Alibaba Cloud v3.76.0, Apr 8 25

Alibaba Cloud v3.76.0 published on Tuesday, Apr 8, 2025 by Pulumi

alicloud.cloudsso.AccessManagement

Explore with Pulumi AI

Alibaba Cloud v3.76.0 published on Tuesday, Apr 8, 2025 by Pulumi

Create AccessManagement Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new AccessManagement(name: string, args: AccessManagementArgs, opts?: CustomResourceOptions);

@overload
def AccessManagement(resource_name: str,
                     args: AccessManagementArgs,
                     opts: Optional[ResourceOptions] = None)

@overload
def AccessManagement(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     access_configuration_id: Optional[str] = None,
                     directory_id: Optional[str] = None,
                     principal_id: Optional[str] = None,
                     principal_type: Optional[str] = None,
                     target_id: Optional[str] = None,
                     target_type: Optional[str] = None,
                     deprovision_strategy: Optional[str] = None)

func NewAccessManagement(ctx *Context, name string, args AccessManagementArgs, opts ...ResourceOption) (*AccessManagement, error)

public AccessManagement(string name, AccessManagementArgs args, CustomResourceOptions? opts = null)

public AccessManagement(String name, AccessManagementArgs args)
public AccessManagement(String name, AccessManagementArgs args, CustomResourceOptions options)

type: alicloud:cloudsso:AccessManagement
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args AccessManagementArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args AccessManagementArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AccessManagementArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AccessManagementArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args AccessManagementArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var accessManagementResource = new AliCloud.CloudSso.AccessManagement("accessManagementResource", new()
{
    AccessConfigurationId = "string",
    DirectoryId = "string",
    PrincipalId = "string",
    PrincipalType = "string",
    TargetId = "string",
    TargetType = "string",
    DeprovisionStrategy = "string",
});

example, err := cloudsso.NewAccessManagement(ctx, "accessManagementResource", &cloudsso.AccessManagementArgs{
	AccessConfigurationId: pulumi.String("string"),
	DirectoryId:           pulumi.String("string"),
	PrincipalId:           pulumi.String("string"),
	PrincipalType:         pulumi.String("string"),
	TargetId:              pulumi.String("string"),
	TargetType:            pulumi.String("string"),
	DeprovisionStrategy:   pulumi.String("string"),
})

var accessManagementResource = new AccessManagement("accessManagementResource", AccessManagementArgs.builder()
    .accessConfigurationId("string")
    .directoryId("string")
    .principalId("string")
    .principalType("string")
    .targetId("string")
    .targetType("string")
    .deprovisionStrategy("string")
    .build());

access_management_resource = alicloud.cloudsso.AccessManagement("accessManagementResource",
    access_configuration_id="string",
    directory_id="string",
    principal_id="string",
    principal_type="string",
    target_id="string",
    target_type="string",
    deprovision_strategy="string")

const accessManagementResource = new alicloud.cloudsso.AccessManagement("accessManagementResource", {
    accessConfigurationId: "string",
    directoryId: "string",
    principalId: "string",
    principalType: "string",
    targetId: "string",
    targetType: "string",
    deprovisionStrategy: "string",
});

type: alicloud:cloudsso:AccessManagement
properties:
    accessConfigurationId: string
    deprovisionStrategy: string
    directoryId: string
    principalId: string
    principalType: string
    targetId: string
    targetType: string

AccessManagement Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The AccessManagement resource accepts the following input properties:

AccessConfigurationId string: The Access configuration ID.
DirectoryId string: The ID of the Directory.
PrincipalId string: The ID of the access assignment.
PrincipalType string: The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.
TargetId string: The ID of the target to create the resource range.
TargetType string: The type of the resource range target to be accessed. Valid values: RD-Account.
DeprovisionStrategy string: The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。

AccessConfigurationId string: The Access configuration ID.
DirectoryId string: The ID of the Directory.
PrincipalId string: The ID of the access assignment.
PrincipalType string: The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.
TargetId string: The ID of the target to create the resource range.
TargetType string: The type of the resource range target to be accessed. Valid values: RD-Account.
DeprovisionStrategy string: The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。

accessConfigurationId String: The Access configuration ID.
directoryId String: The ID of the Directory.
principalId String: The ID of the access assignment.
principalType String: The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.
targetId String: The ID of the target to create the resource range.
targetType String: The type of the resource range target to be accessed. Valid values: RD-Account.
deprovisionStrategy String: The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。

