e71-d45f0c0c8a82"
+ ],
+ "x-ms-ratelimit-remaining-subscription-deletes": [
+ "199"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-deletes": [
+ "2999"
+ ],
+ "x-ms-correlation-request-id": [
+ "7ab3351c-f10a-40d8-a184-223579491dff"
+ ],
+ "x-ms-routing-request-id": [
+ "EASTUS2:20260331T213840Z:7ab3351c-f10a-40d8-a184-223579491dff"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 1BB6CA478B264404B24F2E3E245318F2 Ref B: AMS231020512031 Ref C: 2026-03-31T21:38:39Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:40 GMT"
+ ],
+ "Content-Length": [
+ "1066"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-RGScope-fedfa5ac\",\r\n \"description\": \"Test deny assignment at resource group scope\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/resourceGroups/PowershellTest\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:38:37.2364362Z\",\r\n \"updatedOn\": \"2026-03-31T21:38:39.7675174Z\",\r\n \"createdBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\",\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/resourceGroups/PowershellTest/providers/Microsoft.Authorization/denyAssignments/14665c70-2d1a-4052-bee0-3a88fdb902d2\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"14665c70-2d1a-4052-bee0-3a88fdb902d2\"\r\n}",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "34560e2c-8954-4848-a8d2-dc419301b9fc"
+ }
+}
\ No newline at end of file
diff --git a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/NewDaAtSubscriptionScope.json b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/NewDaAtSubscriptionScope.json
new file mode 100644
index 000000000000..bf9962329586
--- /dev/null
+++ b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/NewDaAtSubscriptionScope.json
@@ -0,0 +1,347 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/1c3d7a64-6dc9-4f1f-b34c-addc11ea1531?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzFjM2Q3YTY0LTZkYzktNGYxZi1iMzRjLWFkZGMxMWVhMTUzMT9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "PUT",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "6ff084ad-c516-4522-8d24-5d143e6a0fe8"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Content-Length": [
+ "676"
+ ]
+ },
+ "RequestBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-SubScope-eaaf4a4b\",\r\n \"description\": \"Test deny assignment at subscription scope\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ]\r\n }\r\n}",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "d42ff90c-f8c5-427c-8b7a-19bbfef3b643"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/c39311a4-2368-466a-bfba-585e08f6f3aa"
+ ],
+ "x-ms-ratelimit-remaining-subscription-writes": [
+ "199"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-writes": [
+ "2999"
+ ],
+ "x-ms-correlation-request-id": [
+ "77558c1b-d481-4eb3-a0bc-70c32d996590"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213831Z:77558c1b-d481-4eb3-a0bc-70c32d996590"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 3AD1BA96CFCE4F3D863438694FB46DDE Ref B: AMS231022012037 Ref C: 2026-03-31T21:38:28Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:30 GMT"
+ ],
+ "Content-Length": [
+ "971"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-SubScope-eaaf4a4b\",\r\n \"description\": \"Test deny assignment at subscription scope\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:38:29.0354295Z\",\r\n \"updatedOn\": \"2026-03-31T21:38:29.0354295Z\",\r\n \"createdBy\": null,\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/1c3d7a64-6dc9-4f1f-b34c-addc11ea1531\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"1c3d7a64-6dc9-4f1f-b34c-addc11ea1531\"\r\n}",
+ "StatusCode": 201
+ },
+ {
+ "RequestUri": "/v1.0/directoryObjects/1840cc0e-55b5-442d-bbf6-52c0c7e27302",
+ "EncodedRequestUri": "L3YxLjAvZGlyZWN0b3J5T2JqZWN0cy8xODQwY2MwZS01NWI1LTQ0MmQtYmJmNi01MmMwYzdlMjczMDI=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "6ff084ad-c516-4522-8d24-5d143e6a0fe8"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Commands.Common.MSGraph.Version1.0.MicrosoftGraphClient/1.3.110"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Transfer-Encoding": [
+ "chunked"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000"
+ ],
+ "request-id": [
+ "8b2e7d6e-3757-4e1e-b46f-efb4dcdfe7b5"
+ ],
+ "client-request-id": [
+ "8b2e7d6e-3757-4e1e-b46f-efb4dcdfe7b5"
+ ],
+ "x-ms-ags-diagnostic": [
+ "{\"ServerInfo\":{\"DataCenter\":\"West Europe\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"005\",\"RoleInstance\":\"AM4PEPF00015182\"}}"
+ ],
+ "x-ms-resource-unit": [
+ "1"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:30 GMT"
+ ],
+ "Content-Type": [
+ "application/json"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"Authorization_RequestDenied\",\r\n \"message\": \"Insufficient privileges to complete the operation.\",\r\n \"innerError\": {\r\n \"date\": \"2026-03-31T21:38:31\",\r\n \"request-id\": \"8b2e7d6e-3757-4e1e-b46f-efb4dcdfe7b5\",\r\n \"client-request-id\": \"8b2e7d6e-3757-4e1e-b46f-efb4dcdfe7b5\"\r\n }\r\n }\r\n}",
+ "StatusCode": 403
+ },
+ {
+ "RequestUri": "/v1.0/directoryObjects/1840cc0e-55b5-442d-bbf6-52c0c7e27302",
+ "EncodedRequestUri": "L3YxLjAvZGlyZWN0b3J5T2JqZWN0cy8xODQwY2MwZS01NWI1LTQ0MmQtYmJmNi01MmMwYzdlMjczMDI=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "f099b60a-83c2-42ba-aa12-d66f66624817"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Commands.Common.MSGraph.Version1.0.MicrosoftGraphClient/1.3.110"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Transfer-Encoding": [
+ "chunked"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000"
+ ],
+ "request-id": [
+ "89dae70f-ed9d-4aea-bc45-19084aa965f4"
+ ],
+ "client-request-id": [
+ "89dae70f-ed9d-4aea-bc45-19084aa965f4"
+ ],
+ "x-ms-ags-diagnostic": [
+ "{\"ServerInfo\":{\"DataCenter\":\"West Europe\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"011\",\"RoleInstance\":\"AM2PEPF0001BE80\"}}"
+ ],
+ "x-ms-resource-unit": [
+ "1"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:31 GMT"
+ ],
+ "Content-Type": [
+ "application/json"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"Authorization_RequestDenied\",\r\n \"message\": \"Insufficient privileges to complete the operation.\",\r\n \"innerError\": {\r\n \"date\": \"2026-03-31T21:38:31\",\r\n \"request-id\": \"89dae70f-ed9d-4aea-bc45-19084aa965f4\",\r\n \"client-request-id\": \"89dae70f-ed9d-4aea-bc45-19084aa965f4\"\r\n }\r\n }\r\n}",
+ "StatusCode": 403
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/1c3d7a64-6dc9-4f1f-b34c-addc11ea1531?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzFjM2Q3YTY0LTZkYzktNGYxZi1iMzRjLWFkZGMxMWVhMTUzMT9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "f099b60a-83c2-42ba-aa12-d66f66624817"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "9a45f8a9-6aad-4a75-a243-ef8a85a213e6"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/61400dee-784c-4c0d-a2f7-589659c2e182"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "249"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-reads": [
+ "3749"
+ ],
+ "x-ms-correlation-request-id": [
+ "a370075a-60a0-466a-8691-6407927e7503"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213831Z:a370075a-60a0-466a-8691-6407927e7503"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 8FEBD802632748539489302C74CAD74B Ref B: AMS231020615023 Ref C: 2026-03-31T21:38:31Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:31 GMT"
+ ],
+ "Content-Length": [
+ "1005"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-SubScope-eaaf4a4b\",\r\n \"description\": \"Test deny assignment at subscription scope\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:38:29.2044286Z\",\r\n \"updatedOn\": \"2026-03-31T21:38:29.2044286Z\",\r\n \"createdBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\",\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/1c3d7a64-6dc9-4f1f-b34c-addc11ea1531\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"1c3d7a64-6dc9-4f1f-b34c-addc11ea1531\"\r\n}",
+ "StatusCode": 200
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/1c3d7a64-6dc9-4f1f-b34c-addc11ea1531?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzFjM2Q3YTY0LTZkYzktNGYxZi1iMzRjLWFkZGMxMWVhMTUzMT9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "DELETE",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "f099b60a-83c2-42ba-aa12-d66f66624817"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "149e9eec-c335-4b02-bc80-124a8f51676a"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/1601ee88-01fd-4862-806c-964e5a444891"
+ ],
+ "x-ms-ratelimit-remaining-subscription-deletes": [
+ "199"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-deletes": [
+ "2999"
+ ],
+ "x-ms-correlation-request-id": [
+ "b579b881-fda5-4ea9-96ae-1f0e499fbdfc"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213834Z:b579b881-fda5-4ea9-96ae-1f0e499fbdfc"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: E8673F0F4F0D4350852D01E9A8A59428 Ref B: AMS231020615023 Ref C: 2026-03-31T21:38:31Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:33 GMT"
+ ],
+ "Content-Length": [
+ "1005"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-SubScope-eaaf4a4b\",\r\n \"description\": \"Test deny assignment at subscription scope\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:38:29.2044286Z\",\r\n \"updatedOn\": \"2026-03-31T21:38:32.4425475Z\",\r\n \"createdBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\",\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/1c3d7a64-6dc9-4f1f-b34c-addc11ea1531\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"1c3d7a64-6dc9-4f1f-b34c-addc11ea1531\"\r\n}",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "34560e2c-8954-4848-a8d2-dc419301b9fc"
+ }
+}
\ No newline at end of file
diff --git a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/NewDaDoNotApplyToChildScopes.json b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/NewDaDoNotApplyToChildScopes.json
new file mode 100644
index 000000000000..6c2417daf01f
--- /dev/null
+++ b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/NewDaDoNotApplyToChildScopes.json
@@ -0,0 +1,89 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/9a57751b-3a68-4ee8-90f2-26fb1ab70ac3?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzlhNTc3NTFiLTNhNjgtNGVlOC05MGYyLTI2ZmIxYWI3MGFjMz9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "PUT",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "ed6cd14a-289d-4253-b8c9-c894517740bb"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Content-Length": [
+ "603"
+ ]
+ },
+ "RequestBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-ChildScopes\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"doNotApplyToChildScopes\": true,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ]\r\n }\r\n}",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "0d700e67-8e19-41cd-a81b-c471de7336b5"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/cf7149bb-d30a-45b6-8cc3-f8ab403fb41e"
+ ],
+ "x-ms-ratelimit-remaining-subscription-writes": [
+ "199"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-writes": [
+ "2999"
+ ],
+ "x-ms-correlation-request-id": [
+ "332f3f1f-d66f-4a03-a636-008c14f49f28"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260330T112022Z:332f3f1f-d66f-4a03-a636-008c14f49f28"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 55C8B10457744B14A43CAB4225915134 Ref B: AMS231020614019 Ref C: 2026-03-30T11:20:21Z"
+ ],
+ "Date": [
+ "Mon, 30 Mar 2026 11:20:21 GMT"
+ ],
+ "Content-Length": [
+ "149"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"UserAssignedDenyAssignmentPropertiesNotValid\",\r\n \"message\": \"User assigned deny assignment does not support doNotApplyToChildScopes.\"\r\n }\r\n}",
+ "StatusCode": 400
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "34560e2c-8954-4848-a8d2-dc419301b9fc"
+ }
+}
\ No newline at end of file
diff --git a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/NewDaFromInputFile.json b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/NewDaFromInputFile.json
new file mode 100644
index 000000000000..c381ce819665
--- /dev/null
+++ b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/NewDaFromInputFile.json
@@ -0,0 +1,347 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/60dc070c-61fb-426f-85ae-458c06cb4526?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzYwZGMwNzBjLTYxZmItNDI2Zi04NWFlLTQ1OGMwNmNiNDUyNj9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "PUT",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "1774dc83-f7a7-423d-ab47-e7dd0ee84d18"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Content-Length": [
+ "658"
+ ]
+ },
+ "RequestBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-InputFile-026c6dd1\",\r\n \"description\": \"Created from input file\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ]\r\n }\r\n}",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "146c6efd-7014-45c9-8572-e34b7263518e"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/d1c907f8-b83c-40a1-8a91-671d9f10afdd"
+ ],
+ "x-ms-ratelimit-remaining-subscription-writes": [
+ "199"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-writes": [
+ "2999"
+ ],
+ "x-ms-correlation-request-id": [
+ "82791a77-37a4-4094-8a7c-1e1260a71e83"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213816Z:82791a77-37a4-4094-8a7c-1e1260a71e83"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 1B48BF4C32EE462F9633F4EED41E31E8 Ref B: AMS231020614035 Ref C: 2026-03-31T21:38:13Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:15 GMT"
+ ],
+ "Content-Length": [
+ "953"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-InputFile-026c6dd1\",\r\n \"description\": \"Created from input file\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:38:14.1974761Z\",\r\n \"updatedOn\": \"2026-03-31T21:38:14.1974761Z\",\r\n \"createdBy\": null,\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/60dc070c-61fb-426f-85ae-458c06cb4526\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"60dc070c-61fb-426f-85ae-458c06cb4526\"\r\n}",
+ "StatusCode": 201
+ },
+ {
+ "RequestUri": "/v1.0/directoryObjects/1840cc0e-55b5-442d-bbf6-52c0c7e27302",
