alicloud logo
Alibaba Cloud v3.37.0, May 15 23

alicloud.cloudsso.AccessManagement

Explore with Pulumi AI

Provides a Cloud SSO Access Assignment resource.

For information about Cloud SSO Access Assignment and how to use it, see What is Access Assignment.

NOTE: When you configure access assignment for the first time, access configuration will be automatically deployed.

NOTE: Available in v1.145.0+.

NOTE: Cloud SSO Only Support cn-shanghai And us-west-1 Region

Create AccessManagement Resource

new AccessManagement(name: string, args: AccessManagementArgs, opts?: CustomResourceOptions);
@overload
def AccessManagement(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     access_configuration_id: Optional[str] = None,
                     deprovision_strategy: Optional[str] = None,
                     directory_id: Optional[str] = None,
                     principal_id: Optional[str] = None,
                     principal_type: Optional[str] = None,
                     target_id: Optional[str] = None,
                     target_type: Optional[str] = None)
@overload
def AccessManagement(resource_name: str,
                     args: AccessManagementArgs,
                     opts: Optional[ResourceOptions] = None)
func NewAccessManagement(ctx *Context, name string, args AccessManagementArgs, opts ...ResourceOption) (*AccessManagement, error)
public AccessManagement(string name, AccessManagementArgs args, CustomResourceOptions? opts = null)
public AccessManagement(String name, AccessManagementArgs args)
public AccessManagement(String name, AccessManagementArgs args, CustomResourceOptions options)
type: alicloud:cloudsso:AccessManagement
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args AccessManagementArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args AccessManagementArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AccessManagementArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AccessManagementArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args AccessManagementArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

AccessManagement Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AccessManagement resource accepts the following input properties:

AccessConfigurationId string

The Access configuration ID.

DirectoryId string

The ID of the Directory.

PrincipalId string

The ID of the access assignment.

PrincipalType string

The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.

TargetId string

The ID of the target to create the resource range.

TargetType string

The type of the resource range target to be accessed. Valid values: RD-Account.

DeprovisionStrategy string

The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。

AccessConfigurationId string

The Access configuration ID.

DirectoryId string

The ID of the Directory.

PrincipalId string

The ID of the access assignment.

PrincipalType string

The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.

TargetId string

The ID of the target to create the resource range.

TargetType string

The type of the resource range target to be accessed. Valid values: RD-Account.

DeprovisionStrategy string

The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。

accessConfigurationId String

The Access configuration ID.

directoryId String

The ID of the Directory.

principalId String

The ID of the access assignment.

principalType String

The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.

targetId String

The ID of the target to create the resource range.

targetType String

The type of the resource range target to be accessed. Valid values: RD-Account.

deprovisionStrategy String

The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。

accessConfigurationId string

The Access configuration ID.

directoryId string

The ID of the Directory.

principalId string

The ID of the access assignment.

principalType string

The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.

targetId string

The ID of the target to create the resource range.

targetType string

The type of the resource range target to be accessed. Valid values: RD-Account.

deprovisionStrategy string

The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。

access_configuration_id str

The Access configuration ID.

directory_id str

The ID of the Directory.

principal_id str

The ID of the access assignment.

principal_type str

The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.

target_id str

The ID of the target to create the resource range.

target_type str

The type of the resource range target to be accessed. Valid values: RD-Account.

deprovision_strategy str

The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。

accessConfigurationId String

The Access configuration ID.

directoryId String

The ID of the Directory.

principalId String

The ID of the access assignment.

principalType String

The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.

targetId String

The ID of the target to create the resource range.

targetType String

The type of the resource range target to be accessed. Valid values: RD-Account.

deprovisionStrategy String

The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。

Outputs

All input properties are implicitly available as output properties. Additionally, the AccessManagement resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up Existing AccessManagement Resource

Get an existing AccessManagement resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AccessManagementState, opts?: CustomResourceOptions): AccessManagement
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_configuration_id: Optional[str] = None,
        deprovision_strategy: Optional[str] = None,
        directory_id: Optional[str] = None,
        principal_id: Optional[str] = None,
        principal_type: Optional[str] = None,
        target_id: Optional[str] = None,
        target_type: Optional[str] = None) -> AccessManagement
func GetAccessManagement(ctx *Context, name string, id IDInput, state *AccessManagementState, opts ...ResourceOption) (*AccessManagement, error)
public static AccessManagement Get(string name, Input<string> id, AccessManagementState? state, CustomResourceOptions? opts = null)
public static AccessManagement get(String name, Output<String> id, AccessManagementState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AccessConfigurationId string

The Access configuration ID.

DeprovisionStrategy string

The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。

DirectoryId string

The ID of the Directory.

PrincipalId string

The ID of the access assignment.

PrincipalType string

The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.

TargetId string

The ID of the target to create the resource range.

TargetType string

The type of the resource range target to be accessed. Valid values: RD-Account.

AccessConfigurationId string

The Access configuration ID.

DeprovisionStrategy string

The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。

DirectoryId string

The ID of the Directory.

PrincipalId string

The ID of the access assignment.

PrincipalType string

The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.

TargetId string

The ID of the target to create the resource range.

TargetType string

The type of the resource range target to be accessed. Valid values: RD-Account.

accessConfigurationId String

The Access configuration ID.

deprovisionStrategy String

The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。

directoryId String

The ID of the Directory.

principalId String

The ID of the access assignment.

principalType String

The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.

targetId String

The ID of the target to create the resource range.

targetType String

The type of the resource range target to be accessed. Valid values: RD-Account.

accessConfigurationId string

The Access configuration ID.

deprovisionStrategy string

The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。

directoryId string

The ID of the Directory.

principalId string

The ID of the access assignment.

principalType string

The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.

targetId string

The ID of the target to create the resource range.

targetType string

The type of the resource range target to be accessed. Valid values: RD-Account.

access_configuration_id str

The Access configuration ID.

deprovision_strategy str

The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。

directory_id str

The ID of the Directory.

principal_id str

The ID of the access assignment.

principal_type str

The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.

target_id str

The ID of the target to create the resource range.

target_type str

The type of the resource range target to be accessed. Valid values: RD-Account.

accessConfigurationId String

The Access configuration ID.

deprovisionStrategy String

The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。

directoryId String

The ID of the Directory.

principalId String

The ID of the access assignment.

principalType String

The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.

targetId String

The ID of the target to create the resource range.

targetType String

The type of the resource range target to be accessed. Valid values: RD-Account.

Import

Cloud SSO Access Assignment can be imported using the id, e.g.

 $ pulumi import alicloud:cloudsso/accessManagement:AccessManagement example <directory_id>:<access_configuration_id>:<target_type>:<target_id>:<principal_type>:<principal_id>

Package Details

Repository
Alibaba Cloud pulumi/pulumi-alicloud
License
Apache-2.0
Notes

This Pulumi package is based on the alicloud Terraform Provider.