Network Security Perimeter Access Rules - Create Or Update

Service:: Network security perimeter

Version d'API:: 2025-03-01

Crée ou met à jour une règle d’accès au réseau.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkSecurityPerimeters/{networkSecurityPerimeterName}/profiles/{profileName}/accessRules/{accessRuleName}?api-version=2025-03-01

Paramètres URI

Nom	Dans	Obligatoire	Type	Description
accessRuleName	path	True	string maxLength: 80 pattern: (^[a-zA-Z0-9]+[a-zA-Z0-9_.-]*[a-zA-Z0-9_]+$)\|(^[a-zA-Z0-9]$)	Nom de la règle d’accès NSP.
networkSecurityPerimeterName	path	True	string maxLength: 80 pattern: (^[a-zA-Z0-9]+[a-zA-Z0-9_.-]*[a-zA-Z0-9_]+$)\|(^[a-zA-Z0-9]$)	Nom du périmètre de sécurité réseau.
profileName	path	True	string maxLength: 80 pattern: (^[a-zA-Z0-9]+[a-zA-Z0-9_.-]*[a-zA-Z0-9_]+$)\|(^[a-zA-Z0-9]$)	Nom du profil NSP.
resourceGroupName	path	True	string	Nom du groupe de ressources.
subscriptionId	path	True	string	Informations d’identification de l’abonnement qui identifient de manière unique l’abonnement Microsoft Azure. L’ID d’abonnement fait partie de l’URI de chaque appel de service.
api-version	query	True	string	Version de l’API client.

Corps de la demande

Nom	Type	Description
properties.addressPrefixes	string[]	Préfixes d’adresses entrantes (IPv4/IPv6)
properties.direction	AccessRuleDirection	Direction qui spécifie si les règles d’accès sont entrantes/sortantes.
properties.emailAddresses	string[]	Règles de trafic sortant au format d’adresse e-mail. Ce type de règle d’accès n’est actuellement pas disponible pour une utilisation.
properties.fullyQualifiedDomainNames	string[]	Règles de trafic sortant au format de nom de domaine complet.
properties.phoneNumbers	string[]	Règles de trafic sortant au format numéro de téléphone. Ce type de règle d’accès n’est actuellement pas disponible pour une utilisation.
properties.serviceTags	string[]	Règles de trafic entrant de type balise de service. Ce type de règle d’accès n’est actuellement pas disponible pour une utilisation.
properties.subscriptions	SubscriptionId[]	Liste des ID d’abonnement

Réponses

Nom	Type	Description
200 OK	NspAccessRule	Mise à jour : la règle d’accès existante est mise à jour. Renvoie la ressource.
201 Created	NspAccessRule	Create : renvoie la ressource NspAccessRule créée.
Other Status Codes	CloudError	Réponse d’erreur décrivant pourquoi l’opération a échoué.

Sécurité

azure_auth

Flux OAuth2 Azure Active Directory.

Type: oauth2
Flux: implicit
URL d’autorisation: https://login.microsoftonline.com/common/oauth2/authorize

Étendues

Nom	Description
user_impersonation	emprunter l’identité de votre compte d’utilisateur

Exemples

NspAccessRulePut

Exemple de requête

PUT https://management.azure.com/subscriptions/subId/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityPerimeters/nsp1/profiles/profile1/accessRules/accessRule1?api-version=2025-03-01

{
  "properties": {
    "direction": "Inbound",
    "addressPrefixes": [
      "10.11.0.0/16",
      "10.10.1.0/24"
    ]
  }
}


import com.azure.resourcemanager.network.fluent.models.NspAccessRuleInner;
import com.azure.resourcemanager.network.models.AccessRuleDirection;
import java.util.Arrays;

