Docs Home
Alibaba Cloud v3.83.0 published on Monday, Jul 21, 2025 by Pulumi
alicloud.cloudsso.AccessManagement
Explore with Pulumi AI
Provides a Cloud SSO Access Assignment resource.
For information about Cloud SSO Access Assignment and how to use it, see What is Access Assignment.
NOTE: When you configure access assignment for the first time, access configuration will be automatically deployed.
NOTE: Available since v1.145.0.
NOTE: Cloud SSO Only Support
cn-shanghaiAndus-west-1Region
Create AccessManagement Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AccessManagement(name: string, args: AccessManagementArgs, opts?: CustomResourceOptions);@overload
def AccessManagement(resource_name: str,
args: AccessManagementArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AccessManagement(resource_name: str,
opts: Optional[ResourceOptions] = None,
access_configuration_id: Optional[str] = None,
directory_id: Optional[str] = None,
principal_id: Optional[str] = None,
principal_type: Optional[str] = None,
target_id: Optional[str] = None,
target_type: Optional[str] = None,
deprovision_strategy: Optional[str] = None)func NewAccessManagement(ctx *Context, name string, args AccessManagementArgs, opts ...ResourceOption) (*AccessManagement, error)public AccessManagement(string name, AccessManagementArgs args, CustomResourceOptions? opts = null)
public AccessManagement(String name, AccessManagementArgs args)
public AccessManagement(String name, AccessManagementArgs args, CustomResourceOptions options)
type: alicloud:cloudsso:AccessManagement
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AccessManagementArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AccessManagementArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccessManagementArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessManagementArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AccessManagementArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var accessManagementResource = new AliCloud.CloudSso.AccessManagement("accessManagementResource", new()
{
AccessConfigurationId = "string",
DirectoryId = "string",
PrincipalId = "string",
PrincipalType = "string",
TargetId = "string",
TargetType = "string",
DeprovisionStrategy = "string",
});
example, err := cloudsso.NewAccessManagement(ctx, "accessManagementResource", &cloudsso.AccessManagementArgs{
AccessConfigurationId: pulumi.String("string"),
DirectoryId: pulumi.String("string"),
PrincipalId: pulumi.String("string"),
PrincipalType: pulumi.String("string"),
TargetId: pulumi.String("string"),
TargetType: pulumi.String("string"),
DeprovisionStrategy: pulumi.String("string"),
})
var accessManagementResource = new AccessManagement("accessManagementResource", AccessManagementArgs.builder()
.accessConfigurationId("string")
.directoryId("string")
.principalId("string")
.principalType("string")
.targetId("string")
.targetType("string")
.deprovisionStrategy("string")
.build());
access_management_resource = alicloud.cloudsso.AccessManagement("accessManagementResource",
access_configuration_id="string",
directory_id="string",
principal_id="string",
principal_type="string",
target_id="string",
target_type="string",
deprovision_strategy="string")
const accessManagementResource = new alicloud.cloudsso.AccessManagement("accessManagementResource", {
accessConfigurationId: "string",
directoryId: "string",
principalId: "string",
principalType: "string",
targetId: "string",
targetType: "string",
deprovisionStrategy: "string",
});
type: alicloud:cloudsso:AccessManagement
properties:
accessConfigurationId: string
deprovisionStrategy: string
directoryId: string
principalId: string
principalType: string
targetId: string
targetType: string
AccessManagement Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AccessManagement resource accepts the following input properties:
- Access
Configuration stringId - The ID of the access configuration.
- Directory
Id string - The ID of the Directory.
- Principal
Id string - The ID of the CloudSSO identity.
- Principal
Type string - The type of the CloudSSO identity. Valid values:
User,Group. - Target
Id string - The ID of the task object.
- Target
Type string - The type of the task object. Valid values:
RD-Account. - Deprovision
Strategy string - Specifies whether to de-provision the access configuration when you remove the access permissions from the CloudSSO identity. Valid values:
DeprovisionForLastAccessAssignmentOnAccountandNone. Default Value:DeprovisionForLastAccessAssignmentOnAccount. NOTE: Whendeprovision_strategyisDeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation.
- Access
Configuration stringId - The ID of the access configuration.
- Directory
Id string - The ID of the Directory.
- Principal
Id string - The ID of the CloudSSO identity.
- Principal
Type string - The type of the CloudSSO identity. Valid values:
User,Group. - Target
Id string - The ID of the task object.
- Target
Type string - The type of the task object. Valid values:
RD-Account. - Deprovision
Strategy string - Specifies whether to de-provision the access configuration when you remove the access permissions from the CloudSSO identity. Valid values:
DeprovisionForLastAccessAssignmentOnAccountandNone. Default Value:DeprovisionForLastAccessAssignmentOnAccount. NOTE: Whendeprovision_strategyisDeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation.
