Assignment
Assigns a given Principal (User or Group) to a given Role.
Example Usage
Using A Built-In Role)
using Pulumi;
using Azure = Pulumi.Azure;
class MyStack : Stack
{
public MyStack()
{
var primary = Output.Create(Azure.Core.GetSubscription.InvokeAsync());
var exampleClientConfig = Output.Create(Azure.Core.GetClientConfig.InvokeAsync());
var exampleAssignment = new Azure.Authorization.Assignment("exampleAssignment", new Azure.Authorization.AssignmentArgs
{
Scope = primary.Apply(primary => primary.Id),
RoleDefinitionName = "Reader",
PrincipalId = exampleClientConfig.Apply(exampleClientConfig => exampleClientConfig.ObjectId),
});
}
}
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/core"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
primary, err := core.GetSubscription(ctx, nil, nil)
if err != nil {
return err
}
exampleClientConfig, err := core.GetClientConfig(ctx, nil, nil)
if err != nil {
return err
}
_, err = authorization.NewAssignment(ctx, "exampleAssignment", &authorization.AssignmentArgs{
Scope: pulumi.String(primary.Id),
RoleDefinitionName: pulumi.String("Reader"),
PrincipalId: pulumi.String(exampleClientConfig.ObjectId),
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_azure as azure
primary = azure.core.get_subscription()
example_client_config = azure.core.get_client_config()
example_assignment = azure.authorization.Assignment("exampleAssignment",
scope=primary.id,
role_definition_name="Reader",
principal_id=example_client_config.object_id)import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const primary = azure.core.getSubscription({});
const exampleClientConfig = azure.core.getClientConfig({});
const exampleAssignment = new azure.authorization.Assignment("exampleAssignment", {
scope: primary.then(primary => primary.id),
roleDefinitionName: "Reader",
principalId: exampleClientConfig.then(exampleClientConfig => exampleClientConfig.objectId),
});Custom Role & Service Principal)
using Pulumi;
using Azure = Pulumi.Azure;
class MyStack : Stack
{
public MyStack()
{
var primary = Output.Create(Azure.Core.GetSubscription.InvokeAsync());
var exampleClientConfig = Output.Create(Azure.Core.GetClientConfig.InvokeAsync());
var exampleRoleDefinition = new Azure.Authorization.RoleDefinition("exampleRoleDefinition", new Azure.Authorization.RoleDefinitionArgs
{
RoleDefinitionId = "00000000-0000-0000-0000-000000000000",
Scope = primary.Apply(primary => primary.Id),
Permissions =
{
new Azure.Authorization.Inputs.RoleDefinitionPermissionArgs
{
Actions =
{
"Microsoft.Resources/subscriptions/resourceGroups/read",
},
NotActions = {},
},
},
AssignableScopes =
{
primary.Apply(primary => primary.Id),
},
});
var exampleAssignment = new Azure.Authorization.Assignment("exampleAssignment", new Azure.Authorization.AssignmentArgs
{
Name = "00000000-0000-0000-0000-000000000000",
Scope = primary.Apply(primary => primary.Id),
RoleDefinitionId = exampleRoleDefinition.Id,
PrincipalId = exampleClientConfig.Apply(exampleClientConfig => exampleClientConfig.ObjectId),
});
}
}
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/core"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
primary, err := core.GetSubscription(ctx, nil, nil)
if err != nil {
return err
}
exampleClientConfig, err := core.GetClientConfig(ctx, nil, nil)
if err != nil {
return err
}
exampleRoleDefinition, err := authorization.NewRoleDefinition(ctx, "exampleRoleDefinition", &authorization.RoleDefinitionArgs{
RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
Scope: pulumi.String(primary.Id),
Permissions: authorization.RoleDefinitionPermissionArray{
&authorization.RoleDefinitionPermissionArgs{
Actions: pulumi.StringArray{
pulumi.String("Microsoft.Resources/subscriptions/resourceGroups/read"),
},
NotActions: []interface{}{},
},
},
AssignableScopes: pulumi.StringArray{
pulumi.String(primary.Id),
},
})
if err != nil {
return err
}
_, err = authorization.NewAssignment(ctx, "exampleAssignment", &authorization.AssignmentArgs{
Name: pulumi.String("00000000-0000-0000-0000-000000000000"),
Scope: pulumi.String(primary.Id),
RoleDefinitionId: exampleRoleDefinition.ID(),
PrincipalId: pulumi.String(exampleClientConfig.ObjectId),
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_azure as azure
primary = azure.core.get_subscription()
example_client_config = azure.core.get_client_config()
example_role_definition = azure.authorization.RoleDefinition("exampleRoleDefinition",
role_definition_id="00000000-0000-0000-0000-000000000000",
scope=primary.id,
permissions=[{
"actions": ["Microsoft.Resources/subscriptions/resourceGroups/read"],
"notActions": [],
}],
assignable_scopes=[primary.id])
example_assignment = azure.authorization.Assignment("exampleAssignment",