/**
 * Samples for NetworkSecurityPerimeterAccessRules CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/NspAccessRulePut.json
     */
    /**
     * Sample code: NspAccessRulePut.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void nspAccessRulePut(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.networks().manager().serviceClient().getNetworkSecurityPerimeterAccessRules().createOrUpdateWithResponse(
            "rg1", "nsp1", "profile1", "accessRule1",
            new NspAccessRuleInner().withDirection(AccessRuleDirection.INBOUND)
                .withAddressPrefixes(Arrays.asList("10.11.0.0/16", "10.10.1.0/24")),
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential

from azure.mgmt.network import NetworkManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-network
# USAGE
    python nsp_access_rule_put.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = NetworkManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="subId",
    )

    response = client.network_security_perimeter_access_rules.create_or_update(
        resource_group_name="rg1",
        network_security_perimeter_name="nsp1",
        profile_name="profile1",
        access_rule_name="accessRule1",
        parameters={"properties": {"addressPrefixes": ["10.11.0.0/16", "10.10.1.0/24"], "direction": "Inbound"}},
    )
    print(response)


# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/NspAccessRulePut.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armnetwork_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v8"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/b24c97bfc136b01dd46a1c8ddcecd0bb5a1ab152/specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/NspAccessRulePut.json
func ExampleSecurityPerimeterAccessRulesClient_CreateOrUpdate() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewSecurityPerimeterAccessRulesClient().CreateOrUpdate(ctx, "rg1", "nsp1", "profile1", "accessRule1", armnetwork.NspAccessRule{
		Properties: &armnetwork.NspAccessRuleProperties{
			AddressPrefixes: []*string{
				to.Ptr("10.11.0.0/16"),
				to.Ptr("10.10.1.0/24")},
			Direction: to.Ptr(armnetwork.AccessRuleDirectionInbound),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.NspAccessRule = armnetwork.NspAccessRule{
	// 	Name: to.Ptr("accessRule1"),
	// 	Type: to.Ptr("Microsoft.Network/networkSecurityPerimeters/profiles/accessRules"),
	// 	ID: to.Ptr("/subscriptions/subId/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityPerimeters/nsp1/profiles/profile1/accessRules/accessRule1"),
	// 	SystemData: &armnetwork.SecurityPerimeterSystemData{
	// 		CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2024-02-07T18:07:36.344Z"); return t}()),
	// 		CreatedBy: to.Ptr("user"),
	// 		CreatedByType: to.Ptr(armnetwork.CreatedByTypeUser),
	// 		LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2024-02-07T18:07:36.344Z"); return t}()),
	// 		LastModifiedBy: to.Ptr("user"),
	// 		LastModifiedByType: to.Ptr(armnetwork.CreatedByTypeUser),
	// 	},
	// 	Properties: &armnetwork.NspAccessRuleProperties{
	// 		AddressPrefixes: []*string{
	// 			to.Ptr("10.11.0.0/16"),
	// 			to.Ptr("10.10.1.0/24")},
	// 			Direction: to.Ptr(armnetwork.AccessRuleDirectionInbound),
	// 			EmailAddresses: []*string{
	// 			},
	// 			FullyQualifiedDomainNames: []*string{
	// 			},
	// 			NetworkSecurityPerimeters: []*armnetwork.PerimeterBasedAccessRule{
	// 			},
	// 			PhoneNumbers: []*string{
	// 			},
	// 			ProvisioningState: to.Ptr(armnetwork.NspProvisioningStateSucceeded),
	// 			ServiceTags: []*string{
	// 			},
	// 			Subscriptions: []*armnetwork.SubscriptionID{
	// 			},
	// 		},
	// 	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");

/**
 * This sample demonstrates how to Creates or updates a network access rule.
 *
 * @summary Creates or updates a network access rule.
 * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/NspAccessRulePut.json
 */
async function nspAccessRulePut() {
  const subscriptionId = process.env["NETWORK_SUBSCRIPTION_ID"] || "subId";
  const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
  const networkSecurityPerimeterName = "nsp1";
  const profileName = "profile1";
  const accessRuleName = "accessRule1";
  const parameters = {
    addressPrefixes: ["10.11.0.0/16", "10.10.1.0/24"],
    direction: "Inbound",
  };
  const credential = new DefaultAzureCredential();
  const client = new NetworkManagementClient(credential, subscriptionId);
  const result = await client.networkSecurityPerimeterAccessRules.createOrUpdate(
    resourceGroupName,
    networkSecurityPerimeterName,
    profileName,
    accessRuleName,
    parameters,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Network.Models;
using Azure.ResourceManager.Network;

// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2025-03-01/examples/NspAccessRulePut.json
// this example is just showing the usage of "NetworkSecurityPerimeterAccessRules_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this NetworkSecurityPerimeterAccessRuleResource created on azure
// for more information of creating NetworkSecurityPerimeterAccessRuleResource, please refer to the document of NetworkSecurityPerimeterAccessRuleResource
string subscriptionId = "subId";
string resourceGroupName = "rg1";
string networkSecurityPerimeterName = "nsp1";
string profileName = "profile1";
string accessRuleName = "accessRule1";
ResourceIdentifier networkSecurityPerimeterAccessRuleResourceId = NetworkSecurityPerimeterAccessRuleResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, networkSecurityPerimeterName, profileName, accessRuleName);
NetworkSecurityPerimeterAccessRuleResource networkSecurityPerimeterAccessRule = client.GetNetworkSecurityPerimeterAccessRuleResource(networkSecurityPerimeterAccessRuleResourceId);

// invoke the operation
NetworkSecurityPerimeterAccessRuleData data = new NetworkSecurityPerimeterAccessRuleData
{
    Direction = NetworkSecurityPerimeterAccessRuleDirection.Inbound,
    AddressPrefixes = { "10.11.0.0/16", "10.10.1.0/24" },
};
ArmOperation<NetworkSecurityPerimeterAccessRuleResource> lro = await networkSecurityPerimeterAccessRule.UpdateAsync(WaitUntil.Completed, data);
NetworkSecurityPerimeterAccessRuleResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
NetworkSecurityPerimeterAccessRuleData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Exemple de réponse

Code d’état:: 200

{
  "name": "accessRule1",
  "id": "/subscriptions/subId/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityPerimeters/nsp1/profiles/profile1/accessRules/accessRule1",
  "type": "Microsoft.Network/networkSecurityPerimeters/profiles/accessRules",
  "properties": {
    "provisioningState": "Succeeded",
    "direction": "Inbound",
    "addressPrefixes": [
      "10.11.0.0/16",
      "10.10.1.0/24"
    ],
    "fullyQualifiedDomainNames": [],
    "subscriptions": [],
    "networkSecurityPerimeters": [],
    "emailAddresses": [],
    "phoneNumbers": [],
    "serviceTags": []
  },
  "systemData": {
    "createdBy": "user",
    "createdByType": "User",
    "createdAt": "2024-02-07T18:07:36.3446713Z",
    "lastModifiedBy": "user",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2024-02-07T18:07:36.3446713Z"
  }
}

Code d’état:: 201

{
  "name": "accessRule1",
  "id": "/subscriptions/subId/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityPerimeters/nsp1/profiles/profile1/accessRules/accessRule1",
  "type": "Microsoft.Network/networkSecurityPerimeters/profiles/accessRules",
  "properties": {
    "provisioningState": "Succeeded",
    "direction": "Inbound",
    "addressPrefixes": [
      "10.11.0.0/16",
      "10.10.1.0/24"
    ],
    "fullyQualifiedDomainNames": [],
    "subscriptions": [],
    "networkSecurityPerimeters": [],
    "emailAddresses": [],
    "phoneNumbers": [],
    "serviceTags": []
  },
  "systemData": {
    "createdBy": "user",
    "createdByType": "User",
    "createdAt": "2024-02-07T18:07:36.3446713Z",
    "lastModifiedBy": "user",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2024-02-07T18:07:36.3446713Z"
  }
}

Définitions

Nom	Description
AccessRuleDirection	Direction qui spécifie si les règles d’accès sont entrantes/sortantes.
CloudError	Réponse d’erreur du service.
CloudErrorBody	Réponse d’erreur du service.
createdByType	Type d’identité qui a créé la ressource.
NspAccessRule	Ressource de règle d’accès NSP
nspProvisioningState	État de provisionnement de la ressource d’attribution d’étendue.
PerimeterBasedAccessRule
SubscriptionId
systemData	Métadonnées relatives à la création et à la dernière modification de la ressource.

