1. Packages
  2. Azure Native
  3. API Docs
  4. authorization
  5. RoleAssignment
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.34.0 published on Thursday, Mar 28, 2024 by Pulumi

azure-native.authorization.RoleAssignment

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.34.0 published on Thursday, Mar 28, 2024 by Pulumi

    Role Assignments Azure REST API version: 2022-04-01. Prior API version in Azure Native 1.x: 2020-10-01-preview.

    Other available API versions: 2015-07-01, 2017-10-01-preview, 2020-03-01-preview, 2020-04-01-preview.

    Example Usage

    Create role assignment for resource

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var roleAssignment = new AzureNative.Authorization.RoleAssignment("roleAssignment", new()
        {
            PrincipalId = "ce2ce14e-85d7-4629-bdbc-454d0519d987",
            PrincipalType = AzureNative.Authorization.PrincipalType.User,
            RoleAssignmentName = "05c5a614-a7d6-4502-b150-c2fb455033ff",
            RoleDefinitionId = "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
            Scope = "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := authorization.NewRoleAssignment(ctx, "roleAssignment", &authorization.RoleAssignmentArgs{
    			PrincipalId:        pulumi.String("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
    			PrincipalType:      pulumi.String(authorization.PrincipalTypeUser),
    			RoleAssignmentName: pulumi.String("05c5a614-a7d6-4502-b150-c2fb455033ff"),
    			RoleDefinitionId:   pulumi.String("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
    			Scope:              pulumi.String("subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.authorization.RoleAssignment;
    import com.pulumi.azurenative.authorization.RoleAssignmentArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var roleAssignment = new RoleAssignment("roleAssignment", RoleAssignmentArgs.builder()        
                .principalId("ce2ce14e-85d7-4629-bdbc-454d0519d987")
                .principalType("User")
                .roleAssignmentName("05c5a614-a7d6-4502-b150-c2fb455033ff")
                .roleDefinitionId("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d")
                .scope("subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    role_assignment = azure_native.authorization.RoleAssignment("roleAssignment",
        principal_id="ce2ce14e-85d7-4629-bdbc-454d0519d987",
        principal_type=azure_native.authorization.PrincipalType.USER,
        role_assignment_name="05c5a614-a7d6-4502-b150-c2fb455033ff",
        role_definition_id="/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
        scope="subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const roleAssignment = new azure_native.authorization.RoleAssignment("roleAssignment", {
        principalId: "ce2ce14e-85d7-4629-bdbc-454d0519d987",
        principalType: azure_native.authorization.PrincipalType.User,
        roleAssignmentName: "05c5a614-a7d6-4502-b150-c2fb455033ff",
        roleDefinitionId: "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
        scope: "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account",
    });
    
    resources:
      roleAssignment:
        type: azure-native:authorization:RoleAssignment
        properties:
          principalId: ce2ce14e-85d7-4629-bdbc-454d0519d987
          principalType: User
          roleAssignmentName: 05c5a614-a7d6-4502-b150-c2fb455033ff
          roleDefinitionId: /subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d
          scope: subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account
    