name="00000000-0000-0000-0000-000000000000",
scope=primary.id,
role_definition_id=example_role_definition.id,
principal_id=example_client_config.object_id)import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const primary = azure.core.getSubscription({});
const exampleClientConfig = azure.core.getClientConfig({});
const exampleRoleDefinition = new azure.authorization.RoleDefinition("exampleRoleDefinition", {
roleDefinitionId: "00000000-0000-0000-0000-000000000000",
scope: primary.then(primary => primary.id),
permissions: [{
actions: ["Microsoft.Resources/subscriptions/resourceGroups/read"],
notActions: [],
}],
assignableScopes: [primary.then(primary => primary.id)],
});
const exampleAssignment = new azure.authorization.Assignment("exampleAssignment", {
name: "00000000-0000-0000-0000-000000000000",
scope: primary.then(primary => primary.id),
roleDefinitionId: exampleRoleDefinition.id,
principalId: exampleClientConfig.then(exampleClientConfig => exampleClientConfig.objectId),
});Custom Role & User)
using Pulumi;
using Azure = Pulumi.Azure;
class MyStack : Stack
{
public MyStack()
{
var primary = Output.Create(Azure.Core.GetSubscription.InvokeAsync());
var exampleClientConfig = Output.Create(Azure.Core.GetClientConfig.InvokeAsync());
var exampleRoleDefinition = new Azure.Authorization.RoleDefinition("exampleRoleDefinition", new Azure.Authorization.RoleDefinitionArgs
{
RoleDefinitionId = "00000000-0000-0000-0000-000000000000",
Scope = primary.Apply(primary => primary.Id),
Permissions =
{
new Azure.Authorization.Inputs.RoleDefinitionPermissionArgs
{
Actions =
{
"Microsoft.Resources/subscriptions/resourceGroups/read",
},
NotActions = {},
},
},
AssignableScopes =
{
primary.Apply(primary => primary.Id),
},
});
var exampleAssignment = new Azure.Authorization.Assignment("exampleAssignment", new Azure.Authorization.AssignmentArgs
{
Name = "00000000-0000-0000-0000-000000000000",
Scope = primary.Apply(primary => primary.Id),
RoleDefinitionId = exampleRoleDefinition.Id,
PrincipalId = exampleClientConfig.Apply(exampleClientConfig => exampleClientConfig.ClientId),
});
}
}
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/core"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
primary, err := core.GetSubscription(ctx, nil, nil)
if err != nil {
return err
}
exampleClientConfig, err := core.GetClientConfig(ctx, nil, nil)
if err != nil {
return err
}
exampleRoleDefinition, err := authorization.NewRoleDefinition(ctx, "exampleRoleDefinition", &authorization.RoleDefinitionArgs{
RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
Scope: pulumi.String(primary.Id),
Permissions: authorization.RoleDefinitionPermissionArray{
&authorization.RoleDefinitionPermissionArgs{
Actions: pulumi.StringArray{
pulumi.String("Microsoft.Resources/subscriptions/resourceGroups/read"),
},
NotActions: []interface{}{},
},
},
AssignableScopes: pulumi.StringArray{
pulumi.String(primary.Id),
},
})
if err != nil {
return err
}
_, err = authorization.NewAssignment(ctx, "exampleAssignment", &authorization.AssignmentArgs{
Name: pulumi.String("00000000-0000-0000-0000-000000000000"),
Scope: pulumi.String(primary.Id),
RoleDefinitionId: exampleRoleDefinition.ID(),
PrincipalId: pulumi.String(exampleClientConfig.ClientId),
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_azure as azure
primary = azure.core.get_subscription()
example_client_config = azure.core.get_client_config()
example_role_definition = azure.authorization.RoleDefinition("exampleRoleDefinition",
role_definition_id="00000000-0000-0000-0000-000000000000",
scope=primary.id,
permissions=[{
"actions": ["Microsoft.Resources/subscriptions/resourceGroups/read"],
"notActions": [],
}],
assignable_scopes=[primary.id])
example_assignment = azure.authorization.Assignment("exampleAssignment",
name="00000000-0000-0000-0000-000000000000",
scope=primary.id,
role_definition_id=example_role_definition.id,
principal_id=example_client_config.client_id)import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const primary = azure.core.getSubscription({});
const exampleClientConfig = azure.core.getClientConfig({});
const exampleRoleDefinition = new azure.authorization.RoleDefinition("exampleRoleDefinition", {
roleDefinitionId: "00000000-0000-0000-0000-000000000000",
scope: primary.then(primary => primary.id),
permissions: [{
actions: ["Microsoft.Resources/subscriptions/resourceGroups/read"],
notActions: [],
}],
assignableScopes: [primary.then(primary => primary.id)],
});
const exampleAssignment = new azure.authorization.Assignment("exampleAssignment", {
name: "00000000-0000-0000-0000-000000000000",
scope: primary.then(primary => primary.id),
roleDefinitionId: exampleRoleDefinition.id,