+ "EncodedRequestUri": "L3YxLjAvZGlyZWN0b3J5T2JqZWN0cy8xODQwY2MwZS01NWI1LTQ0MmQtYmJmNi01MmMwYzdlMjczMDI=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "1774dc83-f7a7-423d-ab47-e7dd0ee84d18"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Commands.Common.MSGraph.Version1.0.MicrosoftGraphClient/1.3.110"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Transfer-Encoding": [
+ "chunked"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000"
+ ],
+ "request-id": [
+ "45d8ccdb-a656-47cf-940d-824eb41c012e"
+ ],
+ "client-request-id": [
+ "45d8ccdb-a656-47cf-940d-824eb41c012e"
+ ],
+ "x-ms-ags-diagnostic": [
+ "{\"ServerInfo\":{\"DataCenter\":\"West Europe\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"002\",\"RoleInstance\":\"AM2PEPF0001E778\"}}"
+ ],
+ "x-ms-resource-unit": [
+ "1"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:16 GMT"
+ ],
+ "Content-Type": [
+ "application/json"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"Authorization_RequestDenied\",\r\n \"message\": \"Insufficient privileges to complete the operation.\",\r\n \"innerError\": {\r\n \"date\": \"2026-03-31T21:38:16\",\r\n \"request-id\": \"45d8ccdb-a656-47cf-940d-824eb41c012e\",\r\n \"client-request-id\": \"45d8ccdb-a656-47cf-940d-824eb41c012e\"\r\n }\r\n }\r\n}",
+ "StatusCode": 403
+ },
+ {
+ "RequestUri": "/v1.0/directoryObjects/1840cc0e-55b5-442d-bbf6-52c0c7e27302",
+ "EncodedRequestUri": "L3YxLjAvZGlyZWN0b3J5T2JqZWN0cy8xODQwY2MwZS01NWI1LTQ0MmQtYmJmNi01MmMwYzdlMjczMDI=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "03ad53b6-1247-4527-865e-53334c64e778"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Commands.Common.MSGraph.Version1.0.MicrosoftGraphClient/1.3.110"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Transfer-Encoding": [
+ "chunked"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000"
+ ],
+ "request-id": [
+ "c2497bac-5b66-449a-a897-fe5d3d5a5e52"
+ ],
+ "client-request-id": [
+ "c2497bac-5b66-449a-a897-fe5d3d5a5e52"
+ ],
+ "x-ms-ags-diagnostic": [
+ "{\"ServerInfo\":{\"DataCenter\":\"West Europe\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"004\",\"RoleInstance\":\"AM2PEPF0001EDB4\"}}"
+ ],
+ "x-ms-resource-unit": [
+ "1"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:16 GMT"
+ ],
+ "Content-Type": [
+ "application/json"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"Authorization_RequestDenied\",\r\n \"message\": \"Insufficient privileges to complete the operation.\",\r\n \"innerError\": {\r\n \"date\": \"2026-03-31T21:38:17\",\r\n \"request-id\": \"c2497bac-5b66-449a-a897-fe5d3d5a5e52\",\r\n \"client-request-id\": \"c2497bac-5b66-449a-a897-fe5d3d5a5e52\"\r\n }\r\n }\r\n}",
+ "StatusCode": 403
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/60dc070c-61fb-426f-85ae-458c06cb4526?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzYwZGMwNzBjLTYxZmItNDI2Zi04NWFlLTQ1OGMwNmNiNDUyNj9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "03ad53b6-1247-4527-865e-53334c64e778"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "f663acbe-af77-4e20-b02f-2a1b36d6999b"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/468432bf-ffca-46f0-a0ec-3bad0a9d5875"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "249"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-reads": [
+ "3749"
+ ],
+ "x-ms-correlation-request-id": [
+ "879f031e-c94e-4bb8-b659-0da3fac4827f"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213817Z:879f031e-c94e-4bb8-b659-0da3fac4827f"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 87771FE524A345D1A741ADC390391140 Ref B: AMS231032609031 Ref C: 2026-03-31T21:38:16Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:16 GMT"
+ ],
+ "Content-Length": [
+ "987"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-InputFile-026c6dd1\",\r\n \"description\": \"Created from input file\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:38:14.3704771Z\",\r\n \"updatedOn\": \"2026-03-31T21:38:14.3704771Z\",\r\n \"createdBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\",\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/60dc070c-61fb-426f-85ae-458c06cb4526\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"60dc070c-61fb-426f-85ae-458c06cb4526\"\r\n}",
+ "StatusCode": 200
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/60dc070c-61fb-426f-85ae-458c06cb4526?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzYwZGMwNzBjLTYxZmItNDI2Zi04NWFlLTQ1OGMwNmNiNDUyNj9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "DELETE",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "03ad53b6-1247-4527-865e-53334c64e778"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "2b1ba3fe-fe01-4b1c-a25c-b9f40bbab0f2"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/96aa7906-610a-4383-9804-9039fa3fa4f4"
+ ],
+ "x-ms-ratelimit-remaining-subscription-deletes": [
+ "199"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-deletes": [
+ "2999"
+ ],
+ "x-ms-correlation-request-id": [
+ "020d4ab3-639c-49bd-b5fc-be649104f71b"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213818Z:020d4ab3-639c-49bd-b5fc-be649104f71b"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: B51B5DBBE59040B2BA05DDC81114942B Ref B: AMS231032609031 Ref C: 2026-03-31T21:38:17Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:17 GMT"
+ ],
+ "Content-Length": [
+ "987"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-InputFile-026c6dd1\",\r\n \"description\": \"Created from input file\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:38:14.3704771Z\",\r\n \"updatedOn\": \"2026-03-31T21:38:17.8004607Z\",\r\n \"createdBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\",\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/60dc070c-61fb-426f-85ae-458c06cb4526\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"60dc070c-61fb-426f-85ae-458c06cb4526\"\r\n}",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "34560e2c-8954-4848-a8d2-dc419301b9fc"
+ }
+}
\ No newline at end of file
diff --git a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/NewDaWithCustomId.json b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/NewDaWithCustomId.json
new file mode 100644
index 000000000000..ed3ae7c63adc
--- /dev/null
+++ b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/NewDaWithCustomId.json
@@ -0,0 +1,347 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/96fb70d5-5f0e-4b8c-8e1e-dcf68b669d69?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzk2ZmI3MGQ1LTVmMGUtNGI4Yy04ZTFlLWRjZjY4YjY2OWQ2OT9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "PUT",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "be844445-e788-49d4-983b-ea285c67cacf"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Content-Length": [
+ "669"
+ ]
+ },
+ "RequestBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-CustomId-96fb70d5\",\r\n \"description\": \"Test deny assignment with custom ID\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ]\r\n }\r\n}",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "e011542e-9c6d-44c8-9bc5-bd5ed58bfedb"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/935db65f-97ad-47cb-8806-8cad5b221ef1"
+ ],
+ "x-ms-ratelimit-remaining-subscription-writes": [
+ "199"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-writes": [
+ "2999"
+ ],
+ "x-ms-correlation-request-id": [
+ "22bc005b-0e99-4138-85c5-0d9f4f9f1617"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213845Z:22bc005b-0e99-4138-85c5-0d9f4f9f1617"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: F2E308D219234425AE8D271107BDB719 Ref B: AMS231020615051 Ref C: 2026-03-31T21:38:42Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:45 GMT"
+ ],
+ "Content-Length": [
+ "964"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-CustomId-96fb70d5\",\r\n \"description\": \"Test deny assignment with custom ID\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:38:42.8509011Z\",\r\n \"updatedOn\": \"2026-03-31T21:38:42.8509011Z\",\r\n \"createdBy\": null,\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/96fb70d5-5f0e-4b8c-8e1e-dcf68b669d69\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"96fb70d5-5f0e-4b8c-8e1e-dcf68b669d69\"\r\n}",
+ "StatusCode": 201
+ },
+ {
+ "RequestUri": "/v1.0/directoryObjects/1840cc0e-55b5-442d-bbf6-52c0c7e27302",
+ "EncodedRequestUri": "L3YxLjAvZGlyZWN0b3J5T2JqZWN0cy8xODQwY2MwZS01NWI1LTQ0MmQtYmJmNi01MmMwYzdlMjczMDI=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "be844445-e788-49d4-983b-ea285c67cacf"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Commands.Common.MSGraph.Version1.0.MicrosoftGraphClient/1.3.110"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Transfer-Encoding": [
+ "chunked"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000"
+ ],
+ "request-id": [
+ "fac6664a-ee00-4826-954a-1a5220e54618"
+ ],
+ "client-request-id": [
+ "fac6664a-ee00-4826-954a-1a5220e54618"
+ ],
+ "x-ms-ags-diagnostic": [
+ "{\"ServerInfo\":{\"DataCenter\":\"West Europe\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"008\",\"RoleInstance\":\"AM2PEPF00028EF9\"}}"
+ ],
+ "x-ms-resource-unit": [
+ "1"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:45 GMT"
+ ],
+ "Content-Type": [
+ "application/json"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"Authorization_RequestDenied\",\r\n \"message\": \"Insufficient privileges to complete the operation.\",\r\n \"innerError\": {\r\n \"date\": \"2026-03-31T21:38:45\",\r\n \"request-id\": \"fac6664a-ee00-4826-954a-1a5220e54618\",\r\n \"client-request-id\": \"fac6664a-ee00-4826-954a-1a5220e54618\"\r\n }\r\n }\r\n}",
+ "StatusCode": 403
+ },
+ {
+ "RequestUri": "/v1.0/directoryObjects/1840cc0e-55b5-442d-bbf6-52c0c7e27302",
+ "EncodedRequestUri": "L3YxLjAvZGlyZWN0b3J5T2JqZWN0cy8xODQwY2MwZS01NWI1LTQ0MmQtYmJmNi01MmMwYzdlMjczMDI=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "caaeda1e-a00c-4160-857d-c788f660874e"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Commands.Common.MSGraph.Version1.0.MicrosoftGraphClient/1.3.110"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Transfer-Encoding": [
+ "chunked"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000"
+ ],
+ "request-id": [
+ "6d41bc76-26dd-438a-8460-dfd59fdefda1"
+ ],
+ "client-request-id": [
+ "6d41bc76-26dd-438a-8460-dfd59fdefda1"
+ ],
+ "x-ms-ags-diagnostic": [
+ "{\"ServerInfo\":{\"DataCenter\":\"West Europe\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"011\",\"RoleInstance\":\"AM2PEPF0001BD2A\"}}"
+ ],
+ "x-ms-resource-unit": [
+ "1"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:45 GMT"
+ ],
+ "Content-Type": [
+ "application/json"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"Authorization_RequestDenied\",\r\n \"message\": \"Insufficient privileges to complete the operation.\",\r\n \"innerError\": {\r\n \"date\": \"2026-03-31T21:38:46\",\r\n \"request-id\": \"6d41bc76-26dd-438a-8460-dfd59fdefda1\",\r\n \"client-request-id\": \"6d41bc76-26dd-438a-8460-dfd59fdefda1\"\r\n }\r\n }\r\n}",
+ "StatusCode": 403
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/96fb70d5-5f0e-4b8c-8e1e-dcf68b669d69?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzk2ZmI3MGQ1LTVmMGUtNGI4Yy04ZTFlLWRjZjY4YjY2OWQ2OT9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "caaeda1e-a00c-4160-857d-c788f660874e"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "8aad683e-ec58-48f5-a618-6a9836e5fe0f"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/aa7bf9e3-3853-4aac-bf95-c403e70c1050"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "249"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-reads": [
+ "3749"
+ ],
+ "x-ms-correlation-request-id": [
+ "3c10b07d-eb06-4fc6-ad51-7ccd76cc5bdf"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213846Z:3c10b07d-eb06-4fc6-ad51-7ccd76cc5bdf"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: F17A918B0B944019ADBF0A37C09CB081 Ref B: AMS231020512047 Ref C: 2026-03-31T21:38:45Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:46 GMT"
+ ],
+ "Content-Length": [
+ "998"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-CustomId-96fb70d5\",\r\n \"description\": \"Test deny assignment with custom ID\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:38:43.0839108Z\",\r\n \"updatedOn\": \"2026-03-31T21:38:43.0839108Z\",\r\n \"createdBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\",\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/96fb70d5-5f0e-4b8c-8e1e-dcf68b669d69\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"96fb70d5-5f0e-4b8c-8e1e-dcf68b669d69\"\r\n}",
+ "StatusCode": 200
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/96fb70d5-5f0e-4b8c-8e1e-dcf68b669d69?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzk2ZmI3MGQ1LTVmMGUtNGI4Yy04ZTFlLWRjZjY4YjY2OWQ2OT9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "DELETE",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "caaeda1e-a00c-4160-857d-c788f660874e"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "653c509e-43f5-4b27-8f59-36b390c4f049"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/4c69f69c-c2e7-4c76-89f3-55da56219dcc"
+ ],
+ "x-ms-ratelimit-remaining-subscription-deletes": [
+ "199"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-deletes": [
+ "2999"
+ ],
+ "x-ms-correlation-request-id": [
+ "6305b3fb-5321-44f6-b306-5996e04561b3"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213848Z:6305b3fb-5321-44f6-b306-5996e04561b3"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 2B79146F0D9F46A6B27755B5EC50E606 Ref B: AMS231020512047 Ref C: 2026-03-31T21:38:46Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:48 GMT"
+ ],
+ "Content-Length": [
+ "998"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-CustomId-96fb70d5\",\r\n \"description\": \"Test deny assignment with custom ID\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:38:43.0839108Z\",\r\n \"updatedOn\": \"2026-03-31T21:38:47.0798824Z\",\r\n \"createdBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\",\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/96fb70d5-5f0e-4b8c-8e1e-dcf68b669d69\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"96fb70d5-5f0e-4b8c-8e1e-dcf68b669d69\"\r\n}",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "34560e2c-8954-4848-a8d2-dc419301b9fc"
+ }
+}
\ No newline at end of file