- access
Configuration StringId - The ID of the access configuration.
- directory
Id String - The ID of the Directory.
- principal
Id String - The ID of the CloudSSO identity.
- principal
Type String - The type of the CloudSSO identity. Valid values:
User,Group. - target
Id String - The ID of the task object.
- target
Type String - The type of the task object. Valid values:
RD-Account. - deprovision
Strategy String - Specifies whether to de-provision the access configuration when you remove the access permissions from the CloudSSO identity. Valid values:
DeprovisionForLastAccessAssignmentOnAccountandNone. Default Value:DeprovisionForLastAccessAssignmentOnAccount. NOTE: Whendeprovision_strategyisDeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation.
- access
Configuration stringId - The ID of the access configuration.
- directory
Id string - The ID of the Directory.
- principal
Id string - The ID of the CloudSSO identity.
- principal
Type string - The type of the CloudSSO identity. Valid values:
User,Group. - target
Id string - The ID of the task object.
- target
Type string - The type of the task object. Valid values:
RD-Account. - deprovision
Strategy string - Specifies whether to de-provision the access configuration when you remove the access permissions from the CloudSSO identity. Valid values:
DeprovisionForLastAccessAssignmentOnAccountandNone. Default Value:DeprovisionForLastAccessAssignmentOnAccount. NOTE: Whendeprovision_strategyisDeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation.
- access_
configuration_ strid - The ID of the access configuration.
- directory_
id str - The ID of the Directory.
- principal_
id str - The ID of the CloudSSO identity.
- principal_
type str - The type of the CloudSSO identity. Valid values:
User,Group. - target_
id str - The ID of the task object.
- target_
type str - The type of the task object. Valid values:
RD-Account. - deprovision_
strategy str - Specifies whether to de-provision the access configuration when you remove the access permissions from the CloudSSO identity. Valid values:
DeprovisionForLastAccessAssignmentOnAccountandNone. Default Value:DeprovisionForLastAccessAssignmentOnAccount. NOTE: Whendeprovision_strategyisDeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation.
- access
Configuration StringId - The ID of the access configuration.
- directory
Id String - The ID of the Directory.
- principal
Id String - The ID of the CloudSSO identity.
- principal
Type String - The type of the CloudSSO identity. Valid values:
User,Group. - target
Id String - The ID of the task object.
- target
Type String - The type of the task object. Valid values:
RD-Account. - deprovision
Strategy String - Specifies whether to de-provision the access configuration when you remove the access permissions from the CloudSSO identity. Valid values:
DeprovisionForLastAccessAssignmentOnAccountandNone. Default Value:DeprovisionForLastAccessAssignmentOnAccount. NOTE: Whendeprovision_strategyisDeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation.
Outputs
All input properties are implicitly available as output properties. Additionally, the AccessManagement resource produces the following output properties:
- Create
Time string - (Available since v1.254.0) The time when the access permissions were assigned.
- Id string
- The provider-assigned unique ID for this managed resource.
- Create
Time string - (Available since v1.254.0) The time when the access permissions were assigned.
- Id string
- The provider-assigned unique ID for this managed resource.
- create
Time String - (Available since v1.254.0) The time when the access permissions were assigned.
- id String
- The provider-assigned unique ID for this managed resource.
- create
Time string - (Available since v1.254.0) The time when the access permissions were assigned.
- id string
- The provider-assigned unique ID for this managed resource.
- create_
time str - (Available since v1.254.0) The time when the access permissions were assigned.
- id str
- The provider-assigned unique ID for this managed resource.
- create
Time String - (Available since v1.254.0) The time when the access permissions were assigned.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing AccessManagement Resource
Get an existing AccessManagement resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AccessManagementState, opts?: CustomResourceOptions): AccessManagement@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_configuration_id: Optional[str] = None,
create_time: Optional[str] = None,
deprovision_strategy: Optional[str] = None,
directory_id: Optional[str] = None,
principal_id: Optional[str] = None,
principal_type: Optional[str] = None,
target_id: Optional[str] = None,
target_type: Optional[str] = None) -> AccessManagementfunc GetAccessManagement(ctx *Context, name string, id IDInput, state *AccessManagementState, opts ...ResourceOption) (*AccessManagement, error)public static AccessManagement Get(string name, Input<string> id, AccessManagementState? state, CustomResourceOptions? opts = null)public static AccessManagement get(String name, Output<String> id, AccessManagementState state, CustomResourceOptions options)resources: _: type: alicloud:cloudsso:AccessManagement get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Configuration stringId - The ID of the access configuration.
- Create
Time string - (Available since v1.254.0) The time when the access permissions were assigned.