principalId: exampleClientConfig.then(exampleClientConfig => exampleClientConfig.clientId),
});Custom Role & Management Group)
using Pulumi;
using Azure = Pulumi.Azure;
class MyStack : Stack
{
public MyStack()
{
var primary = Output.Create(Azure.Core.GetSubscription.InvokeAsync());
var exampleClientConfig = Output.Create(Azure.Core.GetClientConfig.InvokeAsync());
var exampleGroup = Output.Create(Azure.Management.GetGroup.InvokeAsync());
var exampleRoleDefinition = new Azure.Authorization.RoleDefinition("exampleRoleDefinition", new Azure.Authorization.RoleDefinitionArgs
{
RoleDefinitionId = "00000000-0000-0000-0000-000000000000",
Scope = primary.Apply(primary => primary.Id),
Permissions =
{
new Azure.Authorization.Inputs.RoleDefinitionPermissionArgs
{
Actions =
{
"Microsoft.Resources/subscriptions/resourceGroups/read",
},
NotActions = {},
},
},
AssignableScopes =
{
primary.Apply(primary => primary.Id),
},
});
var exampleAssignment = new Azure.Authorization.Assignment("exampleAssignment", new Azure.Authorization.AssignmentArgs
{
Name = "00000000-0000-0000-0000-000000000000",
Scope = data.Azurerm_management_group.Primary.Id,
RoleDefinitionId = exampleRoleDefinition.Id,
PrincipalId = exampleClientConfig.Apply(exampleClientConfig => exampleClientConfig.ClientId),
});
}
}
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/management"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
primary, err := core.GetSubscription(ctx, nil, nil)
if err != nil {
return err
}
exampleClientConfig, err := core.GetClientConfig(ctx, nil, nil)
if err != nil {
return err
}
_, err := management.LookupGroup(ctx, nil, nil)
if err != nil {
return err
}
exampleRoleDefinition, err := authorization.NewRoleDefinition(ctx, "exampleRoleDefinition", &authorization.RoleDefinitionArgs{
RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
Scope: pulumi.String(primary.Id),
Permissions: authorization.RoleDefinitionPermissionArray{
&authorization.RoleDefinitionPermissionArgs{
Actions: pulumi.StringArray{
pulumi.String("Microsoft.Resources/subscriptions/resourceGroups/read"),
},
NotActions: []interface{}{},
},
},
AssignableScopes: pulumi.StringArray{
pulumi.String(primary.Id),
},
})
if err != nil {
return err
}
_, err = authorization.NewAssignment(ctx, "exampleAssignment", &authorization.AssignmentArgs{
Name: pulumi.String("00000000-0000-0000-0000-000000000000"),
Scope: pulumi.String(data.Azurerm_management_group.Primary.Id),
RoleDefinitionId: exampleRoleDefinition.ID(),
PrincipalId: pulumi.String(exampleClientConfig.ClientId),
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_azure as azure
primary = azure.core.get_subscription()
example_client_config = azure.core.get_client_config()
example_group = azure.management.get_group()
example_role_definition = azure.authorization.RoleDefinition("exampleRoleDefinition",
role_definition_id="00000000-0000-0000-0000-000000000000",
scope=primary.id,
permissions=[{
"actions": ["Microsoft.Resources/subscriptions/resourceGroups/read"],
"notActions": [],
}],
assignable_scopes=[primary.id])
example_assignment = azure.authorization.Assignment("exampleAssignment",
name="00000000-0000-0000-0000-000000000000",
scope=data["azurerm_management_group"]["primary"]["id"],
role_definition_id=example_role_definition.id,
principal_id=example_client_config.client_id)import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const primary = azure.core.getSubscription({});
const exampleClientConfig = azure.core.getClientConfig({});
const exampleGroup = azure.management.getGroup({});
const exampleRoleDefinition = new azure.authorization.RoleDefinition("exampleRoleDefinition", {
roleDefinitionId: "00000000-0000-0000-0000-000000000000",
scope: primary.then(primary => primary.id),
permissions: [{
actions: ["Microsoft.Resources/subscriptions/resourceGroups/read"],
notActions: [],
}],
assignableScopes: [primary.then(primary => primary.id)],
});
const exampleAssignment = new azure.authorization.Assignment("exampleAssignment", {
name: "00000000-0000-0000-0000-000000000000",
scope: data.azurerm_management_group.primary.id,
roleDefinitionId: exampleRoleDefinition.id,
principalId: exampleClientConfig.then(exampleClientConfig => exampleClientConfig.clientId),
});Create a Assignment Resource
new Assignment(name: string, args: AssignmentArgs, opts?: CustomResourceOptions);def Assignment(resource_name, opts=None, name=None, principal_id=None, role_definition_id=None, role_definition_name=None, scope=None, skip_service_principal_aad_check=None, __props__=None);func NewAssignment(ctx *Context, name string, args AssignmentArgs, opts ...ResourceOption) (*Assignment, error)public Assignment(string name, AssignmentArgs args, CustomResourceOptions? opts = null)- name string