accessConfigurationId string: The Access configuration ID.
directoryId string: The ID of the Directory.
principalId string: The ID of the access assignment.
principalType string: The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.
targetId string: The ID of the target to create the resource range.
targetType string: The type of the resource range target to be accessed. Valid values: RD-Account.
deprovisionStrategy string: The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。

access_configuration_id str: The Access configuration ID.
directory_id str: The ID of the Directory.
principal_id str: The ID of the access assignment.
principal_type str: The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.
target_id str: The ID of the target to create the resource range.
target_type str: The type of the resource range target to be accessed. Valid values: RD-Account.
deprovision_strategy str: The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。

accessConfigurationId String: The Access configuration ID.
directoryId String: The ID of the Directory.
principalId String: The ID of the access assignment.
principalType String: The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.
targetId String: The ID of the target to create the resource range.
targetType String: The type of the resource range target to be accessed. Valid values: RD-Account.
deprovisionStrategy String: The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。

Outputs

All input properties are implicitly available as output properties. Additionally, the AccessManagement resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing AccessManagement Resource

Get an existing AccessManagement resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AccessManagementState, opts?: CustomResourceOptions): AccessManagement

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_configuration_id: Optional[str] = None,
        deprovision_strategy: Optional[str] = None,
        directory_id: Optional[str] = None,
        principal_id: Optional[str] = None,
        principal_type: Optional[str] = None,
        target_id: Optional[str] = None,
        target_type: Optional[str] = None) -> AccessManagement

func GetAccessManagement(ctx *Context, name string, id IDInput, state *AccessManagementState, opts ...ResourceOption) (*AccessManagement, error)

public static AccessManagement Get(string name, Input<string> id, AccessManagementState? state, CustomResourceOptions? opts = null)

public static AccessManagement get(String name, Output<String> id, AccessManagementState state, CustomResourceOptions options)

resources:  _:    type: alicloud:cloudsso:AccessManagement    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccessConfigurationId string: The Access configuration ID.
DeprovisionStrategy string: The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
DirectoryId string: The ID of the Directory.
PrincipalId string: The ID of the access assignment.
PrincipalType string: The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.
TargetId string: The ID of the target to create the resource range.
TargetType string: The type of the resource range target to be accessed. Valid values: RD-Account.

AccessConfigurationId string: The Access configuration ID.
DeprovisionStrategy string: The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
DirectoryId string: The ID of the Directory.
PrincipalId string: The ID of the access assignment.
PrincipalType string: The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.
TargetId string: The ID of the target to create the resource range.
TargetType string: The type of the resource range target to be accessed. Valid values: RD-Account.

accessConfigurationId String: The Access configuration ID.
deprovisionStrategy String: The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
directoryId String: The ID of the Directory.
principalId String: The ID of the access assignment.
principalType String: The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.
targetId String: The ID of the target to create the resource range.
targetType String: The type of the resource range target to be accessed. Valid values: RD-Account.

accessConfigurationId string: The Access configuration ID.
deprovisionStrategy string: The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
directoryId string: The ID of the Directory.
principalId string: The ID of the access assignment.
principalType string: The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.
targetId string: The ID of the target to create the resource range.
targetType string: The type of the resource range target to be accessed. Valid values: RD-Account.

access_configuration_id str: The Access configuration ID.
deprovision_strategy str: The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
directory_id str: The ID of the Directory.
principal_id str: The ID of the access assignment.
principal_type str: The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.
target_id str: The ID of the target to create the resource range.
target_type str: The type of the resource range target to be accessed. Valid values: RD-Account.

accessConfigurationId String: The Access configuration ID.
deprovisionStrategy String: The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
directoryId String: The ID of the Directory.
principalId String: The ID of the access assignment.
principalType String: The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.
targetId String: The ID of the target to create the resource range.
targetType String: The type of the resource range target to be accessed. Valid values: RD-Account.

Import

Cloud SSO Access Assignment can be imported using the id, e.g.

$ pulumi import alicloud:cloudsso/accessManagement:AccessManagement example <directory_id>:<access_configuration_id>:<target_type>:<target_id>:<principal_type>:<principal_id>

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Alibaba Cloud pulumi/pulumi-alicloud
License: Apache-2.0
Notes: This Pulumi package is based on the alicloud Terraform Provider.

Alibaba Cloud v3.76.0 published on Tuesday, Apr 8, 2025 by Pulumi

pulumi/pulumi-alicloud

alicloud.cloudsso.AccessManagement

On this page

On this page

Create AccessManagement Resource

Constructor syntax

Parameters

Constructor example

AccessManagement Resource Properties

Inputs

Outputs

Look up Existing AccessManagement Resource

Import

Package Details

On this page

On this page