1. Packages
  2. Alibaba Cloud
  3. API Docs
  4. cloudsso
  5. AccessManagement
Alibaba Cloud v3.51.0 published on Saturday, Mar 23, 2024 by Pulumi

alicloud.cloudsso.AccessManagement

Explore with Pulumi AI

alicloud logo
Alibaba Cloud v3.51.0 published on Saturday, Mar 23, 2024 by Pulumi

    Provides a Cloud SSO Access Assignment resource.

    For information about Cloud SSO Access Assignment and how to use it, see What is Access Assignment.

    NOTE: When you configure access assignment for the first time, access configuration will be automatically deployed.

    NOTE: Available since v1.145.0.

    NOTE: Cloud SSO Only Support cn-shanghai And us-west-1 Region

    Create AccessManagement Resource

    new AccessManagement(name: string, args: AccessManagementArgs, opts?: CustomResourceOptions);
    @overload
    def AccessManagement(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         access_configuration_id: Optional[str] = None,
                         deprovision_strategy: Optional[str] = None,
                         directory_id: Optional[str] = None,
                         principal_id: Optional[str] = None,
                         principal_type: Optional[str] = None,
                         target_id: Optional[str] = None,
                         target_type: Optional[str] = None)
    @overload
    def AccessManagement(resource_name: str,
                         args: AccessManagementArgs,
                         opts: Optional[ResourceOptions] = None)
    func NewAccessManagement(ctx *Context, name string, args AccessManagementArgs, opts ...ResourceOption) (*AccessManagement, error)
    public AccessManagement(string name, AccessManagementArgs args, CustomResourceOptions? opts = null)
    public AccessManagement(String name, AccessManagementArgs args)
    public AccessManagement(String name, AccessManagementArgs args, CustomResourceOptions options)
    
    type: alicloud:cloudsso:AccessManagement
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args AccessManagementArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AccessManagementArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AccessManagementArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AccessManagementArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AccessManagementArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    AccessManagement Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AccessManagement resource accepts the following input properties:

    AccessConfigurationId string
    The Access configuration ID.
    DirectoryId string
    The ID of the Directory.
    PrincipalId string
    The ID of the access assignment.
    PrincipalType string
    The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.
    TargetId string
    The ID of the target to create the resource range.
    TargetType string
    The type of the resource range target to be accessed. Valid values: RD-Account.
    DeprovisionStrategy string
    The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
    AccessConfigurationId string
    The Access configuration ID.
    DirectoryId string
    The ID of the Directory.
    PrincipalId string
    The ID of the access assignment.
    PrincipalType string
    The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.
    TargetId string
    The ID of the target to create the resource range.
    TargetType string
    The type of the resource range target to be accessed. Valid values: RD-Account.
    DeprovisionStrategy string
    The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
    accessConfigurationId String
    The Access configuration ID.
    directoryId String
    The ID of the Directory.
    principalId String
    The ID of the access assignment.
    principalType String
    The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.
    targetId String
    The ID of the target to create the resource range.
    targetType String
    The type of the resource range target to be accessed. Valid values: RD-Account.
    deprovisionStrategy String
    The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
    accessConfigurationId string
    The Access configuration ID.
    directoryId string
    The ID of the Directory.
    principalId string
    The ID of the access assignment.
    principalType string
    The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.
    targetId string
    The ID of the target to create the resource range.
    targetType string
    The type of the resource range target to be accessed. Valid values: RD-Account.
    deprovisionStrategy string
    The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
    access_configuration_id str
    The Access configuration ID.
    directory_id str
    The ID of the Directory.
    principal_id str
    The ID of the access assignment.
    principal_type str
    The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.
    target_id str
    The ID of the target to create the resource range.
    target_type str
    The type of the resource range target to be accessed. Valid values: RD-Account.
    deprovision_strategy str
    The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
    accessConfigurationId String
    The Access configuration ID.
    directoryId String
    The ID of the Directory.
    principalId String
    The ID of the access assignment.
    principalType String
    The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.
    targetId String
    The ID of the target to create the resource range.
    targetType String
    The type of the resource range target to be accessed. Valid values: RD-Account.
    deprovisionStrategy String
    The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AccessManagement resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing AccessManagement Resource