- The unique name of the resource.
- args AssignmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- opts ResourceOptions
- A bag of options that control this resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AssignmentArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AssignmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
Assignment Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.
Inputs
The Assignment resource accepts the following input properties:
- Principal
Id string The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
- Scope string
The scope at which the Role Assignment applies to, such as
/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333,/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM, or/providers/Microsoft.Management/managementGroups/myMG. Changing this forces a new resource to be created.- Name string
A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
- Role
Definition stringId The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with
role_definition_name.- Role
Definition stringName The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with
role_definition_id.- Skip
Service boolPrincipal Aad Check If the
principal_idis a newly provisionedService Principalset this value totrueto skip theAzure Active Directorycheck which may fail due to replication lag. This argument is only valid if theprincipal_idis aService Principalidentity. If it is not aService Principalidentity it will cause the role assignment to fail. Defaults tofalse.
- Principal
Id string The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
- Scope string
The scope at which the Role Assignment applies to, such as
/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333,/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM, or/providers/Microsoft.Management/managementGroups/myMG. Changing this forces a new resource to be created.- Name string
A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
- Role
Definition stringId The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with
role_definition_name.- Role
Definition stringName The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with
role_definition_id.- Skip
Service boolPrincipal Aad Check If the
principal_idis a newly provisionedService Principalset this value totrueto skip theAzure Active Directorycheck which may fail due to replication lag. This argument is only valid if theprincipal_idis aService Principalidentity. If it is not aService Principalidentity it will cause the role assignment to fail. Defaults tofalse.
- principal
Id string The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
- scope string
The scope at which the Role Assignment applies to, such as
/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333,/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM, or/providers/Microsoft.Management/managementGroups/myMG. Changing this forces a new resource to be created.- name string
A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
- role
Definition stringId The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with
role_definition_name.- role
Definition stringName The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with
role_definition_id.- skip
Service booleanPrincipal Aad Check If the
principal_idis a newly provisionedService Principalset this value totrueto skip theAzure Active Directorycheck which may fail due to replication lag. This argument is only valid if theprincipal_idis aService Principalidentity. If it is not aService Principalidentity it will cause the role assignment to fail. Defaults tofalse.
- principal_
id str The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
- scope str
The scope at which the Role Assignment applies to, such as
/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333,/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM, or/providers/Microsoft.Management/managementGroups/myMG. Changing this forces a new resource to be created.- name str
A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
- role_
definition_ strid The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with
role_definition_name.- role_
definition_ strname The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with
role_definition_id.- skip_
service_ boolprincipal_ aad_ check If the
principal_idis a newly provisionedService Principalset this value totrueto skip theAzure Active Directorycheck which may fail due to replication lag. This argument is only valid if theprincipal_idis aService Principalidentity. If it is not aService Principalidentity it will cause the role assignment to fail. Defaults tofalse.