diff --git a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/NewDaWithDataActions.json b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/NewDaWithDataActions.json
new file mode 100644
index 000000000000..7437a8b81c6d
--- /dev/null
+++ b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/NewDaWithDataActions.json
@@ -0,0 +1,89 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/5a5c379d-e5cf-4788-a21d-3cb307c6bec6?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzVhNWMzNzlkLWU1Y2YtNDc4OC1hMjFkLTNjYjMwN2M2YmVjNj9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "PUT",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "5bc769e6-f007-4b77-ba29-36884b23a446"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Content-Length": [
+ "633"
+ ]
+ },
+ "RequestBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-DataActions\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [],\r\n \"notActions\": [],\r\n \"dataActions\": [\r\n \"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read\"\r\n ],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ]\r\n }\r\n}",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "efffe5c0-609a-4ef5-9271-c721f7038ba9"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/d83a9705-4be6-4eb2-875e-21ecf3081483"
+ ],
+ "x-ms-ratelimit-remaining-subscription-writes": [
+ "199"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-writes": [
+ "2999"
+ ],
+ "x-ms-correlation-request-id": [
+ "8a61d651-4ecd-4864-8b25-9ad558a327cf"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260330T112006Z:8a61d651-4ecd-4864-8b25-9ad558a327cf"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: ECCD587AB09C460A8CA68F204EB5DBBD Ref B: AMS231020615007 Ref C: 2026-03-30T11:20:06Z"
+ ],
+ "Date": [
+ "Mon, 30 Mar 2026 11:20:05 GMT"
+ ],
+ "Content-Length": [
+ "127"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"InvalidCreateDenyAssignmentRequest\",\r\n \"message\": \"Deny assignment must have exactly one non-empty permission.\"\r\n }\r\n}",
+ "StatusCode": 400
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "34560e2c-8954-4848-a8d2-dc419301b9fc"
+ }
+}
\ No newline at end of file
diff --git a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/NewDaWithExcludePrincipals.json b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/NewDaWithExcludePrincipals.json
new file mode 100644
index 000000000000..89a9ced8da6d
--- /dev/null
+++ b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/NewDaWithExcludePrincipals.json
@@ -0,0 +1,359 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/c00e47f5-b5e6-4586-a2bb-77b0eb59a0f2?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzL2MwMGU0N2Y1LWI1ZTYtNDU4Ni1hMmJiLTc3YjBlYjU5YTBmMj9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "PUT",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "a182b69a-a8c5-47b7-b73d-27156537b922"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Content-Length": [
+ "806"
+ ]
+ },
+ "RequestBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-ExcludePrincipals-6d91fe1c\",\r\n \"description\": \"Test deny assignment with multiple exclude principals\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n },\r\n {\r\n \"id\": \"c090fe3f-66fa-4e18-8142-107d8f4cd0e4\",\r\n \"type\": \"ServicePrincipal\"\r\n }\r\n ]\r\n }\r\n}",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "0665b81b-e11c-43fc-a324-0182dc181b5f"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/c0ed2639-33a9-4896-9ca3-ccd489afa1f8"
+ ],
+ "x-ms-ratelimit-remaining-subscription-writes": [
+ "199"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-writes": [
+ "2999"
+ ],
+ "x-ms-correlation-request-id": [
+ "d707abd8-257d-48f6-953d-a0fb4649ed89"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213745Z:d707abd8-257d-48f6-953d-a0fb4649ed89"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 3B6F1C8DA27A4FB6A813CEEA0AB1FA89 Ref B: AMS231020614011 Ref C: 2026-03-31T21:37:42Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:37:45 GMT"
+ ],
+ "Content-Length": [
+ "1063"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-ExcludePrincipals-6d91fe1c\",\r\n \"description\": \"Test deny assignment with multiple exclude principals\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n },\r\n {\r\n \"id\": \"c090fe3f-66fa-4e18-8142-107d8f4cd0e4\",\r\n \"type\": \"ServicePrincipal\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:37:43.5608247Z\",\r\n \"updatedOn\": \"2026-03-31T21:37:43.5608247Z\",\r\n \"createdBy\": null,\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/c00e47f5-b5e6-4586-a2bb-77b0eb59a0f2\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"c00e47f5-b5e6-4586-a2bb-77b0eb59a0f2\"\r\n}",
+ "StatusCode": 201
+ },
+ {
+ "RequestUri": "/v1.0/directoryObjects/microsoft.graph.getByIds",
+ "EncodedRequestUri": "L3YxLjAvZGlyZWN0b3J5T2JqZWN0cy9taWNyb3NvZnQuZ3JhcGguZ2V0QnlJZHM=",
+ "RequestMethod": "POST",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "a182b69a-a8c5-47b7-b73d-27156537b922"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Commands.Common.MSGraph.Version1.0.MicrosoftGraphClient/1.3.110"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Content-Length": [
+ "110"
+ ]
+ },
+ "RequestBody": "{\r\n \"ids\": [\r\n \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"c090fe3f-66fa-4e18-8142-107d8f4cd0e4\"\r\n ]\r\n}",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Transfer-Encoding": [
+ "chunked"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000"
+ ],
+ "request-id": [
+ "69a55b85-3a9a-4297-a987-f37902e58035"
+ ],
+ "client-request-id": [
+ "69a55b85-3a9a-4297-a987-f37902e58035"
+ ],
+ "x-ms-ags-diagnostic": [
+ "{\"ServerInfo\":{\"DataCenter\":\"West Europe\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"010\",\"RoleInstance\":\"AM4PEPF00027789\"}}"
+ ],
+ "x-ms-resource-unit": [
+ "3"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:37:45 GMT"
+ ],
+ "Content-Type": [
+ "application/json"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"Authorization_RequestDenied\",\r\n \"message\": \"Insufficient privileges to complete the operation.\",\r\n \"innerError\": {\r\n \"date\": \"2026-03-31T21:37:45\",\r\n \"request-id\": \"69a55b85-3a9a-4297-a987-f37902e58035\",\r\n \"client-request-id\": \"69a55b85-3a9a-4297-a987-f37902e58035\"\r\n }\r\n }\r\n}",
+ "StatusCode": 403
+ },
+ {
+ "RequestUri": "/v1.0/directoryObjects/microsoft.graph.getByIds",
+ "EncodedRequestUri": "L3YxLjAvZGlyZWN0b3J5T2JqZWN0cy9taWNyb3NvZnQuZ3JhcGguZ2V0QnlJZHM=",
+ "RequestMethod": "POST",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "61b639be-5e94-4ed1-ac33-82142ce6ea5b"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Commands.Common.MSGraph.Version1.0.MicrosoftGraphClient/1.3.110"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Content-Length": [
+ "110"
+ ]
+ },
+ "RequestBody": "{\r\n \"ids\": [\r\n \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"c090fe3f-66fa-4e18-8142-107d8f4cd0e4\"\r\n ]\r\n}",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Transfer-Encoding": [
+ "chunked"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000"
+ ],
+ "request-id": [
+ "e339dace-26b8-458a-b3b3-8623b2ffbbbd"
+ ],
+ "client-request-id": [
+ "e339dace-26b8-458a-b3b3-8623b2ffbbbd"
+ ],
+ "x-ms-ags-diagnostic": [
+ "{\"ServerInfo\":{\"DataCenter\":\"West Europe\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"009\",\"RoleInstance\":\"AM1PEPF0002E56A\"}}"
+ ],
+ "x-ms-resource-unit": [
+ "3"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:37:45 GMT"
+ ],
+ "Content-Type": [
+ "application/json"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"Authorization_RequestDenied\",\r\n \"message\": \"Insufficient privileges to complete the operation.\",\r\n \"innerError\": {\r\n \"date\": \"2026-03-31T21:37:46\",\r\n \"request-id\": \"e339dace-26b8-458a-b3b3-8623b2ffbbbd\",\r\n \"client-request-id\": \"e339dace-26b8-458a-b3b3-8623b2ffbbbd\"\r\n }\r\n }\r\n}",
+ "StatusCode": 403
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/c00e47f5-b5e6-4586-a2bb-77b0eb59a0f2?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzL2MwMGU0N2Y1LWI1ZTYtNDU4Ni1hMmJiLTc3YjBlYjU5YTBmMj9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "61b639be-5e94-4ed1-ac33-82142ce6ea5b"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "72ae9f0d-3137-4c87-9a7a-e3bbd3afc5ef"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/f674394f-e381-4ea8-b97d-5b13672d3ae4"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "249"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-reads": [
+ "3749"
+ ],
+ "x-ms-correlation-request-id": [
+ "68d0a625-2e50-4991-b358-bc14ca9b0921"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213746Z:68d0a625-2e50-4991-b358-bc14ca9b0921"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 38003B2CEC394C1A91DFD0FE67939664 Ref B: AMS231032608047 Ref C: 2026-03-31T21:37:45Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:37:45 GMT"
+ ],
+ "Content-Length": [
+ "1097"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-ExcludePrincipals-6d91fe1c\",\r\n \"description\": \"Test deny assignment with multiple exclude principals\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n },\r\n {\r\n \"id\": \"c090fe3f-66fa-4e18-8142-107d8f4cd0e4\",\r\n \"type\": \"ServicePrincipal\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:37:43.7328315Z\",\r\n \"updatedOn\": \"2026-03-31T21:37:43.7328315Z\",\r\n \"createdBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\",\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/c00e47f5-b5e6-4586-a2bb-77b0eb59a0f2\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"c00e47f5-b5e6-4586-a2bb-77b0eb59a0f2\"\r\n}",
+ "StatusCode": 200
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/c00e47f5-b5e6-4586-a2bb-77b0eb59a0f2?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzL2MwMGU0N2Y1LWI1ZTYtNDU4Ni1hMmJiLTc3YjBlYjU5YTBmMj9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "DELETE",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "61b639be-5e94-4ed1-ac33-82142ce6ea5b"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "a3ee2a2f-24c8-4088-b9de-b61ee6b67602"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/467355f0-39ca-4784-b518-f069ac55225f"
+ ],
+ "x-ms-ratelimit-remaining-subscription-deletes": [
+ "199"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-deletes": [
+ "2999"
+ ],
+ "x-ms-correlation-request-id": [
+ "6523f150-3bfb-432a-94b8-641bde8a7472"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213748Z:6523f150-3bfb-432a-94b8-641bde8a7472"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 0822CA64CE084140B48B012F342944AF Ref B: AMS231032608047 Ref C: 2026-03-31T21:37:46Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:37:48 GMT"
+ ],
+ "Content-Length": [
+ "1097"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-ExcludePrincipals-6d91fe1c\",\r\n \"description\": \"Test deny assignment with multiple exclude principals\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n },\r\n {\r\n \"id\": \"c090fe3f-66fa-4e18-8142-107d8f4cd0e4\",\r\n \"type\": \"ServicePrincipal\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:37:43.7328315Z\",\r\n \"updatedOn\": \"2026-03-31T21:37:47.1331117Z\",\r\n \"createdBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\",\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/c00e47f5-b5e6-4586-a2bb-77b0eb59a0f2\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"c00e47f5-b5e6-4586-a2bb-77b0eb59a0f2\"\r\n}",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "34560e2c-8954-4848-a8d2-dc419301b9fc"
+ }
+}
\ No newline at end of file
diff --git a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/RemoveDaById.json b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/RemoveDaById.json
new file mode 100644
index 000000000000..0a418a48e28e
--- /dev/null
+++ b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/RemoveDaById.json
@@ -0,0 +1,422 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/44e72e30-53fa-4cbf-bfee-18cc6d3b5a46?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzQ0ZTcyZTMwLTUzZmEtNGNiZi1iZmVlLTE4Y2M2ZDNiNWE0Nj9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "PUT",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "21b44bba-c1e2-49e2-a8f2-ed7fadab980c"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Content-Length": [
+ "654"
+ ]
+ },
+ "RequestBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-RemoveById-666555c0\",\r\n \"description\": \"Test removal by ID\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ]\r\n }\r\n}",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "f0cb15ea-5260-4bad-b73d-cff28dab7044"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/193cf933-6896-4f27-85f9-9953b3426add"
+ ],
+ "x-ms-ratelimit-remaining-subscription-writes": [
+ "199"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-writes": [
+ "2999"
+ ],
+ "x-ms-correlation-request-id": [
+ "943eced3-5b7e-4223-a851-7af35ba2a624"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213753Z:943eced3-5b7e-4223-a851-7af35ba2a624"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 14BA05C1E2B34AB3BE0E0B232340901B Ref B: AMS231032608053 Ref C: 2026-03-31T21:37:49Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:37:53 GMT"
+ ],
+ "Content-Length": [
+ "949"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-RemoveById-666555c0\",\r\n \"description\": \"Test removal by ID\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:37:50.6025282Z\",\r\n \"updatedOn\": \"2026-03-31T21:37:50.6025282Z\",\r\n \"createdBy\": null,\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/44e72e30-53fa-4cbf-bfee-18cc6d3b5a46\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"44e72e30-53fa-4cbf-bfee-18cc6d3b5a46\"\r\n}",
+ "StatusCode": 201
+ },
+ {
+ "RequestUri": "/v1.0/directoryObjects/1840cc0e-55b5-442d-bbf6-52c0c7e27302",
+ "EncodedRequestUri": "L3YxLjAvZGlyZWN0b3J5T2JqZWN0cy8xODQwY2MwZS01NWI1LTQ0MmQtYmJmNi01MmMwYzdlMjczMDI=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "21b44bba-c1e2-49e2-a8f2-ed7fadab980c"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Commands.Common.MSGraph.Version1.0.MicrosoftGraphClient/1.3.110"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Transfer-Encoding": [