    Create role assignment for resource group

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var roleAssignment = new AzureNative.Authorization.RoleAssignment("roleAssignment", new()
        {
            PrincipalId = "ce2ce14e-85d7-4629-bdbc-454d0519d987",
            PrincipalType = AzureNative.Authorization.PrincipalType.User,
            RoleAssignmentName = "05c5a614-a7d6-4502-b150-c2fb455033ff",
            RoleDefinitionId = "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
            Scope = "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := authorization.NewRoleAssignment(ctx, "roleAssignment", &authorization.RoleAssignmentArgs{
    			PrincipalId:        pulumi.String("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
    			PrincipalType:      pulumi.String(authorization.PrincipalTypeUser),
    			RoleAssignmentName: pulumi.String("05c5a614-a7d6-4502-b150-c2fb455033ff"),
    			RoleDefinitionId:   pulumi.String("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
    			Scope:              pulumi.String("subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.authorization.RoleAssignment;
    import com.pulumi.azurenative.authorization.RoleAssignmentArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var roleAssignment = new RoleAssignment("roleAssignment", RoleAssignmentArgs.builder()        
                .principalId("ce2ce14e-85d7-4629-bdbc-454d0519d987")
                .principalType("User")
                .roleAssignmentName("05c5a614-a7d6-4502-b150-c2fb455033ff")
                .roleDefinitionId("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d")
                .scope("subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    role_assignment = azure_native.authorization.RoleAssignment("roleAssignment",
        principal_id="ce2ce14e-85d7-4629-bdbc-454d0519d987",
        principal_type=azure_native.authorization.PrincipalType.USER,
        role_assignment_name="05c5a614-a7d6-4502-b150-c2fb455033ff",
        role_definition_id="/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
        scope="subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const roleAssignment = new azure_native.authorization.RoleAssignment("roleAssignment", {
        principalId: "ce2ce14e-85d7-4629-bdbc-454d0519d987",
        principalType: azure_native.authorization.PrincipalType.User,
        roleAssignmentName: "05c5a614-a7d6-4502-b150-c2fb455033ff",
        roleDefinitionId: "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
        scope: "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg",
    });
    
    resources:
      roleAssignment:
        type: azure-native:authorization:RoleAssignment
        properties:
          principalId: ce2ce14e-85d7-4629-bdbc-454d0519d987
          principalType: User
          roleAssignmentName: 05c5a614-a7d6-4502-b150-c2fb455033ff
          roleDefinitionId: /subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d
          scope: subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg
    

    Create role assignment for subscription

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var roleAssignment = new AzureNative.Authorization.RoleAssignment("roleAssignment", new()
        {
            PrincipalId = "ce2ce14e-85d7-4629-bdbc-454d0519d987",
            PrincipalType = AzureNative.Authorization.PrincipalType.User,
            RoleAssignmentName = "05c5a614-a7d6-4502-b150-c2fb455033ff",
            RoleDefinitionId = "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
            Scope = "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := authorization.NewRoleAssignment(ctx, "roleAssignment", &authorization.RoleAssignmentArgs{
    			PrincipalId:        pulumi.String("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
    			PrincipalType:      pulumi.String(authorization.PrincipalTypeUser),
    			RoleAssignmentName: pulumi.String("05c5a614-a7d6-4502-b150-c2fb455033ff"),
    			RoleDefinitionId:   pulumi.String("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
    			Scope:              pulumi.String("subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.authorization.RoleAssignment;
    import com.pulumi.azurenative.authorization.RoleAssignmentArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var roleAssignment = new RoleAssignment("roleAssignment", RoleAssignmentArgs.builder()        
                .principalId("ce2ce14e-85d7-4629-bdbc-454d0519d987")
                .principalType("User")
                .roleAssignmentName("05c5a614-a7d6-4502-b150-c2fb455033ff")
                .roleDefinitionId("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d")
                .scope("subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    role_assignment = azure_native.authorization.RoleAssignment("roleAssignment",
        principal_id="ce2ce14e-85d7-4629-bdbc-454d0519d987",
        principal_type=azure_native.authorization.PrincipalType.USER,
        role_assignment_name="05c5a614-a7d6-4502-b150-c2fb455033ff",
        role_definition_id="/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
        scope="subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const roleAssignment = new azure_native.authorization.RoleAssignment("roleAssignment", {
        principalId: "ce2ce14e-85d7-4629-bdbc-454d0519d987",
        principalType: azure_native.authorization.PrincipalType.User,
        roleAssignmentName: "05c5a614-a7d6-4502-b150-c2fb455033ff",
        roleDefinitionId: "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
        scope: "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2",
    });
    
    resources:
      roleAssignment:
        type: azure-native:authorization:RoleAssignment
        properties:
          principalId: ce2ce14e-85d7-4629-bdbc-454d0519d987
          principalType: User
          roleAssignmentName: 05c5a614-a7d6-4502-b150-c2fb455033ff
          roleDefinitionId: /subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d
          scope: subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2
    

