New command: Assign role with administrative unit scope. Closes #5671

.eslintrc.cjs

@@ -13,6 +13,7 @@ const dictionary = [
   'approve',
   'assessment',
   'assets',
+  'assignment',
   'audit',
   'bin',
   'builder',

docs/docs/cmd/aad/administrativeunit/administrativeunit-roleassignment-add.mdx

@@ -0,0 +1,116 @@
+import Global from '/docs/cmd/_global.mdx';
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+# aad administrativeunit roleassignment add
+
+Assigns a Microsoft Entra role with administrative unit scope to a user
+
+## Usage
+
+```sh
+m365 aad administrativeunit roleassignment add
+```
+
+## Options
+
+```md definition-list
+`-i, --administrativeUnitId [administrativeUnitId]`
+: The id of the administrative unit. Specify either `administrativeUnitId` or `administrativeUnitName`.
+
+`-n, --administrativeUnitName [administrativeUnitName]`
+: The name of the administrative unit. Specify either `administrativeUnitId` or `administrativeUnitName`.
+
+`--roleDefinitionId [roleDefinitionId]`
+: The id of the role definition that the member is in. Specify either `roleDefinitionId` or `roleDefinitionName`.
+
+`--roleDefinitionName [roleDefinitionName]`
+: The name of the role definition that the member is in. Specify either `roleDefinitionId` or `roleDefinitionName`.
+
+`--userId [userId]`
+: The id of the user that is a member of the scoped-role. Specify either `userId` or `userName`.
+
+`--userName [userName]`
+: The name of the user that is a member of the scoped-role. Specify either `userId` or `userName`.
+```
+
+<Global />
+
+## Remarks
+
+:::info
+
+To use this command you must be either **Global Administrator** or **Privileged Role Administrator**.
+
+:::
+
+## Examples
+
+Assign a role definition specified by id to a user specified by id for an administrative unit specified by id
+
+```sh
+m365 aad administrativeunit roleassignment add --administrativeUnitId 81bb36e4-f4c6-4984-8e56-d4f8feae9e09 --roleDefinitionId 4d6ac14f-3453-41d0-bef9-a3e0c569773a --userId 5f91f951-7305-4a27-9b63-7b00906de09f
+```
+
+Assign a role definition specified by name to a user specified by name for an administrative unit specified by name
+
+```sh
+m365 aad administrativeunit roleassignment add --administrativeUnitName 'Marketing Division' --roleDefinitionName 'License Administrator' --userName '[email protected]'
+```
+
+## Response
+
+<Tabs>
+  <TabItem value="JSON">
+
+  ```json
+  {
+    "id": "5wuT_mJe20eRr5jDpJo4sVH5kV8FcydKm2N7AJBt4J_kNruBxvSESY5W1Pj-rp4J-2",
+    "principalId": "5f91f951-7305-4a27-9b63-7b00906de09f",
+    "directoryScopeId": "/administrativeUnits/81bb36e4-f4c6-4984-8e56-d4f8feae9e09",
+    "roleDefinitionId": "4d6ac14f-3453-41d0-bef9-a3e0c569773a"
+  }
+  ```
+
+  </TabItem>
+  <TabItem value="Text">
+
+  ```text
+  directoryScopeId: /administrativeUnits/81bb36e4-f4c6-4984-8e56-d4f8feae9e09
+  id              : 4yeYchSc90m7G5YI8Va7uFH5kV8FcydKm2N7AJBt4J_kNruBxvSESY5W1Pj-rp4J-2
+  principalId     : 5f91f951-7305-4a27-9b63-7b00906de09f
+  roleDefinitionId: 4d6ac14f-3453-41d0-bef9-a3e0c569773a
+  ```
+
+  </TabItem>
+  <TabItem value="CSV">
+
+  ```csv
+  id,principalId,directoryScopeId,roleDefinitionId
+  UB-K8uf2cUWBi2oS8q9rbFH5kV8FcydKm2N7AJBt4J_kNruBxvSESY5W1Pj-rp4J-2,5f91f951-7305-4a27-9b63-7b00906de09f,/administrativeUnits/81bb36e4-f4c6-4984-8e56-d4f8feae9e09,4d6ac14f-3453-41d0-bef9-a3e0c569773a
+  ```
+
+  </TabItem>
+  <TabItem value="Markdown">
+
+  ```md
+  # aad administrativeunit roleassignment add --administrativeUnitId "81bb36e4-f4c6-4984-8e56-d4f8feae9e09" --roleDefinitionId "4d6ac14f-3453-41d0-bef9-a3e0c569773a" --userId "5f91f951-7305-4a27-9b63-7b00906de09f"
+
+  Date: 11/16/2023
+
+  ## T8FqTVM00EG--aPgxWl3OlH5kV8FcydKm2N7AJBt4J_kNruBxvSESY5W1Pj-rp4J-2
+
+  Property | Value
+  ---------|-------
+  id | T8FqTVM00EG--aPgxWl3OlH5kV8FcydKm2N7AJBt4J\_kNruBxvSESY5W1Pj-rp4J-2
+  principalId | 5f91f951-7305-4a27-9b63-7b00906de09f
+  directoryScopeId | /administrativeUnits/81bb36e4-f4c6-4984-8e56-d4f8feae9e09
+  roleDefinitionId | 4d6ac14f-3453-41d0-bef9-a3e0c569773a
+  ```
+
+  </TabItem>
+</Tabs>
+
+## More information
+
+- Roles with administrative unit scope: https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/admin-units-assign-roles#roles-that-can-be-assigned-with-administrative-unit-scope

docs/src/config/sidebars.ts

@@ -51,6 +51,11 @@ const sidebars: SidebarsConfig = {
               type: 'doc',
               label: 'administrativeunit member list',
               id: 'cmd/aad/administrativeunit/administrativeunit-member-list'
+            },
+            {
+              type: 'doc',
+              label: 'administrativeunit roleassignment add',
+              id: 'cmd/aad/administrativeunit/administrativeunit-roleassignment-add'
             }
           ]
         },

src/m365/aad/commands.ts

@@ -6,6 +6,7 @@ export default {
   ADMINISTRATIVEUNIT_LIST: `${prefix} administrativeunit list`,
   ADMINISTRATIVEUNIT_REMOVE: `${prefix} administrativeunit remove`,
   ADMINISTRATIVEUNIT_MEMBER_LIST: `${prefix} administrativeunit member list`,
+  ADMINISTRATIVEUNIT_ROLEASSIGNMENT_ADD: `${prefix} administrativeunit roleassignment add`,
   APP_ADD: `${prefix} app add`,
   APP_GET: `${prefix} app get`,
   APP_LIST: `${prefix} app list`,