+ "chunked"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000"
+ ],
+ "request-id": [
+ "5a5c52af-a8a9-403c-a970-c127fc93ace0"
+ ],
+ "client-request-id": [
+ "5a5c52af-a8a9-403c-a970-c127fc93ace0"
+ ],
+ "x-ms-ags-diagnostic": [
+ "{\"ServerInfo\":{\"DataCenter\":\"West Europe\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"011\",\"RoleInstance\":\"AM2PEPF0001BE7B\"}}"
+ ],
+ "x-ms-resource-unit": [
+ "1"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:37:53 GMT"
+ ],
+ "Content-Type": [
+ "application/json"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"Authorization_RequestDenied\",\r\n \"message\": \"Insufficient privileges to complete the operation.\",\r\n \"innerError\": {\r\n \"date\": \"2026-03-31T21:37:53\",\r\n \"request-id\": \"5a5c52af-a8a9-403c-a970-c127fc93ace0\",\r\n \"client-request-id\": \"5a5c52af-a8a9-403c-a970-c127fc93ace0\"\r\n }\r\n }\r\n}",
+ "StatusCode": 403
+ },
+ {
+ "RequestUri": "/v1.0/directoryObjects/1840cc0e-55b5-442d-bbf6-52c0c7e27302",
+ "EncodedRequestUri": "L3YxLjAvZGlyZWN0b3J5T2JqZWN0cy8xODQwY2MwZS01NWI1LTQ0MmQtYmJmNi01MmMwYzdlMjczMDI=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "001809f0-ef69-49c7-8b9e-cc4652d21b23"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Commands.Common.MSGraph.Version1.0.MicrosoftGraphClient/1.3.110"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Transfer-Encoding": [
+ "chunked"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000"
+ ],
+ "request-id": [
+ "6b03747c-76fc-44bd-adec-4ef2cd504913"
+ ],
+ "client-request-id": [
+ "6b03747c-76fc-44bd-adec-4ef2cd504913"
+ ],
+ "x-ms-ags-diagnostic": [
+ "{\"ServerInfo\":{\"DataCenter\":\"West Europe\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"010\",\"RoleInstance\":\"AM4PEPF00031DD7\"}}"
+ ],
+ "x-ms-resource-unit": [
+ "1"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:37:53 GMT"
+ ],
+ "Content-Type": [
+ "application/json"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"Authorization_RequestDenied\",\r\n \"message\": \"Insufficient privileges to complete the operation.\",\r\n \"innerError\": {\r\n \"date\": \"2026-03-31T21:37:54\",\r\n \"request-id\": \"6b03747c-76fc-44bd-adec-4ef2cd504913\",\r\n \"client-request-id\": \"6b03747c-76fc-44bd-adec-4ef2cd504913\"\r\n }\r\n }\r\n}",
+ "StatusCode": 403
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/44e72e30-53fa-4cbf-bfee-18cc6d3b5a46?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzQ0ZTcyZTMwLTUzZmEtNGNiZi1iZmVlLTE4Y2M2ZDNiNWE0Nj9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "001809f0-ef69-49c7-8b9e-cc4652d21b23"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "b221a899-7ba9-4a31-a880-ab816c5808bc"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/68cc63f4-3518-451d-b776-5fd3715be54c"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "249"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-reads": [
+ "3749"
+ ],
+ "x-ms-correlation-request-id": [
+ "44a4afee-0cbf-4073-a9ba-70a82f4d91e6"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213754Z:44a4afee-0cbf-4073-a9ba-70a82f4d91e6"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: D7A69CCA393446709AB88ACA26CFFEA3 Ref B: AMS231020615023 Ref C: 2026-03-31T21:37:53Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:37:53 GMT"
+ ],
+ "Content-Length": [
+ "983"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-RemoveById-666555c0\",\r\n \"description\": \"Test removal by ID\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:37:50.7925385Z\",\r\n \"updatedOn\": \"2026-03-31T21:37:50.7925385Z\",\r\n \"createdBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\",\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/44e72e30-53fa-4cbf-bfee-18cc6d3b5a46\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"44e72e30-53fa-4cbf-bfee-18cc6d3b5a46\"\r\n}",
+ "StatusCode": 200
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/44e72e30-53fa-4cbf-bfee-18cc6d3b5a46?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzQ0ZTcyZTMwLTUzZmEtNGNiZi1iZmVlLTE4Y2M2ZDNiNWE0Nj9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "10554682-3254-4c0a-81c1-f540e2f639e6"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "4c4efd7e-432f-4841-9418-c4eb7347008b"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/6f06d4fd-1a27-4e8c-bd94-5d580a7d29b5"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "249"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-reads": [
+ "3749"
+ ],
+ "x-ms-correlation-request-id": [
+ "1a9fe0a3-d69b-4e83-aa8e-09fa59977891"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213758Z:1a9fe0a3-d69b-4e83-aa8e-09fa59977891"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 248308A3A5A44ED39EF347DD065BF97E Ref B: AMS231020512027 Ref C: 2026-03-31T21:37:58Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:37:57 GMT"
+ ],
+ "Content-Length": [
+ "129"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"DenyAssignmentNotFound\",\r\n \"message\": \"The deny assignment '44e72e30-53fa-4cbf-bfee-18cc6d3b5a46' was not found.\"\r\n }\r\n}",
+ "StatusCode": 404
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/44e72e30-53fa-4cbf-bfee-18cc6d3b5a46?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzQ0ZTcyZTMwLTUzZmEtNGNiZi1iZmVlLTE4Y2M2ZDNiNWE0Nj9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "DELETE",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "001809f0-ef69-49c7-8b9e-cc4652d21b23"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "7502672a-2ce9-4b67-a838-afa7588d7cd7"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/fe6f140e-0bfb-4476-baa7-c95f2b52004e"
+ ],
+ "x-ms-ratelimit-remaining-subscription-deletes": [
+ "199"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-deletes": [
+ "2999"
+ ],
+ "x-ms-correlation-request-id": [
+ "d6cebb65-ec91-45df-a1bd-2b28a9393a55"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213757Z:d6cebb65-ec91-45df-a1bd-2b28a9393a55"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 15763D930E144357A6082F30E0774CA3 Ref B: AMS231020615023 Ref C: 2026-03-31T21:37:54Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:37:57 GMT"
+ ],
+ "Content-Length": [
+ "983"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-RemoveById-666555c0\",\r\n \"description\": \"Test removal by ID\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:37:50.7925385Z\",\r\n \"updatedOn\": \"2026-03-31T21:37:55.1983181Z\",\r\n \"createdBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\",\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/44e72e30-53fa-4cbf-bfee-18cc6d3b5a46\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"44e72e30-53fa-4cbf-bfee-18cc6d3b5a46\"\r\n}",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "34560e2c-8954-4848-a8d2-dc419301b9fc"
+ }
+}
\ No newline at end of file
diff --git a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/RemoveDaByInputObject.json b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/RemoveDaByInputObject.json
new file mode 100644
index 000000000000..7e778aa0442e
--- /dev/null
+++ b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/RemoveDaByInputObject.json
@@ -0,0 +1,422 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/09b73983-4ff5-4e80-8d2e-54d9f78adee6?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzA5YjczOTgzLTRmZjUtNGU4MC04ZDJlLTU0ZDlmNzhhZGVlNj9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "PUT",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "a7ca28bc-e491-4075-8ce4-9f25232e43cd"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Content-Length": [
+ "664"
+ ]
+ },
+ "RequestBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-RemoveByObj-35886eb5\",\r\n \"description\": \"Test removal by InputObject\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ]\r\n }\r\n}",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "de5e0623-4169-4daa-bc3b-3547c7885133"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/e3ad4dd9-134c-4bd1-9b57-143786f82708"
+ ],
+ "x-ms-ratelimit-remaining-subscription-writes": [
+ "199"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-writes": [
+ "2999"
+ ],
+ "x-ms-correlation-request-id": [
+ "830610f1-9197-4b76-b9ad-38793480b085"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213808Z:830610f1-9197-4b76-b9ad-38793480b085"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 26923EFC90504D038EFD3BE6D54D649B Ref B: AMS231032607029 Ref C: 2026-03-31T21:38:05Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:08 GMT"
+ ],
+ "Content-Length": [
+ "959"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-RemoveByObj-35886eb5\",\r\n \"description\": \"Test removal by InputObject\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:38:05.845425Z\",\r\n \"updatedOn\": \"2026-03-31T21:38:05.845425Z\",\r\n \"createdBy\": null,\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/09b73983-4ff5-4e80-8d2e-54d9f78adee6\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"09b73983-4ff5-4e80-8d2e-54d9f78adee6\"\r\n}",
+ "StatusCode": 201
+ },
+ {
+ "RequestUri": "/v1.0/directoryObjects/1840cc0e-55b5-442d-bbf6-52c0c7e27302",
+ "EncodedRequestUri": "L3YxLjAvZGlyZWN0b3J5T2JqZWN0cy8xODQwY2MwZS01NWI1LTQ0MmQtYmJmNi01MmMwYzdlMjczMDI=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "a7ca28bc-e491-4075-8ce4-9f25232e43cd"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Commands.Common.MSGraph.Version1.0.MicrosoftGraphClient/1.3.110"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Transfer-Encoding": [
+ "chunked"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000"
+ ],
+ "request-id": [
+ "b8cb2c2d-9813-4595-be98-cd70e558576b"
+ ],
+ "client-request-id": [
+ "b8cb2c2d-9813-4595-be98-cd70e558576b"
+ ],
+ "x-ms-ags-diagnostic": [
+ "{\"ServerInfo\":{\"DataCenter\":\"West Europe\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"006\",\"RoleInstance\":\"AM1PEPF00027E4A\"}}"
+ ],
+ "x-ms-resource-unit": [
+ "1"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:08 GMT"
+ ],
+ "Content-Type": [
+ "application/json"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"Authorization_RequestDenied\",\r\n \"message\": \"Insufficient privileges to complete the operation.\",\r\n \"innerError\": {\r\n \"date\": \"2026-03-31T21:38:08\",\r\n \"request-id\": \"b8cb2c2d-9813-4595-be98-cd70e558576b\",\r\n \"client-request-id\": \"b8cb2c2d-9813-4595-be98-cd70e558576b\"\r\n }\r\n }\r\n}",
+ "StatusCode": 403
+ },
+ {
+ "RequestUri": "/v1.0/directoryObjects/1840cc0e-55b5-442d-bbf6-52c0c7e27302",
+ "EncodedRequestUri": "L3YxLjAvZGlyZWN0b3J5T2JqZWN0cy8xODQwY2MwZS01NWI1LTQ0MmQtYmJmNi01MmMwYzdlMjczMDI=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "27ec39b9-1ece-4bfc-8cb9-7ce9e621d786"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Commands.Common.MSGraph.Version1.0.MicrosoftGraphClient/1.3.110"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Transfer-Encoding": [
+ "chunked"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000"
+ ],
+ "request-id": [
+ "2d7d6486-e585-4bcc-b562-42d5de6262ab"
+ ],
+ "client-request-id": [
+ "2d7d6486-e585-4bcc-b562-42d5de6262ab"
+ ],
+ "x-ms-ags-diagnostic": [
+ "{\"ServerInfo\":{\"DataCenter\":\"West Europe\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"003\",\"RoleInstance\":\"AM1PEPF000105BE\"}}"
+ ],
+ "x-ms-resource-unit": [
+ "1"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:09 GMT"
+ ],
+ "Content-Type": [
+ "application/json"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"Authorization_RequestDenied\",\r\n \"message\": \"Insufficient privileges to complete the operation.\",\r\n \"innerError\": {\r\n \"date\": \"2026-03-31T21:38:09\",\r\n \"request-id\": \"2d7d6486-e585-4bcc-b562-42d5de6262ab\",\r\n \"client-request-id\": \"2d7d6486-e585-4bcc-b562-42d5de6262ab\"\r\n }\r\n }\r\n}",
+ "StatusCode": 403
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/09b73983-4ff5-4e80-8d2e-54d9f78adee6?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzA5YjczOTgzLTRmZjUtNGU4MC04ZDJlLTU0ZDlmNzhhZGVlNj9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "27ec39b9-1ece-4bfc-8cb9-7ce9e621d786"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "f9807e33-1576-4fbe-a4ce-161f53155c5b"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/b3d6c322-8567-43a5-8fa2-6ca7fb0f8b0b"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "249"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-reads": [
+ "3749"
+ ],
+ "x-ms-correlation-request-id": [
+ "64bb04ba-ab75-4b52-bebd-f8f907c2ad85"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213809Z:64bb04ba-ab75-4b52-bebd-f8f907c2ad85"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: F24EA716EC3D43079206B928B514C104 Ref B: AMS231032609023 Ref C: 2026-03-31T21:38:09Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:09 GMT"
+ ],
+ "Content-Length": [
+ "993"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-RemoveByObj-35886eb5\",\r\n \"description\": \"Test removal by InputObject\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:38:06.0494363Z\",\r\n \"updatedOn\": \"2026-03-31T21:38:06.0494363Z\",\r\n \"createdBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\",\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/09b73983-4ff5-4e80-8d2e-54d9f78adee6\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"09b73983-4ff5-4e80-8d2e-54d9f78adee6\"\r\n}",
+ "StatusCode": 200
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/09b73983-4ff5-4e80-8d2e-54d9f78adee6?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzA5YjczOTgzLTRmZjUtNGU4MC04ZDJlLTU0ZDlmNzhhZGVlNj9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "8185c67c-681c-4c75-b866-fa15f7db9940"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "fe7eb090-b8bd-47b5-90a9-a481079136d2"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/b32d9a82-4e4c-435f-9ddc-c66208b30337"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "249"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-reads": [
+ "3749"
+ ],
+ "x-ms-correlation-request-id": [
+ "d176ef9f-9457-4487-81a2-66ef616bb021"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213812Z:d176ef9f-9457-4487-81a2-66ef616bb021"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: EF2DA5FDEF794D918B20C552A328E3E9 Ref B: AMS231020512027 Ref C: 2026-03-31T21:38:12Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:11 GMT"