    Get an existing AccessManagement resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AccessManagementState, opts?: CustomResourceOptions): AccessManagement
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            access_configuration_id: Optional[str] = None,
            deprovision_strategy: Optional[str] = None,
            directory_id: Optional[str] = None,
            principal_id: Optional[str] = None,
            principal_type: Optional[str] = None,
            target_id: Optional[str] = None,
            target_type: Optional[str] = None) -> AccessManagement
    func GetAccessManagement(ctx *Context, name string, id IDInput, state *AccessManagementState, opts ...ResourceOption) (*AccessManagement, error)
    public static AccessManagement Get(string name, Input<string> id, AccessManagementState? state, CustomResourceOptions? opts = null)
    public static AccessManagement get(String name, Output<String> id, AccessManagementState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccessConfigurationId string
    The Access configuration ID.
    DeprovisionStrategy string
    The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
    DirectoryId string
    The ID of the Directory.
    PrincipalId string
    The ID of the access assignment.
    PrincipalType string
    The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.
    TargetId string
    The ID of the target to create the resource range.
    TargetType string
    The type of the resource range target to be accessed. Valid values: RD-Account.
    AccessConfigurationId string
    The Access configuration ID.
    DeprovisionStrategy string
    The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
    DirectoryId string
    The ID of the Directory.
    PrincipalId string
    The ID of the access assignment.
    PrincipalType string
    The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.
    TargetId string
    The ID of the target to create the resource range.
    TargetType string
    The type of the resource range target to be accessed. Valid values: RD-Account.
    accessConfigurationId String
    The Access configuration ID.
    deprovisionStrategy String
    The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
    directoryId String
    The ID of the Directory.
    principalId String
    The ID of the access assignment.
    principalType String
    The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.
    targetId String
    The ID of the target to create the resource range.
    targetType String
    The type of the resource range target to be accessed. Valid values: RD-Account.
    accessConfigurationId string
    The Access configuration ID.
    deprovisionStrategy string
    The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
    directoryId string
    The ID of the Directory.
    principalId string
    The ID of the access assignment.
    principalType string
    The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.
    targetId string
    The ID of the target to create the resource range.
    targetType string
    The type of the resource range target to be accessed. Valid values: RD-Account.
    access_configuration_id str
    The Access configuration ID.
    deprovision_strategy str
    The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
    directory_id str
    The ID of the Directory.
    principal_id str
    The ID of the access assignment.
    principal_type str
    The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.
    target_id str
    The ID of the target to create the resource range.
    target_type str
    The type of the resource range target to be accessed. Valid values: RD-Account.
    accessConfigurationId String
    The Access configuration ID.
    deprovisionStrategy String
    The deprovision strategy. Valid values: DeprovisionForLastAccessAssignmentOnAccount and None. Default Value: DeprovisionForLastAccessAssignmentOnAccount. NOTE: When deprovision_strategy is DeprovisionForLastAccessAssignmentOnAccount, and the access assignment to be deleted is the last access assignment for the same account and the same AC, this option is used for the undeployment operation。
    directoryId String
    The ID of the Directory.
    principalId String
    The ID of the access assignment.
    principalType String
    The identity type of the access assignment, which can be a user or a user group. Valid values: Group, User.
    targetId String
    The ID of the target to create the resource range.
    targetType String
    The type of the resource range target to be accessed. Valid values: RD-Account.

    Import

    Cloud SSO Access Assignment can be imported using the id, e.g.

    $ pulumi import alicloud:cloudsso/accessManagement:AccessManagement example <directory_id>:<access_configuration_id>:<target_type>:<target_id>:<principal_type>:<principal_id>
    

    Package Details

    Repository
    Alibaba Cloud pulumi/pulumi-alicloud
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the alicloud Terraform Provider.
    alicloud logo
    Alibaba Cloud v3.51.0 published on Saturday, Mar 23, 2024 by Pulumi