- Deprovision
Strategy string - Specifies whether to de-provision the access configuration when you remove the access permissions from the CloudSSO identity. Valid values:
DeprovisionForLastAccessAssignmentOnAccountandNone. Default Value:DeprovisionForLastAccessAssignmentOnAccount. NOTE: Whendeprovision_strategyisDeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation. - Directory
Id string - The ID of the Directory.
- Principal
Id string - The ID of the CloudSSO identity.
- Principal
Type string - The type of the CloudSSO identity. Valid values:
User,Group. - Target
Id string - The ID of the task object.
- Target
Type string - The type of the task object. Valid values:
RD-Account.
- Access
Configuration stringId - The ID of the access configuration.
- Create
Time string - (Available since v1.254.0) The time when the access permissions were assigned.
- Deprovision
Strategy string - Specifies whether to de-provision the access configuration when you remove the access permissions from the CloudSSO identity. Valid values:
DeprovisionForLastAccessAssignmentOnAccountandNone. Default Value:DeprovisionForLastAccessAssignmentOnAccount. NOTE: Whendeprovision_strategyisDeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation. - Directory
Id string - The ID of the Directory.
- Principal
Id string - The ID of the CloudSSO identity.
- Principal
Type string - The type of the CloudSSO identity. Valid values:
User,Group. - Target
Id string - The ID of the task object.
- Target
Type string - The type of the task object. Valid values:
RD-Account.
- access
Configuration StringId - The ID of the access configuration.
- create
Time String - (Available since v1.254.0) The time when the access permissions were assigned.
- deprovision
Strategy String - Specifies whether to de-provision the access configuration when you remove the access permissions from the CloudSSO identity. Valid values:
DeprovisionForLastAccessAssignmentOnAccountandNone. Default Value:DeprovisionForLastAccessAssignmentOnAccount. NOTE: Whendeprovision_strategyisDeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation. - directory
Id String - The ID of the Directory.
- principal
Id String - The ID of the CloudSSO identity.
- principal
Type String - The type of the CloudSSO identity. Valid values:
User,Group. - target
Id String - The ID of the task object.
- target
Type String - The type of the task object. Valid values:
RD-Account.
- access
Configuration stringId - The ID of the access configuration.
- create
Time string - (Available since v1.254.0) The time when the access permissions were assigned.
- deprovision
Strategy string - Specifies whether to de-provision the access configuration when you remove the access permissions from the CloudSSO identity. Valid values:
DeprovisionForLastAccessAssignmentOnAccountandNone. Default Value:DeprovisionForLastAccessAssignmentOnAccount. NOTE: Whendeprovision_strategyisDeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation. - directory
Id string - The ID of the Directory.
- principal
Id string - The ID of the CloudSSO identity.
- principal
Type string - The type of the CloudSSO identity. Valid values:
User,Group. - target
Id string - The ID of the task object.
- target
Type string - The type of the task object. Valid values:
RD-Account.
- access_
configuration_ strid - The ID of the access configuration.
- create_
time str - (Available since v1.254.0) The time when the access permissions were assigned.
- deprovision_
strategy str - Specifies whether to de-provision the access configuration when you remove the access permissions from the CloudSSO identity. Valid values:
DeprovisionForLastAccessAssignmentOnAccountandNone. Default Value:DeprovisionForLastAccessAssignmentOnAccount. NOTE: Whendeprovision_strategyisDeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation. - directory_
id str - The ID of the Directory.
- principal_
id str - The ID of the CloudSSO identity.
- principal_
type str - The type of the CloudSSO identity. Valid values:
User,Group. - target_
id str - The ID of the task object.
- target_
type str - The type of the task object. Valid values:
RD-Account.
- access
Configuration StringId - The ID of the access configuration.
- create
Time String - (Available since v1.254.0) The time when the access permissions were assigned.
- deprovision
Strategy String - Specifies whether to de-provision the access configuration when you remove the access permissions from the CloudSSO identity. Valid values:
DeprovisionForLastAccessAssignmentOnAccountandNone. Default Value:DeprovisionForLastAccessAssignmentOnAccount. NOTE: Whendeprovision_strategyisDeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation. - directory
Id String - The ID of the Directory.
- principal
Id String - The ID of the CloudSSO identity.
- principal
Type String - The type of the CloudSSO identity. Valid values:
User,Group. - target
Id String - The ID of the task object.
- target
Type String - The type of the task object. Valid values:
RD-Account.
Import
Cloud SSO Access Assignment can be imported using the id, e.g.
$ pulumi import alicloud:cloudsso/accessManagement:AccessManagement example <directory_id>:<access_configuration_id>:<target_type>:<target_id>:<principal_type>:<principal_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Alibaba Cloud pulumi/pulumi-alicloud
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
alicloudTerraform Provider.