How to set Azure resource group access policy?
C#To manage access policies for an Azure Resource Group, you can use two resources:
azure.core.ResourceGroupto create the resource group, andazure-native.authorization.roledefinitionsto create the roles, andazure-native.authorization.roleassignmentsto assign roles.Let's see how you would create a resource group and assign a Contributor role for a user to this Resource Group:
First, import the necessary packages:
using Pulumi; using Pulumi.Azure.Core; using Pulumi.AzureNative.Resources; using Pulumi.AzureNative.Authorization; using Pulumi.AzureNative.Authorization.Inputs;Next, within your main function, define your resource group and role assignment:
class Program { static Task<int> Main() => Deployment.RunAsync<MyStack>(); } class MyStack : Stack { public MyStack() { var resourceGroup = new ResourceGroup("resourceGroup"); var contributorRoleDefinition = Output.Create(GetRoleDefinition.InvokeAsync( new GetRoleDefinitionArgs { RoleName = "Contributor" })); new RoleAssignment("role-assignment", new RoleAssignmentArgs { Scope = resourceGroup.Id, RoleDefinitionId = contributorRoleDefinition.Apply(x => x.Id), PrincipalId = "<principal-id>" /* Substitute with the user's principal ID */ }); } }Remember to replace
<principal-id>with the ID (known asobjectId) of the user or service principal that you want to assign the "Contributor" role to. You can get the ID of a user or service principal using the Azure AD PowerShell Module or the Azure portal.This generates a random Resource Group and grants
Contributoraccess to the specified user on all resources within the Resource Group. The Resource Group is your basic building block and all resources must reside within a Resource Group.Here is more information on how to work with Azure AD Roles and role assignments and Pulumi's Azure-Native Authorization resources.