AccessRuleDirection

Énumération

Direction qui spécifie si les règles d’accès sont entrantes/sortantes.

Valeur	Description
Inbound
Outbound

CloudError

Objet

Réponse d’erreur du service.

Nom	Type	Description
error	CloudErrorBody	Corps de l’erreur Cloud.

CloudErrorBody

Objet

Réponse d’erreur du service.

Nom	Type	Description
code	string	Identificateur de l’erreur. Les codes sont invariants et sont destinés à être consommés par programme.
details	CloudErrorBody[]	Une liste de détails supplémentaires sur l’erreur.
message	string	Message décrivant l’erreur, destiné à être adapté à l’affichage dans une interface utilisateur.
target	string	Cible de l’erreur particulière. Par exemple, le nom de la propriété en erreur.

createdByType

Énumération

Type d’identité qui a créé la ressource.

Valeur	Description
User
Application
ManagedIdentity
Key

NspAccessRule

Objet

Ressource de règle d’accès NSP

Nom	Type	Description
id	string (arm-id)	ID de ressource complet pour la ressource. Par exemple, « /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} »
name	string	Nom de la ressource
properties.addressPrefixes	string[]	Préfixes d’adresses entrantes (IPv4/IPv6)
properties.direction	AccessRuleDirection	Direction qui spécifie si les règles d’accès sont entrantes/sortantes.
properties.emailAddresses	string[]	Règles de trafic sortant au format d’adresse e-mail. Ce type de règle d’accès n’est actuellement pas disponible pour une utilisation.
properties.fullyQualifiedDomainNames	string[]	Règles de trafic sortant au format de nom de domaine complet.
properties.networkSecurityPerimeters	PerimeterBasedAccessRule[]	Règle spécifiée par l’identifiant du périmètre.
properties.phoneNumbers	string[]	Règles de trafic sortant au format numéro de téléphone. Ce type de règle d’accès n’est actuellement pas disponible pour une utilisation.
properties.provisioningState	nspProvisioningState	État de provisionnement de la ressource d’attribution d’étendue.
properties.serviceTags	string[]	Règles de trafic entrant de type balise de service. Ce type de règle d’accès n’est actuellement pas disponible pour une utilisation.
properties.subscriptions	SubscriptionId[]	Liste des ID d’abonnement
systemData	systemData	Métadonnées Azure Resource Manager contenant les informations createdBy et modifiedBy.
type	string	Type de la ressource. Par exemple, « Microsoft.Compute/virtualMachines » ou « Microsoft.Storage/storageAccounts »

nspProvisioningState

Énumération

État de provisionnement de la ressource d’attribution d’étendue.

Valeur	Description
Succeeded
Creating
Updating
Deleting
Accepted
Failed

PerimeterBasedAccessRule

Objet

Nom	Type	Description
id	string (arm-id)	Identifiant NSP au format ID ARM.
location	string	Emplacement du NSP fourni.
perimeterGuid	string	Guide de ressource du NSP fourni.

SubscriptionId

Objet

Nom	Type	Description
id	string (arm-id)	ID d’abonnement au format d’ID ARM.

systemData

Objet

Métadonnées relatives à la création et à la dernière modification de la ressource.

Nom	Type	Description
createdAt	string (date-time)	Horodatage de la création de ressources (UTC).
createdBy	string	Identité qui a créé la ressource.
createdByType	createdByType	Type d’identité qui a créé la ressource.
lastModifiedAt	string (date-time)	Horodatage de la dernière modification de ressource (UTC)
lastModifiedBy	string	Identité qui a modifié la ressource pour la dernière fois.
lastModifiedByType	createdByType	Type d’identité qui a modifié la ressource pour la dernière fois.