    Create RoleAssignment Resource

    new RoleAssignment(name: string, args: RoleAssignmentArgs, opts?: CustomResourceOptions);
    @overload
    def RoleAssignment(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       condition: Optional[str] = None,
                       condition_version: Optional[str] = None,
                       delegated_managed_identity_resource_id: Optional[str] = None,
                       description: Optional[str] = None,
                       principal_id: Optional[str] = None,
                       principal_type: Optional[Union[str, PrincipalType]] = None,
                       role_assignment_name: Optional[str] = None,
                       role_definition_id: Optional[str] = None,
                       scope: Optional[str] = None)
    @overload
    def RoleAssignment(resource_name: str,
                       args: RoleAssignmentArgs,
                       opts: Optional[ResourceOptions] = None)
    func NewRoleAssignment(ctx *Context, name string, args RoleAssignmentArgs, opts ...ResourceOption) (*RoleAssignment, error)
    public RoleAssignment(string name, RoleAssignmentArgs args, CustomResourceOptions? opts = null)
    public RoleAssignment(String name, RoleAssignmentArgs args)
    public RoleAssignment(String name, RoleAssignmentArgs args, CustomResourceOptions options)
    
    type: azure-native:authorization:RoleAssignment
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args RoleAssignmentArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args RoleAssignmentArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args RoleAssignmentArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args RoleAssignmentArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args RoleAssignmentArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    RoleAssignment Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The RoleAssignment resource accepts the following input properties:

    PrincipalId string
    The principal ID.
    RoleDefinitionId string
    The role definition ID.
    Scope string
    The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    Condition string
    The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
    ConditionVersion string
    Version of the condition. Currently the only accepted value is '2.0'
    DelegatedManagedIdentityResourceId string
    Id of the delegated managed identity resource
    Description string
    Description of role assignment
    PrincipalType string | Pulumi.AzureNative.Authorization.PrincipalType
    The principal type of the assigned principal ID.
    RoleAssignmentName string
    The name of the role assignment. It can be any valid GUID.
    PrincipalId string
    The principal ID.
    RoleDefinitionId string
    The role definition ID.
    Scope string
    The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    Condition string
    The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
    ConditionVersion string
    Version of the condition. Currently the only accepted value is '2.0'
    DelegatedManagedIdentityResourceId string
    Id of the delegated managed identity resource
    Description string
    Description of role assignment
    PrincipalType string | PrincipalType
    The principal type of the assigned principal ID.
    RoleAssignmentName string
    The name of the role assignment. It can be any valid GUID.
    principalId String
    The principal ID.
    roleDefinitionId String
    The role definition ID.
    scope String
    The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    condition String
    The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
    conditionVersion String
    Version of the condition. Currently the only accepted value is '2.0'
    delegatedManagedIdentityResourceId String
    Id of the delegated managed identity resource
    description String
    Description of role assignment
    principalType String | PrincipalType
    The principal type of the assigned principal ID.
    roleAssignmentName String
    The name of the role assignment. It can be any valid GUID.
    principalId string
    The principal ID.
    roleDefinitionId string
    The role definition ID.
    scope string
    The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    condition string
    The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
    conditionVersion string
    Version of the condition. Currently the only accepted value is '2.0'
    delegatedManagedIdentityResourceId string
    Id of the delegated managed identity resource
    description string
    Description of role assignment
    principalType string | PrincipalType
    The principal type of the assigned principal ID.
    roleAssignmentName string
    The name of the role assignment. It can be any valid GUID.
    principal_id str
    The principal ID.
    role_definition_id str
    The role definition ID.
    scope str
    The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    condition str
    The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
    condition_version str
    Version of the condition. Currently the only accepted value is '2.0'
    delegated_managed_identity_resource_id str
    Id of the delegated managed identity resource
    description str
    Description of role assignment
    principal_type str | PrincipalType
    The principal type of the assigned principal ID.
    role_assignment_name str
    The name of the role assignment. It can be any valid GUID.
    principalId String
    The principal ID.
    roleDefinitionId String
    The role definition ID.
    scope String
    The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    condition String
    The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
    conditionVersion String
    Version of the condition. Currently the only accepted value is '2.0'
    delegatedManagedIdentityResourceId String
    Id of the delegated managed identity resource
    description String
    Description of role assignment
    principalType String | "User" | "Group" | "ServicePrincipal" | "ForeignGroup" | "Device"
    The principal type of the assigned principal ID.
    roleAssignmentName String
    The name of the role assignment. It can be any valid GUID.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the RoleAssignment resource produces the following output properties:

    CreatedBy string
    Id of the user who created the assignment
    CreatedOn string
    Time it was created
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    The role assignment name.
    Type string
    The role assignment type.
    UpdatedBy string
    Id of the user who updated the assignment
    UpdatedOn string
    Time it was updated
    CreatedBy string
    Id of the user who created the assignment
    CreatedOn string
    Time it was created
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    The role assignment name.
    Type string
    The role assignment type.
    UpdatedBy string
    Id of the user who updated the assignment
    UpdatedOn string
    Time it was updated
    createdBy String
    Id of the user who created the assignment
    createdOn String
    Time it was created
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    The role assignment name.
    type String
    The role assignment type.
    updatedBy String
    Id of the user who updated the assignment
    updatedOn String
    Time it was updated
    createdBy string
    Id of the user who created the assignment
    createdOn string
    Time it was created
    id string
    The provider-assigned unique ID for this managed resource.
    name string
    The role assignment name.
    type string
    The role assignment type.
    updatedBy string
    Id of the user who updated the assignment
    updatedOn string
    Time it was updated
    created_by str
    Id of the user who created the assignment
    created_on str
    Time it was created
    id str
    The provider-assigned unique ID for this managed resource.
    name str
    The role assignment name.
    type str
    The role assignment type.
    updated_by str
    Id of the user who updated the assignment
    updated_on str
    Time it was updated
    createdBy String
    Id of the user who created the assignment
    createdOn String
    Time it was created
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    The role assignment name.
    type String
    The role assignment type.
    updatedBy String
    Id of the user who updated the assignment
    updatedOn String
    Time it was updated

    Supporting Types

    PrincipalType, PrincipalTypeArgs

    User
    User
    Group
    Group
    ServicePrincipal
    ServicePrincipal
    ForeignGroup
    ForeignGroup
    Device
    Device
    PrincipalTypeUser
    User
    PrincipalTypeGroup
    Group
    PrincipalTypeServicePrincipal
    ServicePrincipal
    PrincipalTypeForeignGroup
    ForeignGroup
    PrincipalTypeDevice
    Device
    User
    User
    Group
    Group
    ServicePrincipal
    ServicePrincipal
    ForeignGroup
    ForeignGroup
    Device
    Device
    User
    User
    Group
    Group
    ServicePrincipal
    ServicePrincipal
    ForeignGroup
    ForeignGroup
    Device
    Device
    USER
    User
    GROUP
    Group
    SERVICE_PRINCIPAL
    ServicePrincipal
    FOREIGN_GROUP
    ForeignGroup
    DEVICE
    Device
    "User"
    User
    "Group"
    Group
    "ServicePrincipal"
    ServicePrincipal
    "ForeignGroup"
    ForeignGroup
    "Device"
    Device

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:authorization:RoleAssignment 05c5a614-a7d6-4502-b150-c2fb455033ff /{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName} 
    

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.34.0 published on Thursday, Mar 28, 2024 by Pulumi