+ ],
+ "Content-Length": [
+ "129"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"DenyAssignmentNotFound\",\r\n \"message\": \"The deny assignment '09b73983-4ff5-4e80-8d2e-54d9f78adee6' was not found.\"\r\n }\r\n}",
+ "StatusCode": 404
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/09b73983-4ff5-4e80-8d2e-54d9f78adee6?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzA5YjczOTgzLTRmZjUtNGU4MC04ZDJlLTU0ZDlmNzhhZGVlNj9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "DELETE",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "27ec39b9-1ece-4bfc-8cb9-7ce9e621d786"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "78a5de9f-340b-4d8e-8bea-d2da1ceb51fc"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/019d3941-766c-4609-951a-748ffc392a5f"
+ ],
+ "x-ms-ratelimit-remaining-subscription-deletes": [
+ "199"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-deletes": [
+ "2999"
+ ],
+ "x-ms-correlation-request-id": [
+ "c0de52f5-e21d-4623-b6d3-874ba2c83107"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213812Z:c0de52f5-e21d-4623-b6d3-874ba2c83107"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 05095D3AF71649FD87AEC369300C2ECE Ref B: AMS231032609023 Ref C: 2026-03-31T21:38:09Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:12 GMT"
+ ],
+ "Content-Length": [
+ "993"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-RemoveByObj-35886eb5\",\r\n \"description\": \"Test removal by InputObject\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:38:06.0494363Z\",\r\n \"updatedOn\": \"2026-03-31T21:38:10.3625073Z\",\r\n \"createdBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\",\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/09b73983-4ff5-4e80-8d2e-54d9f78adee6\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"09b73983-4ff5-4e80-8d2e-54d9f78adee6\"\r\n}",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "34560e2c-8954-4848-a8d2-dc419301b9fc"
+ }
+}
\ No newline at end of file
diff --git a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/RemoveDaByNameAndScope.json b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/RemoveDaByNameAndScope.json
new file mode 100644
index 000000000000..a13dc396051e
--- /dev/null
+++ b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/RemoveDaByNameAndScope.json
@@ -0,0 +1,422 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/4016ebcb-567f-4bc0-88a5-3b1df4743913?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzQwMTZlYmNiLTU2N2YtNGJjMC04OGE1LTNiMWRmNDc0MzkxMz9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "PUT",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "1ccafec7-16f0-4c74-9671-7427d4db15db"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Content-Length": [
+ "668"
+ ]
+ },
+ "RequestBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-RemoveByName-7c982395\",\r\n \"description\": \"Test removal by name and scope\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ]\r\n }\r\n}",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "f37404ad-3185-4929-8070-4d21ddb05f2e"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/c778e0f2-7ec0-4608-8519-5ac9b26b0c65"
+ ],
+ "x-ms-ratelimit-remaining-subscription-writes": [
+ "199"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-writes": [
+ "2999"
+ ],
+ "x-ms-correlation-request-id": [
+ "2b3553af-096c-40e0-8bd5-d094eff5c1ff"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213822Z:2b3553af-096c-40e0-8bd5-d094eff5c1ff"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 90E8AA35708B434F87FA068FC1B2DC9C Ref B: AMS231020615021 Ref C: 2026-03-31T21:38:19Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:22 GMT"
+ ],
+ "Content-Length": [
+ "963"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-RemoveByName-7c982395\",\r\n \"description\": \"Test removal by name and scope\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:38:20.0292022Z\",\r\n \"updatedOn\": \"2026-03-31T21:38:20.0292022Z\",\r\n \"createdBy\": null,\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/4016ebcb-567f-4bc0-88a5-3b1df4743913\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"4016ebcb-567f-4bc0-88a5-3b1df4743913\"\r\n}",
+ "StatusCode": 201
+ },
+ {
+ "RequestUri": "/v1.0/directoryObjects/1840cc0e-55b5-442d-bbf6-52c0c7e27302",
+ "EncodedRequestUri": "L3YxLjAvZGlyZWN0b3J5T2JqZWN0cy8xODQwY2MwZS01NWI1LTQ0MmQtYmJmNi01MmMwYzdlMjczMDI=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "1ccafec7-16f0-4c74-9671-7427d4db15db"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Commands.Common.MSGraph.Version1.0.MicrosoftGraphClient/1.3.110"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Transfer-Encoding": [
+ "chunked"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000"
+ ],
+ "request-id": [
+ "ec7b5722-2ccd-4b93-9a2e-4536228c83e2"
+ ],
+ "client-request-id": [
+ "ec7b5722-2ccd-4b93-9a2e-4536228c83e2"
+ ],
+ "x-ms-ags-diagnostic": [
+ "{\"ServerInfo\":{\"DataCenter\":\"West Europe\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"006\",\"RoleInstance\":\"AM1PEPF000321D6\"}}"
+ ],
+ "x-ms-resource-unit": [
+ "1"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:22 GMT"
+ ],
+ "Content-Type": [
+ "application/json"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"Authorization_RequestDenied\",\r\n \"message\": \"Insufficient privileges to complete the operation.\",\r\n \"innerError\": {\r\n \"date\": \"2026-03-31T21:38:23\",\r\n \"request-id\": \"ec7b5722-2ccd-4b93-9a2e-4536228c83e2\",\r\n \"client-request-id\": \"ec7b5722-2ccd-4b93-9a2e-4536228c83e2\"\r\n }\r\n }\r\n}",
+ "StatusCode": 403
+ },
+ {
+ "RequestUri": "/v1.0/directoryObjects/1840cc0e-55b5-442d-bbf6-52c0c7e27302",
+ "EncodedRequestUri": "L3YxLjAvZGlyZWN0b3J5T2JqZWN0cy8xODQwY2MwZS01NWI1LTQ0MmQtYmJmNi01MmMwYzdlMjczMDI=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "e049d4eb-6151-4044-813b-0df7c2b3507d"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Commands.Common.MSGraph.Version1.0.MicrosoftGraphClient/1.3.110"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Transfer-Encoding": [
+ "chunked"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000"
+ ],
+ "request-id": [
+ "5542fb2a-5bb0-4941-90aa-1b7c0f820651"
+ ],
+ "client-request-id": [
+ "5542fb2a-5bb0-4941-90aa-1b7c0f820651"
+ ],
+ "x-ms-ags-diagnostic": [
+ "{\"ServerInfo\":{\"DataCenter\":\"West Europe\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"009\",\"RoleInstance\":\"AM1PEPF00027CA4\"}}"
+ ],
+ "x-ms-resource-unit": [
+ "1"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:23 GMT"
+ ],
+ "Content-Type": [
+ "application/json"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"Authorization_RequestDenied\",\r\n \"message\": \"Insufficient privileges to complete the operation.\",\r\n \"innerError\": {\r\n \"date\": \"2026-03-31T21:38:23\",\r\n \"request-id\": \"5542fb2a-5bb0-4941-90aa-1b7c0f820651\",\r\n \"client-request-id\": \"5542fb2a-5bb0-4941-90aa-1b7c0f820651\"\r\n }\r\n }\r\n}",
+ "StatusCode": 403
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments?$filter=denyAssignmentName%20eq%20'Test-DA-RemoveByName-7c982395'&api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzPyRmaWx0ZXI9ZGVueUFzc2lnbm1lbnROYW1lJTIwZXElMjAnVGVzdC1EQS1SZW1vdmVCeU5hbWUtN2M5ODIzOTUnJmFwaS12ZXJzaW9uPTIwMjQtMDctMDEtcHJldmlldw==",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "e049d4eb-6151-4044-813b-0df7c2b3507d"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "727afbdd-786e-4f9e-b932-acb98cee596a"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/4a86f317-5aa8-43f2-aa69-3e183cfcd9fd"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "249"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-reads": [
+ "3749"
+ ],
+ "x-ms-correlation-request-id": [
+ "718c6017-adf1-41f7-b71b-35291ef58a19"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213823Z:718c6017-adf1-41f7-b71b-35291ef58a19"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 38E96D36FEA54205B823D9CABD6B41F2 Ref B: AMS231022012029 Ref C: 2026-03-31T21:38:23Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:23 GMT"
+ ],
+ "Content-Length": [
+ "1009"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-RemoveByName-7c982395\",\r\n \"description\": \"Test removal by name and scope\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:38:20.3232034Z\",\r\n \"updatedOn\": \"2026-03-31T21:38:20.3232034Z\",\r\n \"createdBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\",\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/4016ebcb-567f-4bc0-88a5-3b1df4743913\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"4016ebcb-567f-4bc0-88a5-3b1df4743913\"\r\n }\r\n ]\r\n}",
+ "StatusCode": 200
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/4016ebcb-567f-4bc0-88a5-3b1df4743913?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzQwMTZlYmNiLTU2N2YtNGJjMC04OGE1LTNiMWRmNDc0MzkxMz9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "DELETE",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "e049d4eb-6151-4044-813b-0df7c2b3507d"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "60339731-9def-4465-9851-2d5f049766cd"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/7e24664c-b0ad-47fe-b444-b877fda74380"
+ ],
+ "x-ms-ratelimit-remaining-subscription-deletes": [
+ "199"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-deletes": [
+ "2999"
+ ],
+ "x-ms-correlation-request-id": [
+ "fa0c676c-f6b4-4664-ad63-81e3acecb861"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213827Z:fa0c676c-f6b4-4664-ad63-81e3acecb861"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 44E93114DCBD45159766A8A72B05286A Ref B: AMS231022012029 Ref C: 2026-03-31T21:38:23Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:26 GMT"
+ ],
+ "Content-Length": [
+ "997"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-RemoveByName-7c982395\",\r\n \"description\": \"Test removal by name and scope\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:38:20.3232034Z\",\r\n \"updatedOn\": \"2026-03-31T21:38:24.4992453Z\",\r\n \"createdBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\",\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/4016ebcb-567f-4bc0-88a5-3b1df4743913\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"4016ebcb-567f-4bc0-88a5-3b1df4743913\"\r\n}",
+ "StatusCode": 200
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/4016ebcb-567f-4bc0-88a5-3b1df4743913?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzQwMTZlYmNiLTU2N2YtNGJjMC04OGE1LTNiMWRmNDc0MzkxMz9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "741f8155-c1d3-4305-85d4-876141696a14"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "6b5d2fbc-420f-400c-b727-1ea0aea8a7c9"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/3ecc3444-0dbe-41db-aa86-31967b8c0e75"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "249"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-reads": [
+ "3749"
+ ],
+ "x-ms-correlation-request-id": [
+ "26217a64-179e-4643-9b9e-c846b287989e"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213827Z:26217a64-179e-4643-9b9e-c846b287989e"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 0FCC8E732A9D417AA4AACAA73C4FCFF6 Ref B: AMS231032609027 Ref C: 2026-03-31T21:38:27Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:26 GMT"
+ ],
+ "Content-Length": [
+ "129"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"DenyAssignmentNotFound\",\r\n \"message\": \"The deny assignment '4016ebcb-567f-4bc0-88a5-3b1df4743913' was not found.\"\r\n }\r\n}",
+ "StatusCode": 404
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "34560e2c-8954-4848-a8d2-dc419301b9fc"
+ }
+}
\ No newline at end of file
diff --git a/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/RemoveDaWithPassThru.json b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/RemoveDaWithPassThru.json
new file mode 100644
index 000000000000..e36f8907e638
--- /dev/null
+++ b/src/Resources/Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.DenyAssignmentCrudTests/RemoveDaWithPassThru.json
@@ -0,0 +1,347 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/1d7b9648-fae2-41e4-b228-dccd7e000464?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzFkN2I5NjQ4LWZhZTItNDFlNC1iMjI4LWRjY2Q3ZTAwMDQ2ND9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "PUT",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "c2fde28a-8c54-4026-908f-253074e86ff1"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Content-Length": [
+ "660"
+ ]
+ },
+ "RequestBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-PassThru-e3035fac\",\r\n \"description\": \"Test removal with PassThru\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ]\r\n }\r\n}",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "ed340c8a-3980-4a68-8cb9-a7404044ea11"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/dbc44159-ddae-4b3e-8a82-d2ef6920e161"
+ ],
+ "x-ms-ratelimit-remaining-subscription-writes": [
+ "199"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-writes": [
+ "2999"
+ ],
+ "x-ms-correlation-request-id": [
+ "bd47dbc0-367c-46dd-9810-c9d6beca7ad3"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213801Z:bd47dbc0-367c-46dd-9810-c9d6beca7ad3"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 9F34D1DE8F91477D8156A50C6E577D5C Ref B: AMS231020614009 Ref C: 2026-03-31T21:37:59Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:01 GMT"
+ ],
+ "Content-Length": [
+ "955"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-PassThru-e3035fac\",\r\n \"description\": \"Test removal with PassThru\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:37:59.6499494Z\",\r\n \"updatedOn\": \"2026-03-31T21:37:59.6499494Z\",\r\n \"createdBy\": null,\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/1d7b9648-fae2-41e4-b228-dccd7e000464\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"1d7b9648-fae2-41e4-b228-dccd7e000464\"\r\n}",
+ "StatusCode": 201
+ },
+ {
+ "RequestUri": "/v1.0/directoryObjects/1840cc0e-55b5-442d-bbf6-52c0c7e27302",