Outputs
All input properties are implicitly available as output properties. Additionally, the Assignment resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Principal
Type string The type of the
principal_id, e.g. User, Group, Service Principal, Application, etc.
- Id string
- The provider-assigned unique ID for this managed resource.
- Principal
Type string The type of the
principal_id, e.g. User, Group, Service Principal, Application, etc.
- id string
- The provider-assigned unique ID for this managed resource.
- principal
Type string The type of the
principal_id, e.g. User, Group, Service Principal, Application, etc.
- id str
- The provider-assigned unique ID for this managed resource.
- principal_
type str The type of the
principal_id, e.g. User, Group, Service Principal, Application, etc.
Look up an Existing Assignment Resource
Get an existing Assignment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AssignmentState, opts?: CustomResourceOptions): Assignmentstatic get(resource_name, id, opts=None, name=None, principal_id=None, principal_type=None, role_definition_id=None, role_definition_name=None, scope=None, skip_service_principal_aad_check=None, __props__=None);func GetAssignment(ctx *Context, name string, id IDInput, state *AssignmentState, opts ...ResourceOption) (*Assignment, error)public static Assignment Get(string name, Input<string> id, AssignmentState? state, CustomResourceOptions? opts = null)- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Name string
A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
- Principal
Id string The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
- Principal
Type string The type of the
principal_id, e.g. User, Group, Service Principal, Application, etc.- Role
Definition stringId The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with
role_definition_name.- Role
Definition stringName The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with
role_definition_id.- Scope string
The scope at which the Role Assignment applies to, such as
/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333,/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM, or/providers/Microsoft.Management/managementGroups/myMG. Changing this forces a new resource to be created.- Skip
Service boolPrincipal Aad Check If the
principal_idis a newly provisionedService Principalset this value totrueto skip theAzure Active Directorycheck which may fail due to replication lag. This argument is only valid if theprincipal_idis aService Principalidentity. If it is not aService Principalidentity it will cause the role assignment to fail. Defaults tofalse.
- Name string
A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
- Principal
Id string The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
- Principal
Type string The type of the
principal_id, e.g. User, Group, Service Principal, Application, etc.- Role
Definition stringId The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with
role_definition_name.- Role
Definition stringName The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with
role_definition_id.- Scope string
The scope at which the Role Assignment applies to, such as
/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333,/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM, or/providers/Microsoft.Management/managementGroups/myMG. Changing this forces a new resource to be created.- Skip
Service boolPrincipal Aad Check If the
principal_idis a newly provisionedService Principalset this value totrueto skip theAzure Active Directorycheck which may fail due to replication lag. This argument is only valid if theprincipal_idis aService Principalidentity. If it is not aService Principalidentity it will cause the role assignment to fail. Defaults tofalse.
- name string
A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
- principal
Id string The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
- principal
Type string The type of the
principal_id, e.g. User, Group, Service Principal, Application, etc.- role
Definition stringId The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with
role_definition_name.- role
Definition stringName The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with
role_definition_id.- scope string
The scope at which the Role Assignment applies to, such as
/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333,/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM, or/providers/Microsoft.Management/managementGroups/myMG. Changing this forces a new resource to be created.- skip
Service booleanPrincipal Aad Check If the
principal_idis a newly provisionedService Principalset this value totrueto skip theAzure Active Directorycheck which may fail due to replication lag. This argument is only valid if theprincipal_idis aService Principalidentity. If it is not aService Principalidentity it will cause the role assignment to fail. Defaults tofalse.
- name str
A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
- principal_
id str The ID of the Principal (User, Group or Service Principal) to assign the Role Definition to. Changing this forces a new resource to be created.
- principal_
type str The type of the
principal_id, e.g. User, Group, Service Principal, Application, etc.- role_
definition_ strid The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with
role_definition_name.- role_
definition_ strname The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with
role_definition_id.- scope str
The scope at which the Role Assignment applies to, such as
/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333,/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM, or/providers/Microsoft.Management/managementGroups/myMG. Changing this forces a new resource to be created.- skip_
service_ boolprincipal_ aad_ check If the
principal_idis a newly provisionedService Principalset this value totrueto skip theAzure Active Directorycheck which may fail due to replication lag. This argument is only valid if theprincipal_idis aService Principalidentity. If it is not aService Principalidentity it will cause the role assignment to fail. Defaults tofalse.
Package Details
- Repository
- https://github.com/pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.