+ "EncodedRequestUri": "L3YxLjAvZGlyZWN0b3J5T2JqZWN0cy8xODQwY2MwZS01NWI1LTQ0MmQtYmJmNi01MmMwYzdlMjczMDI=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "c2fde28a-8c54-4026-908f-253074e86ff1"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Commands.Common.MSGraph.Version1.0.MicrosoftGraphClient/1.3.110"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Transfer-Encoding": [
+ "chunked"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000"
+ ],
+ "request-id": [
+ "78c14bf7-a38c-4654-97c2-7374b26c7fef"
+ ],
+ "client-request-id": [
+ "78c14bf7-a38c-4654-97c2-7374b26c7fef"
+ ],
+ "x-ms-ags-diagnostic": [
+ "{\"ServerInfo\":{\"DataCenter\":\"West Europe\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"008\",\"RoleInstance\":\"AM2PEPF0002BC66\"}}"
+ ],
+ "x-ms-resource-unit": [
+ "1"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:01 GMT"
+ ],
+ "Content-Type": [
+ "application/json"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"Authorization_RequestDenied\",\r\n \"message\": \"Insufficient privileges to complete the operation.\",\r\n \"innerError\": {\r\n \"date\": \"2026-03-31T21:38:01\",\r\n \"request-id\": \"78c14bf7-a38c-4654-97c2-7374b26c7fef\",\r\n \"client-request-id\": \"78c14bf7-a38c-4654-97c2-7374b26c7fef\"\r\n }\r\n }\r\n}",
+ "StatusCode": 403
+ },
+ {
+ "RequestUri": "/v1.0/directoryObjects/1840cc0e-55b5-442d-bbf6-52c0c7e27302",
+ "EncodedRequestUri": "L3YxLjAvZGlyZWN0b3J5T2JqZWN0cy8xODQwY2MwZS01NWI1LTQ0MmQtYmJmNi01MmMwYzdlMjczMDI=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "0610ca59-5042-4634-be5c-4ff17a42a488"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Commands.Common.MSGraph.Version1.0.MicrosoftGraphClient/1.3.110"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Transfer-Encoding": [
+ "chunked"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000"
+ ],
+ "request-id": [
+ "f2dfee4d-80ab-4e0c-a816-870b0232d7a5"
+ ],
+ "client-request-id": [
+ "f2dfee4d-80ab-4e0c-a816-870b0232d7a5"
+ ],
+ "x-ms-ags-diagnostic": [
+ "{\"ServerInfo\":{\"DataCenter\":\"West Europe\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"006\",\"RoleInstance\":\"AM1PEPF0003F4C5\"}}"
+ ],
+ "x-ms-resource-unit": [
+ "1"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:02 GMT"
+ ],
+ "Content-Type": [
+ "application/json"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"Authorization_RequestDenied\",\r\n \"message\": \"Insufficient privileges to complete the operation.\",\r\n \"innerError\": {\r\n \"date\": \"2026-03-31T21:38:02\",\r\n \"request-id\": \"f2dfee4d-80ab-4e0c-a816-870b0232d7a5\",\r\n \"client-request-id\": \"f2dfee4d-80ab-4e0c-a816-870b0232d7a5\"\r\n }\r\n }\r\n}",
+ "StatusCode": 403
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/1d7b9648-fae2-41e4-b228-dccd7e000464?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzFkN2I5NjQ4LWZhZTItNDFlNC1iMjI4LWRjY2Q3ZTAwMDQ2ND9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "GET",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "0610ca59-5042-4634-be5c-4ff17a42a488"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "b0b4bf74-51f1-455b-bccb-34d7b82507fb"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/8b6111b5-37a8-4205-b1ff-9b65eb9cc919"
+ ],
+ "x-ms-ratelimit-remaining-subscription-reads": [
+ "249"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-reads": [
+ "3749"
+ ],
+ "x-ms-correlation-request-id": [
+ "aedaa272-7f7b-42a8-8c76-c72a02f18d4c"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213802Z:aedaa272-7f7b-42a8-8c76-c72a02f18d4c"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: 71FF4FF97FE7444AAA86623DB6223FE2 Ref B: AMS231032608025 Ref C: 2026-03-31T21:38:01Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:01 GMT"
+ ],
+ "Content-Length": [
+ "989"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-PassThru-e3035fac\",\r\n \"description\": \"Test removal with PassThru\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:37:59.8219511Z\",\r\n \"updatedOn\": \"2026-03-31T21:37:59.8219511Z\",\r\n \"createdBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\",\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/1d7b9648-fae2-41e4-b228-dccd7e000464\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"1d7b9648-fae2-41e4-b228-dccd7e000464\"\r\n}",
+ "StatusCode": 200
+ },
+ {
+ "RequestUri": "//subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/1d7b9648-fae2-41e4-b228-dccd7e000464?api-version=2024-07-01-preview",
+ "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzM0NTYwZTJjLTg5NTQtNDg0OC1hOGQyLWRjNDE5MzAxYjlmYy9wcm92aWRlcnMvTWljcm9zb2Z0LkF1dGhvcml6YXRpb24vZGVueUFzc2lnbm1lbnRzLzFkN2I5NjQ4LWZhZTItNDFlNC1iMjI4LWRjY2Q3ZTAwMDQ2ND9hcGktdmVyc2lvbj0yMDI0LTA3LTAxLXByZXZpZXc=",
+ "RequestMethod": "DELETE",
+ "RequestHeaders": {
+ "Accept-Language": [
+ "en-US"
+ ],
+ "x-ms-client-request-id": [
+ "0610ca59-5042-4634-be5c-4ff17a42a488"
+ ],
+ "User-Agent": [
+ "FxVersion/8.0.2526.11203",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.26200",
+ "Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/9.0.3"
+ ]
+ },
+ "RequestBody": "",
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-request-id": [
+ "ffd38c1d-7d46-425c-9078-ecd2e91ceb10"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "x-ms-operation-identifier": [
+ "appId=c090fe3f-66fa-4e18-8142-107d8f4cd0e4,tenantId=1ab18f38-ec79-4825-9410-1a4ff8e4fd0a,objectId=e01765f6-c2eb-4a00-91e1-ba65c17e4f5c/westeurope/5e0b64bf-1866-48ea-a8a3-b0825a36687d"
+ ],
+ "x-ms-ratelimit-remaining-subscription-deletes": [
+ "199"
+ ],
+ "x-ms-ratelimit-remaining-subscription-global-deletes": [
+ "2999"
+ ],
+ "x-ms-correlation-request-id": [
+ "4728d33c-2a1e-4710-ba40-57f047e77ca2"
+ ],
+ "x-ms-routing-request-id": [
+ "WESTEUROPE:20260331T213804Z:4728d33c-2a1e-4710-ba40-57f047e77ca2"
+ ],
+ "X-Cache": [
+ "CONFIG_NOCACHE"
+ ],
+ "X-MSEdge-Ref": [
+ "Ref A: A37D10ADE4834341887BF4B86D11967F Ref B: AMS231032608025 Ref C: 2026-03-31T21:38:02Z"
+ ],
+ "Date": [
+ "Tue, 31 Mar 2026 21:38:04 GMT"
+ ],
+ "Content-Length": [
+ "989"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Retry-After": [
+ "0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"denyAssignmentName\": \"Test-DA-PassThru-e3035fac\",\r\n \"description\": \"Test removal with PassThru\",\r\n \"permissions\": [\r\n {\r\n \"actions\": [\r\n \"Microsoft.Storage/storageAccounts/write\"\r\n ],\r\n \"notActions\": [],\r\n \"dataActions\": [],\r\n \"notDataActions\": []\r\n }\r\n ],\r\n \"scope\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc\",\r\n \"doNotApplyToChildScopes\": false,\r\n \"principals\": [\r\n {\r\n \"id\": \"00000000-0000-0000-0000-000000000000\",\r\n \"type\": \"SystemDefined\"\r\n }\r\n ],\r\n \"excludePrincipals\": [\r\n {\r\n \"id\": \"1840cc0e-55b5-442d-bbf6-52c0c7e27302\",\r\n \"type\": \"User\"\r\n }\r\n ],\r\n \"condition\": null,\r\n \"conditionVersion\": null,\r\n \"isSystemProtected\": false,\r\n \"createdOn\": \"2026-03-31T21:37:59.8219511Z\",\r\n \"updatedOn\": \"2026-03-31T21:38:02.8411864Z\",\r\n \"createdBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\",\r\n \"updatedBy\": \"e01765f6-c2eb-4a00-91e1-ba65c17e4f5c\"\r\n },\r\n \"id\": \"/subscriptions/34560e2c-8954-4848-a8d2-dc419301b9fc/providers/Microsoft.Authorization/denyAssignments/1d7b9648-fae2-41e4-b228-dccd7e000464\",\r\n \"type\": \"Microsoft.Authorization/denyAssignments\",\r\n \"name\": \"1d7b9648-fae2-41e4-b228-dccd7e000464\"\r\n}",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "34560e2c-8954-4848-a8d2-dc419301b9fc"
+ }
+}
\ No newline at end of file
diff --git a/src/Resources/Resources/Az.Resources.psd1 b/src/Resources/Resources/Az.Resources.psd1
index e85365fbdb43..2d279cc77ca3 100644
--- a/src/Resources/Resources/Az.Resources.psd1
+++ b/src/Resources/Resources/Az.Resources.psd1
@@ -171,7 +171,7 @@ CmdletsToExport = 'Export-AzResourceGroup', 'Export-AzTemplateSpec',
'Get-AzTemplateSpec', 'Get-AzTenantBackfillStatus',
'Get-AzTenantDeployment', 'Get-AzTenantDeploymentOperation',
'Get-AzTenantDeploymentWhatIfResult', 'Invoke-AzResourceAction',
- 'Move-AzResource', 'New-AzDeployment', 'New-AzManagedApplication',
+ 'Move-AzResource', 'New-AzDenyAssignment', 'New-AzDeployment', 'New-AzManagedApplication',
'New-AzManagedApplicationDefinition', 'New-AzManagementGroup',
'New-AzManagementGroupDeployment',
'New-AzManagementGroupDeploymentStack',
@@ -186,7 +186,7 @@ CmdletsToExport = 'Export-AzResourceGroup', 'Export-AzTemplateSpec',
'Publish-AzBicepModule', 'Register-AzProviderFeature',
'Register-AzProviderPreviewFeature', 'Register-AzResourceProvider',
'Remove-AzDeployment', 'Remove-AzDeploymentScript',
- 'Remove-AzManagedApplication',
+ 'Remove-AzDenyAssignment', 'Remove-AzManagedApplication',
'Remove-AzManagedApplicationDefinition', 'Remove-AzManagementGroup',
'Remove-AzManagementGroupDeployment',
'Remove-AzManagementGroupDeploymentStack',
diff --git a/src/Resources/Resources/ChangeLog.md b/src/Resources/Resources/ChangeLog.md
index f437fbc5d6d6..1208eeb8f619 100644
--- a/src/Resources/Resources/ChangeLog.md
+++ b/src/Resources/Resources/ChangeLog.md
@@ -19,6 +19,9 @@
-->
## Upcoming Release
+* Added `New-AzDenyAssignment` cmdlet for creating user-assigned deny assignments using the `2024-07-01-preview` API. Deny assignments allow denying specific write, delete, and action operations to all principals at a given scope while excluding specified principals.
+* Added `Remove-AzDenyAssignment` cmdlet for removing user-assigned deny assignments by ID, name and scope, or pipeline input.
+* Regenerated Authorization Management SDK from `2024-07-01-preview` swagger specification to include deny assignment create and delete operations.
## Version 9.0.3
* Updated the implementation of -Metadata parameter processing for cmdlets that use it for security. No behavior change.
diff --git a/src/Resources/Resources/DenyAssignments/NewAzureDenyAssignmentCommand.cs b/src/Resources/Resources/DenyAssignments/NewAzureDenyAssignmentCommand.cs
new file mode 100644
index 000000000000..f6a310d60a13
--- /dev/null
+++ b/src/Resources/Resources/DenyAssignments/NewAzureDenyAssignmentCommand.cs
@@ -0,0 +1,191 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
+using Microsoft.Azure.Commands.Resources.Models;
+using Microsoft.Azure.Commands.Resources.Models.Authorization;
+
+using Newtonsoft.Json;
+
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Management.Automation;
+
+namespace Microsoft.Azure.Commands.Resources
+{
+ ///
+ /// Creates a new deny assignment at the specified scope.
+ ///
+ [Cmdlet("New", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "DenyAssignment",
+ SupportsShouldProcess = true,
+ DefaultParameterSetName = ScopeWithPrincipalsParameterSet),
+ OutputType(typeof(PSDenyAssignment))]
+ public class NewAzureDenyAssignmentCommand : ResourcesBaseCmdlet
+ {
+ private const string ScopeWithPrincipalsParameterSet = "ScopeWithPrincipalsParameterSet";
+ private const string InputFileParameterSet = "InputFileParameterSet";
+
+ #region Parameters
+
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ScopeWithPrincipalsParameterSet,
+ HelpMessage = "The display name for the deny assignment.")]
+ [ValidateNotNullOrEmpty]
+ public string DenyAssignmentName { get; set; }
+
+ [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ScopeWithPrincipalsParameterSet,
+ HelpMessage = "A description of the deny assignment.")]
+ public string Description { get; set; }
+
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ScopeWithPrincipalsParameterSet,
+ HelpMessage = "Scope of the deny assignment. In the format of relative URI. For example, /subscriptions/{id}/resourceGroups/{rgName}.")]
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = InputFileParameterSet,
+ HelpMessage = "Scope of the deny assignment. In the format of relative URI.")]
+ [ValidateNotNullOrEmpty]
+ [ScopeCompleter]
+ public string Scope { get; set; }
+
+ [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ScopeWithPrincipalsParameterSet,
+ HelpMessage = "Actions to deny. Wildcards supported (e.g. Microsoft.Storage/storageAccounts/write, */delete). Note: read actions (*/read) are not permitted for user-assigned deny assignments.")]
+ public string[] Action { get; set; }
+
+ [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ScopeWithPrincipalsParameterSet,
+ HelpMessage = "Actions to exclude from the deny assignment.")]
+ public string[] NotAction { get; set; }
+
+ [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ScopeWithPrincipalsParameterSet,
+ HelpMessage = "Data actions to deny. Not supported for user-assigned deny assignments (Private Preview).")]
+ public string[] DataAction { get; set; }
+
+ [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ScopeWithPrincipalsParameterSet,
+ HelpMessage = "Data actions to exclude from the deny assignment. Not supported for user-assigned deny assignments (Private Preview).")]
+ public string[] NotDataAction { get; set; }
+
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ScopeWithPrincipalsParameterSet,
+ HelpMessage = "Object IDs of principals to exclude from the deny assignment. Required when principal is Everyone.")]
+ [ValidateNotNullOrEmpty]
+ public string[] ExcludePrincipalId { get; set; }
+
+ [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ScopeWithPrincipalsParameterSet,
+ HelpMessage = "Type(s) of the exclude principals (User, Group, ServicePrincipal). One per ExcludePrincipalId, or a single value applied to all. Defaults to User.")]
+ [ValidateSet("User", "Group", "ServicePrincipal")]
+ public string[] ExcludePrincipalType { get; set; }
+
+ [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ScopeWithPrincipalsParameterSet,
+ HelpMessage = "If set, the deny assignment does not apply to child scopes. Not supported for user-assigned deny assignments (Private Preview).")]
+ public SwitchParameter DoNotApplyToChildScope { get; set; }
+
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = InputFileParameterSet,
+ HelpMessage = "Path to a JSON file containing the deny assignment definition.")]
+ [ValidateNotNullOrEmpty]
+ public string InputFile { get; set; }
+
+ [Parameter(Mandatory = false, HelpMessage = "The GUID for the deny assignment. If not specified, a new GUID will be generated.")]
+ public Guid DenyAssignmentId { get; set; }
+
+ #endregion
+
+ public override void ExecuteCmdlet()
+ {
+ CreateDenyAssignmentOptions options;
+
+ if (!string.IsNullOrEmpty(InputFile))
+ {
+ string fileName = this.SessionState.Path.GetUnresolvedProviderPathFromPSPath(InputFile);
+ if (!File.Exists(fileName))
+ {
+ throw new PSArgumentException(string.Format("File {0} does not exist.", fileName));
+ }
+
+ try
+ {
+ options = JsonConvert.DeserializeObject(File.ReadAllText(fileName));
+ }
+ catch (JsonException ex)
+ {
+ throw new PSArgumentException(string.Format("Error parsing input file: {0}", ex.Message));
+ }
+
+ options.Scope = Scope;
+
+ // PP1 requires at least one excluded principal
+ if (options.ExcludePrincipalIds == null || options.ExcludePrincipalIds.Count == 0)
+ {
+ throw new PSArgumentException(
+ "Input file must specify at least one ExcludePrincipalIds entry. " +
+ "PP1 deny assignments apply to Everyone and require at least one excluded principal.");
+ }
+ }
+ else
+ {
+ // PP1 client-side validation: DataActions not supported
+ if ((DataAction != null && DataAction.Length > 0) || (NotDataAction != null && NotDataAction.Length > 0))
+ {
+ throw new PSArgumentException(
+ "DataActions and NotDataActions are not supported for PP1 user-assigned deny assignments. " +
+ "Only Actions and NotActions are permitted.");
+ }
+
+ // PP1 client-side validation: DoNotApplyToChildScopes not supported
+ if (DoNotApplyToChildScope.IsPresent)
+ {
+ throw new PSArgumentException(
+ "DoNotApplyToChildScopes is not supported for PP1 user-assigned deny assignments.");
+ }
+
+ // Require at least one Action or NotAction
+ if ((Action == null || Action.Length == 0) && (NotAction == null || NotAction.Length == 0))
+ {
+ throw new PSArgumentException(
+ "At least one -Action or -NotAction is required to create a deny assignment.");
+ }
+
+ // Validate ExcludePrincipalType count matches ExcludePrincipalId count
+ if (ExcludePrincipalType != null && ExcludePrincipalType.Length > 1
+ && ExcludePrincipalType.Length != ExcludePrincipalId.Length)
+ {
+ throw new PSArgumentException(
+ string.Format("-ExcludePrincipalType must specify either 1 value (applied to all) or exactly {0} values " +
+ "(one per -ExcludePrincipalId). Got {1}.", ExcludePrincipalId.Length, ExcludePrincipalType.Length));
+ }
+
+ options = new CreateDenyAssignmentOptions
+ {
+ DenyAssignmentName = DenyAssignmentName,
+ Description = Description,
+ Scope = Scope,
+ Actions = Action != null ? new List(Action) : new List(),
+ NotActions = NotAction != null ? new List(NotAction) : new List(),
+ DataActions = DataAction != null ? new List(DataAction) : new List(),
+ NotDataActions = NotDataAction != null ? new List(NotDataAction) : new List(),
+ ExcludePrincipalIds = ExcludePrincipalId != null ? new List(ExcludePrincipalId) : new List(),
+ ExcludePrincipalTypes = ExcludePrincipalType != null ? new List(ExcludePrincipalType) : null,
+ DoNotApplyToChildScopes = DoNotApplyToChildScope.IsPresent,
+ };
+ }
+
+ AuthorizationClient.ValidateScope(options.Scope, false);
+
+ Guid assignmentId = DenyAssignmentId == Guid.Empty ? Guid.NewGuid() : DenyAssignmentId;
+
+ if (ShouldProcess(options.Scope,
+ string.Format("Creating deny assignment '{0}'", options.DenyAssignmentName ?? assignmentId.ToString())))
+ {
+ PSDenyAssignment result = PoliciesClient.CreateDenyAssignment(options, assignmentId);
+ WriteObject(result);
+ }
+ }
+ }
+}
diff --git a/src/Resources/Resources/DenyAssignments/RemoveAzureDenyAssignmentCommand.cs b/src/Resources/Resources/DenyAssignments/RemoveAzureDenyAssignmentCommand.cs
new file mode 100644
index 000000000000..5cf1faf4c319
--- /dev/null
+++ b/src/Resources/Resources/DenyAssignments/RemoveAzureDenyAssignmentCommand.cs
@@ -0,0 +1,117 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
+using Microsoft.Azure.Commands.Resources.Models;
+using Microsoft.Azure.Commands.Resources.Models.Authorization;
+
+using System;
+using System.Management.Automation;
+
+namespace Microsoft.Azure.Commands.Resources
+{
+ ///
+ /// Removes a deny assignment at the specified scope.
+ ///
+ [Cmdlet("Remove", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "DenyAssignment",
+ SupportsShouldProcess = true,
+ ConfirmImpact = ConfirmImpact.Medium,
+ DefaultParameterSetName = DenyAssignmentIdParameterSet),
+ OutputType(typeof(PSDenyAssignment))]
+ public class RemoveAzureDenyAssignmentCommand : ResourcesBaseCmdlet
+ {
+ private const string DenyAssignmentIdParameterSet = "DenyAssignmentIdParameterSet";
+ private const string DenyAssignmentNameAndScopeParameterSet = "DenyAssignmentNameAndScopeParameterSet";
+ private const string InputObjectParameterSet = "InputObjectParameterSet";
+
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = DenyAssignmentIdParameterSet,
+ HelpMessage = "Fully qualified deny assignment ID including scope, or just the GUID. " +
+ "When provided as a GUID, the current subscription scope is used.")]
+ [ValidateNotNullOrEmpty]
+ public string Id { get; set; }
+
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = DenyAssignmentNameAndScopeParameterSet,
+ HelpMessage = "The display name of the deny assignment to remove.")]
+ [ValidateNotNullOrEmpty]
+ public string DenyAssignmentName { get; set; }
+
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = DenyAssignmentNameAndScopeParameterSet,
+ HelpMessage = "Scope of the deny assignment. In the format of relative URI.")]
+ [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = DenyAssignmentIdParameterSet,
+ HelpMessage = "Scope of the deny assignment. In the format of relative URI.")]
+ [ValidateNotNullOrEmpty]
+ [ScopeCompleter]
+ public string Scope { get; set; }
+
+ [Parameter(Mandatory = true, ValueFromPipeline = true, Position = 0, ParameterSetName = InputObjectParameterSet,
+ HelpMessage = "Deny assignment object from Get-AzDenyAssignment.")]
+ [ValidateNotNull]
+ public PSDenyAssignment InputObject { get; set; }
+
+ [Parameter(Mandatory = false, HelpMessage = "If specified, returns the deleted deny assignment.")]
+ public SwitchParameter PassThru { get; set; }
+
+ [Parameter(Mandatory = false, HelpMessage = "Do not ask for confirmation.")]
+ public SwitchParameter Force { get; set; }
+
+ public override void ExecuteCmdlet()
+ {
+ string denyAssignmentId;
+ string scope;
+
+ if (ParameterSetName == InputObjectParameterSet)
+ {
+ denyAssignmentId = InputObject.Id;
+ scope = InputObject.Scope;
+ }
+ else if (ParameterSetName == DenyAssignmentNameAndScopeParameterSet)
+ {
+ // Resolve name to ID by getting the deny assignment first
+ denyAssignmentId = null; // Will be resolved by AuthorizationClient
+ scope = Scope;
+ }
+ else
+ {
+ denyAssignmentId = Id;
+ scope = Scope;
+ }
+
+ if (!string.IsNullOrEmpty(scope))
+ {
+ AuthorizationClient.ValidateScope(scope, true);
+ }
+
+ string target = denyAssignmentId ?? DenyAssignmentName;
+
+ ConfirmAction(
+ Force.IsPresent,
+ string.Format("Are you sure you want to remove deny assignment '{0}'?", target),
+ string.Format("Removing deny assignment '{0}'", target),
+ target,
+ () =>
+ {
+ PSDenyAssignment result = PoliciesClient.RemoveDenyAssignment(
+ denyAssignmentId,
+ DenyAssignmentName,
+ scope,
+ DefaultProfile.DefaultContext.Subscription.Id.ToString());
+
+ if (PassThru)
+ {
+ WriteObject(result);
+ }
+ });
+ }
+ }
+}
diff --git a/src/Resources/Resources/Models.Authorization/AuthorizationClient.cs b/src/Resources/Resources/Models.Authorization/AuthorizationClient.cs
index 5be6a927216b..003cc97bc2aa 100644
--- a/src/Resources/Resources/Models.Authorization/AuthorizationClient.cs
+++ b/src/Resources/Resources/Models.Authorization/AuthorizationClient.cs
@@ -614,6 +614,155 @@ private List FilterDenyAssignmentsByScope(FilterDenyAssignment
return AuthorizationManagementClient.DenyAssignments.List(odataQuery).ToPSDenyAssignments(ActiveDirectoryClient).ToList();
}
+ // =====================================================================
+ // Deny Assignment Create/Delete
+ // =====================================================================
+
+ ///
+ /// Creates a deny assignment at the specified scope.
+ ///
+ public PSDenyAssignment CreateDenyAssignment(CreateDenyAssignmentOptions options, Guid denyAssignmentId)
+ {
+ if (denyAssignmentId == Guid.Empty)
+ {
+ denyAssignmentId = Guid.NewGuid();
+ }
+
+ var permissions = new List
+ {
+ new DenyAssignmentPermission
+ {
+ Actions = options.Actions,
+ NotActions = options.NotActions,
+ DataActions = options.DataActions,
+ NotDataActions = options.NotDataActions
+ }
+ };
+
+ // PP1 model: principals must be Everyone (SystemDefined), actual targets go in excludePrincipals
+ if (options.PrincipalIds != null && options.PrincipalIds.Count > 0
+ && !(options.PrincipalIds.Count == 1 && options.PrincipalIds[0] == Guid.Empty.ToString()))
+ {
+ throw new ArgumentException(
+ "PP1 deny assignments only support the Everyone principal (SystemDefined). " +
+ "Custom principal IDs are not supported. Use ExcludePrincipalIds to exclude specific principals.");
+ }
+
+ var principals = new List
+ {
+ new DenyAssignmentPrincipal
+ {
+ Id = Guid.Empty.ToString(),
+ Type = "SystemDefined"
+ }
+ };
+
+ var excludePrincipals = new List();
+ var excludeIds = options.ExcludePrincipalIds ?? new List();
+ var excludeTypes = options.ExcludePrincipalTypes;
+ var defaultType = options.ExcludePrincipalType ?? "User";
+
+ for (int i = 0; i < excludeIds.Count; i++)
+ {
+ string type;
+ if (excludeTypes != null && excludeTypes.Count == 1)
+ {
+ // Single type broadcasts to all IDs
+ type = excludeTypes[0];
+ }
+ else if (excludeTypes != null && i < excludeTypes.Count)
+ {
+ type = excludeTypes[i];
+ }
+ else
+ {
+ type = defaultType;
+ }
+ excludePrincipals.Add(new DenyAssignmentPrincipal { Id = excludeIds[i], Type = type });
+ }
+
+ var denyAssignment = new DenyAssignment
+ {
+ DenyAssignmentName = options.DenyAssignmentName,
+ Description = options.Description,
+ Permissions = permissions,
+ Principals = principals,
+ ExcludePrincipals = excludePrincipals,
+ DoNotApplyToChildScopes = options.DoNotApplyToChildScopes,
+ };
+
+ var result = AuthorizationManagementClient.DenyAssignments
+ .CreateOrUpdate(options.Scope, denyAssignmentId.ToString(), denyAssignment);
+
+ if (result == null)
+ {
+ throw new InvalidOperationException(
+ "The service returned an empty response when creating the deny assignment. " +
+ "Verify that the UserAssignedDenyAssignment feature flag is enabled on the subscription.");
+ }
+
+ return result.ToPSDenyAssignment(ActiveDirectoryClient);
+ }
+
+ ///
+ /// Removes a deny assignment by its fully qualified ID or by name + scope.
+ ///
+ public PSDenyAssignment RemoveDenyAssignment(string denyAssignmentId, string denyAssignmentName, string scope, string subscriptionId)
+ {
+ // Resolve the deny assignment to delete
+ PSDenyAssignment toDelete = null;
+
+ if (!string.IsNullOrEmpty(denyAssignmentId))
+ {
+ var resolvedScope = !string.IsNullOrEmpty(scope)
+ ? scope
+ : AuthorizationHelper.GetScopeFromFullyQualifiedId(denyAssignmentId)
+ ?? AuthorizationHelper.GetSubscriptionScope(subscriptionId);
+
+ try
+ {
+ toDelete = AuthorizationManagementClient.DenyAssignments
+ .Get(resolvedScope, denyAssignmentId.GuidFromFullyQualifiedId())
+ .ToPSDenyAssignment(ActiveDirectoryClient);
+ }
+ catch (Microsoft.Rest.Azure.CloudException ex) when (ex.Response?.StatusCode == System.Net.HttpStatusCode.NotFound)
+ {
+ throw new KeyNotFoundException(
+ string.Format("Deny assignment '{0}' not found at scope '{1}'.", denyAssignmentId, resolvedScope));
+ }
+ }
+ else if (!string.IsNullOrEmpty(denyAssignmentName) && !string.IsNullOrEmpty(scope))
+ {
+ var options = new FilterDenyAssignmentsOptions
+ {
+ DenyAssignmentName = denyAssignmentName,
+ Scope = scope,
+ };
+ var matches = FilterDenyAssignments(options, subscriptionId);
+ if (matches == null || matches.Count == 0)
+ {
+ throw new KeyNotFoundException(
+ string.Format("No deny assignment named '{0}' found at scope '{1}'.", denyAssignmentName, scope));
+ }
+ if (matches.Count > 1)
+ {
+ throw new InvalidOperationException(
+ string.Format("Multiple deny assignments named '{0}' found at scope '{1}'. Use -Id to specify which one to remove.",
+ denyAssignmentName, scope));
+ }
+ toDelete = matches[0];
+ }
+ else
+ {
+ throw new ArgumentException("Either denyAssignmentId or (denyAssignmentName + scope) must be provided.");
+ }
+
+ AuthorizationManagementClient.DenyAssignments
+ .Delete(toDelete.Scope, toDelete.Id.GuidFromFullyQualifiedId());
+
+ return toDelete;
+ }
+
private PSRoleDefinition CreateOrUpdateRoleDefinition(Guid roleDefinitionId, PSRoleDefinition roleDefinition)
{
PSRoleDefinition roleDef = null;
diff --git a/src/Resources/Resources/Models.Authorization/AuthorizationClientExtensions.cs b/src/Resources/Resources/Models.Authorization/AuthorizationClientExtensions.cs
index 137fe53372cc..fd1247e8a1ab 100644
--- a/src/Resources/Resources/Models.Authorization/AuthorizationClientExtensions.cs
+++ b/src/Resources/Resources/Models.Authorization/AuthorizationClientExtensions.cs
@@ -243,19 +243,30 @@ private static List GetAdObjectsByObjectIds(List objectIds,
}
private static IEnumerable ToPSPrincipals(this IEnumerable principals, IEnumerable adObjects)
+ {
+ return principals.ToPSPrincipalsCore(adObjects, p => p.Id, p => p.Type);
+ }
+
+ private static IEnumerable ToPSPrincipals(this IEnumerable principals, IEnumerable adObjects)
+ {
+ return principals.ToPSPrincipalsCore(adObjects, p => p.Id, p => p.Type);
+ }
+
+ private static IEnumerable ToPSPrincipalsCore(this IEnumerable principals, IEnumerable adObjects,
+ Func idSelector, Func typeSelector)
{
var psPrincipals = new List();
foreach (var p in principals)
{
- var pid = Guid.Parse(p.Id);
+ var pid = Guid.Parse(idSelector(p));
if (pid == Guid.Empty)
{
- psPrincipals.Add(new PSPrincipal { DisplayName = AllPrincipals, ObjectType = SystemDefined, ObjectId = new Guid(p.Id) });
+ psPrincipals.Add(new PSPrincipal { DisplayName = AllPrincipals, ObjectType = SystemDefined, ObjectId = pid });
}
else
{
var adObject = adObjects.SingleOrDefault(o => o.Id == pid.ToString()) ?? new PSADObject() { Id = pid.ToString()};
- psPrincipals.Add(new PSPrincipal { DisplayName = adObject?.DisplayName, ObjectType = p.Type, ObjectId = new Guid(p.Id) });
+ psPrincipals.Add(new PSPrincipal { DisplayName = adObject?.DisplayName, ObjectType = typeSelector(p), ObjectId = pid });
}
}
return psPrincipals;
diff --git a/src/Resources/Resources/Models.Authorization/CreateDenyAssignmentOptions.cs b/src/Resources/Resources/Models.Authorization/CreateDenyAssignmentOptions.cs
new file mode 100644
index 000000000000..0de724739097
--- /dev/null
+++ b/src/Resources/Resources/Models.Authorization/CreateDenyAssignmentOptions.cs
@@ -0,0 +1,66 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Newtonsoft.Json;
+
+using System.Collections.Generic;
+
+namespace Microsoft.Azure.Commands.Resources.Models.Authorization
+{
+ ///
+ /// Options for creating a deny assignment.
+ ///
+ public class CreateDenyAssignmentOptions
+ {
+ [JsonProperty("denyAssignmentName")]
+ public string DenyAssignmentName { get; set; }
+
+ [JsonProperty("description")]
+ public string Description { get; set; }
+
+ [JsonProperty("scope")]
+ public string Scope { get; set; }
+
+ [JsonProperty("actions")]
+ public List Actions { get; set; } = new List();
+
+ [JsonProperty("notActions")]
+ public List NotActions { get; set; } = new List();
+
+ [JsonProperty("dataActions")]
+ public List DataActions { get; set; } = new List();
+
+ [JsonProperty("notDataActions")]
+ public List NotDataActions { get; set; } = new List();
+
+ [JsonProperty("principalIds")]
+ public List PrincipalIds { get; set; } = new List();
+
+ [JsonProperty("excludePrincipalIds")]
+ public List ExcludePrincipalIds { get; set; } = new List();
+
+ [JsonProperty("excludePrincipalTypes")]
+ public List ExcludePrincipalTypes { get; set; }
+
+ ///
+ /// Legacy single-value property for backward compatibility with input files.
+ /// When set, applies to all exclude principals unless ExcludePrincipalTypes is also provided.
+ ///
+ [JsonProperty("excludePrincipalType")]
+ public string ExcludePrincipalType { get; set; }
+
+ [JsonProperty("doNotApplyToChildScopes")]
+ public bool DoNotApplyToChildScopes { get; set; }
+ }
+}
diff --git a/src/Resources/Resources/help/New-AzDenyAssignment.md b/src/Resources/Resources/help/New-AzDenyAssignment.md
new file mode 100644
index 000000000000..3a054ffa3a81
--- /dev/null
+++ b/src/Resources/Resources/help/New-AzDenyAssignment.md
@@ -0,0 +1,318 @@
+---
+external help file: Microsoft.Azure.PowerShell.Cmdlets.Resources.dll-Help.xml
+Module Name: Az.Resources
+online version: https://learn.microsoft.com/powershell/module/az.resources/new-azdenyassignment
+schema: 2.0.0
+---
+
+# New-AzDenyAssignment
+
+## SYNOPSIS
+Creates a user-assigned deny assignment at the specified scope.
+PP1 deny assignments apply to all principals (Everyone) and require at least one excluded principal.
+
+## SYNTAX
+
+### ScopeWithPrincipalsParameterSet (Default)
+```
+New-AzDenyAssignment -DenyAssignmentName -Scope -ExcludePrincipalId
+ [-Description ] [-Action ] [-NotAction ] [-DataAction ]
+ [-NotDataAction ] [-ExcludePrincipalType ] [-DoNotApplyToChildScope]
+ [-DenyAssignmentId ] [-DefaultProfile ]
+ [-WhatIf] [-Confirm] []
+```
+
+### InputFileParameterSet
+```
+New-AzDenyAssignment -Scope -InputFile [-DenyAssignmentId ]
+ [-DefaultProfile ] [-WhatIf] [-Confirm] []
+```
+
+## DESCRIPTION
+Use the New-AzDenyAssignment command to create a new user-assigned deny assignment at the specified scope.
+
+PP1 deny assignments apply to all principals (Everyone) and require at least one excluded principal to be specified via the ExcludePrincipalId parameter.
+Only write, delete, and action operations can be denied. Read actions and data actions are not supported in PP1.
+
+## EXAMPLES
+
+### Example 1: Create a deny assignment that blocks delete actions
+```powershell
+New-AzDenyAssignment -DenyAssignmentName "Block deletes" `
+ -Scope "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG" `
+ -Action "*/delete" `
+ -ExcludePrincipalId "11111111-1111-1111-1111-111111111111" `
+ -ExcludePrincipalType "User"
+```
+
+Creates a deny assignment named "Block deletes" at the resource group scope that denies all delete actions. The specified user is excluded from the deny assignment.
+
+### Example 2: Create a deny assignment from a JSON input file
+```powershell
+New-AzDenyAssignment -Scope "/subscriptions/00000000-0000-0000-0000-000000000000" `
+ -InputFile "C:\DenyAssignment.json"
+```
+
+Creates a deny assignment using the definition in the specified JSON file. The input file must include DenyAssignmentName, Actions, and ExcludePrincipalIds.
+
+### Example 3: Create a deny assignment with multiple exclude principals
+```powershell
+New-AzDenyAssignment -DenyAssignmentName "Block writes" `
+ -Scope "/subscriptions/00000000-0000-0000-0000-000000000000" `
+ -Action "*/write" `
+ -ExcludePrincipalId "11111111-1111-1111-1111-111111111111", "22222222-2222-2222-2222-222222222222" `
+ -ExcludePrincipalType "User", "ServicePrincipal"
+```
+
+Creates a deny assignment that denies write actions, excluding a user and a service principal.
+
+## PARAMETERS
+
+### -Action
+Actions to deny. Wildcards supported (e.g., */delete, Microsoft.Storage/storageAccounts/*).
+
+```yaml
+Type: System.String[]
+Parameter Sets: ScopeWithPrincipalsParameterSet
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -DataAction
+Data actions to deny. Note: Data actions are not supported in Public Preview 1 user-assigned deny assignments and will be rejected by the service.
+
+```yaml
+Type: System.String[]
+Parameter Sets: ScopeWithPrincipalsParameterSet
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -DefaultProfile
+The credentials, account, tenant, and subscription used for communication with Azure.
+
+```yaml
+Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
+Parameter Sets: (All)
+Aliases: AzContext, AzureRmContext, AzureCredential
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -DenyAssignmentId
+The GUID for the deny assignment. If not specified, a new GUID will be generated.
+
+```yaml
+Type: System.Guid
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -DenyAssignmentName
+The display name for the deny assignment.
+
+```yaml
+Type: System.String
+Parameter Sets: ScopeWithPrincipalsParameterSet
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -Description
+A description of the deny assignment.
+
+```yaml
+Type: System.String
+Parameter Sets: ScopeWithPrincipalsParameterSet
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -DoNotApplyToChildScope
+If set, the deny assignment does not apply to child scopes. Note: This property is not supported in Public Preview 1 user-assigned deny assignments and will be rejected by the service.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: ScopeWithPrincipalsParameterSet
+Aliases:
+
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ExcludePrincipalId
+Object IDs of principals to exclude from the deny assignment. Required when principal is Everyone.
+
+```yaml
+Type: System.String[]
+Parameter Sets: ScopeWithPrincipalsParameterSet
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -ExcludePrincipalType
+Type(s) of the exclude principals (User, Group, ServicePrincipal). One per ExcludePrincipalId, or a single value applied to all. Defaults to User.
+
+```yaml
+Type: System.String[]
+Parameter Sets: ScopeWithPrincipalsParameterSet
+Aliases:
+Accepted values: User, Group, ServicePrincipal
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -InputFile
+Path to a JSON file containing the deny assignment definition.
+
+```yaml
+Type: System.String
+Parameter Sets: InputFileParameterSet
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -NotAction
+Actions to exclude from the deny assignment.
+
+```yaml
+Type: System.String[]
+Parameter Sets: ScopeWithPrincipalsParameterSet
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -NotDataAction
+Data actions to exclude from the deny assignment. Note: Data actions are not supported in Public Preview 1 user-assigned deny assignments.
+
+```yaml
+Type: System.String[]
+Parameter Sets: ScopeWithPrincipalsParameterSet
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -Scope
+Scope of the deny assignment. In the format of relative URI. For example, /subscriptions/{id}/resourceGroups/{rgName}.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -Confirm
+Prompts you for confirmation before running the cmdlet.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases: cf
+
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -WhatIf
+Shows what would happen if the cmdlet runs. The cmdlet is not run.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases: wi
+
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### System.String
+
+### System.String[]
+
+### System.Guid
+
+## OUTPUTS
+
+### Microsoft.Azure.Commands.Resources.Models.Authorization.PSDenyAssignment
+
+## NOTES
+
+## RELATED LINKS
+
+[Get-AzDenyAssignment](./Get-AzDenyAssignment.md)
+
+[Remove-AzDenyAssignment](./Remove-AzDenyAssignment.md)
diff --git a/src/Resources/Resources/help/Remove-AzDenyAssignment.md b/src/Resources/Resources/help/Remove-AzDenyAssignment.md
new file mode 100644
index 000000000000..cc3b0364be11
--- /dev/null
+++ b/src/Resources/Resources/help/Remove-AzDenyAssignment.md
@@ -0,0 +1,230 @@
+---
+external help file: Microsoft.Azure.PowerShell.Cmdlets.Resources.dll-Help.xml
+Module Name: Az.Resources
+online version: https://learn.microsoft.com/powershell/module/az.resources/remove-azdenyassignment
+schema: 2.0.0
+---
+
+# Remove-AzDenyAssignment
+
+## SYNOPSIS
+Removes a user-assigned deny assignment at the specified scope.
+
+## SYNTAX
+
+### DenyAssignmentIdParameterSet (Default)
+```
+Remove-AzDenyAssignment -Id [-Scope ] [-PassThru] [-Force]
+ [-DefaultProfile ] [-WhatIf] [-Confirm] []
+```
+
+### DenyAssignmentNameAndScopeParameterSet
+```
+Remove-AzDenyAssignment -DenyAssignmentName -Scope [-PassThru] [-Force]
+ [-DefaultProfile ] [-WhatIf] [-Confirm] []
+```
+
+### InputObjectParameterSet
+```
+Remove-AzDenyAssignment [-InputObject] [-PassThru] [-Force]
+ [-DefaultProfile ] [-WhatIf] [-Confirm] []
+```
+
+## DESCRIPTION
+Use the Remove-AzDenyAssignment command to remove a user-assigned deny assignment.
+The deny assignment can be identified by its ID, by display name and scope, or by piping a PSDenyAssignment object from Get-AzDenyAssignment.
+
+## EXAMPLES
+
+### Example 1: Remove a deny assignment by ID
+```powershell
+Remove-AzDenyAssignment -Id "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/denyAssignments/11111111-1111-1111-1111-111111111111" -Force
+```
+
+Removes the deny assignment with the specified fully qualified ID.
+
+### Example 2: Remove a deny assignment by name and scope
+```powershell
+Remove-AzDenyAssignment -DenyAssignmentName "Block deletes" `
+ -Scope "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG" -Force
+```
+
+Removes the deny assignment named "Block deletes" at the specified resource group scope.
+
+### Example 3: Remove a deny assignment using pipeline
+```powershell
+Get-AzDenyAssignment -DenyAssignmentName "Block writes" -Scope "/subscriptions/00000000-0000-0000-0000-000000000000" | Remove-AzDenyAssignment -Force -PassThru
+```
+
+Gets and removes the specified deny assignment using the pipeline.
+
+## PARAMETERS
+
+### -DefaultProfile
+The credentials, account, tenant, and subscription used for communication with Azure.
+
+```yaml
+Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
+Parameter Sets: (All)
+Aliases: AzContext, AzureRmContext, AzureCredential
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -DenyAssignmentName
+The display name of the deny assignment to remove.
+
+```yaml
+Type: System.String
+Parameter Sets: DenyAssignmentNameAndScopeParameterSet
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -Force
+Do not ask for confirmation.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Id
+Fully qualified deny assignment ID including scope, or just the GUID. When provided as a GUID, the current subscription scope is used.
+
+```yaml
+Type: System.String
+Parameter Sets: DenyAssignmentIdParameterSet
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -InputObject
+Deny assignment object from Get-AzDenyAssignment.
+
+```yaml
+Type: Microsoft.Azure.Commands.Resources.Models.Authorization.PSDenyAssignment
+Parameter Sets: InputObjectParameterSet
+Aliases:
+
+Required: True
+Position: 0
+Default value: None
+Accept pipeline input: True (ByValue)
+Accept wildcard characters: False
+```
+
+### -PassThru
+If specified, returns the deleted deny assignment.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Scope
+Scope of the deny assignment. In the format of relative URI.
+
+```yaml
+Type: System.String
+Parameter Sets: DenyAssignmentIdParameterSet
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+```yaml
+Type: System.String
+Parameter Sets: DenyAssignmentNameAndScopeParameterSet
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
+### -Confirm
+Prompts you for confirmation before running the cmdlet.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases: cf
+
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -WhatIf
+Shows what would happen if the cmdlet runs. The cmdlet is not run.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases: wi
+
+Required: False
+Position: Named
+Default value: False
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### System.String
+
+### Microsoft.Azure.Commands.Resources.Models.Authorization.PSDenyAssignment
+
+## OUTPUTS
+
+### Microsoft.Azure.Commands.Resources.Models.Authorization.PSDenyAssignment
+When the -PassThru parameter is specified, returns the deleted deny assignment object. Otherwise, this cmdlet does not generate any output.
+
+## NOTES
+
+## RELATED LINKS
+
+[Get-AzDenyAssignment](./Get-AzDenyAssignment.md)
+
+[New-AzDenyAssignment](./New-AzDenyAssignment.md)