1. Packages
  2. Azure Native
  3. API Docs
  4. authorization
  5. RoleAssignment
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.20.0 published on Wednesday, Nov 29, 2023 by Pulumi

azure-native.authorization.RoleAssignment

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.20.0 published on Wednesday, Nov 29, 2023 by Pulumi

    Role Assignments Azure REST API version: 2022-04-01. Prior API version in Azure Native 1.x: 2020-10-01-preview.

    Other available API versions: 2015-07-01, 2017-10-01-preview, 2020-03-01-preview, 2020-04-01-preview.

    Example Usage

    Create role assignment for resource

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var roleAssignment = new AzureNative.Authorization.RoleAssignment("roleAssignment", new()
        {
            PrincipalId = "ce2ce14e-85d7-4629-bdbc-454d0519d987",
            PrincipalType = "User",
            RoleAssignmentName = "05c5a614-a7d6-4502-b150-c2fb455033ff",
            RoleDefinitionId = "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
            Scope = "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := authorization.NewRoleAssignment(ctx, "roleAssignment", &authorization.RoleAssignmentArgs{
    			PrincipalId:        pulumi.String("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
    			PrincipalType:      pulumi.String("User"),
    			RoleAssignmentName: pulumi.String("05c5a614-a7d6-4502-b150-c2fb455033ff"),
    			RoleDefinitionId:   pulumi.String("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
    			Scope:              pulumi.String("subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.authorization.RoleAssignment;
    import com.pulumi.azurenative.authorization.RoleAssignmentArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var roleAssignment = new RoleAssignment("roleAssignment", RoleAssignmentArgs.builder()        
                .principalId("ce2ce14e-85d7-4629-bdbc-454d0519d987")
                .principalType("User")
                .roleAssignmentName("05c5a614-a7d6-4502-b150-c2fb455033ff")
                .roleDefinitionId("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d")
                .scope("subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    role_assignment = azure_native.authorization.RoleAssignment("roleAssignment",
        principal_id="ce2ce14e-85d7-4629-bdbc-454d0519d987",
        principal_type="User",
        role_assignment_name="05c5a614-a7d6-4502-b150-c2fb455033ff",
        role_definition_id="/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
        scope="subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const roleAssignment = new azure_native.authorization.RoleAssignment("roleAssignment", {
        principalId: "ce2ce14e-85d7-4629-bdbc-454d0519d987",
        principalType: "User",
        roleAssignmentName: "05c5a614-a7d6-4502-b150-c2fb455033ff",
        roleDefinitionId: "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
        scope: "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account",
    });
    
    resources:
      roleAssignment:
        type: azure-native:authorization:RoleAssignment
        properties:
          principalId: ce2ce14e-85d7-4629-bdbc-454d0519d987
          principalType: User
          roleAssignmentName: 05c5a614-a7d6-4502-b150-c2fb455033ff
          roleDefinitionId: /subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d
          scope: subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account
    

    Create role assignment for resource group

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var roleAssignment = new AzureNative.Authorization.RoleAssignment("roleAssignment", new()
        {
            PrincipalId = "ce2ce14e-85d7-4629-bdbc-454d0519d987",
            PrincipalType = "User",
            RoleAssignmentName = "05c5a614-a7d6-4502-b150-c2fb455033ff",
            RoleDefinitionId = "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
            Scope = "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := authorization.NewRoleAssignment(ctx, "roleAssignment", &authorization.RoleAssignmentArgs{
    			PrincipalId:        pulumi.String("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
    			PrincipalType:      pulumi.String("User"),
    			RoleAssignmentName: pulumi.String("05c5a614-a7d6-4502-b150-c2fb455033ff"),
    			RoleDefinitionId:   pulumi.String("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
    			Scope:              pulumi.String("subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.authorization.RoleAssignment;
    import com.pulumi.azurenative.authorization.RoleAssignmentArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var roleAssignment = new RoleAssignment("roleAssignment", RoleAssignmentArgs.builder()        
                .principalId("ce2ce14e-85d7-4629-bdbc-454d0519d987")
                .principalType("User")
                .roleAssignmentName("05c5a614-a7d6-4502-b150-c2fb455033ff")
                .roleDefinitionId("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d")
                .scope("subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    role_assignment = azure_native.authorization.RoleAssignment("roleAssignment",
        principal_id="ce2ce14e-85d7-4629-bdbc-454d0519d987",
        principal_type="User",
        role_assignment_name="05c5a614-a7d6-4502-b150-c2fb455033ff",
        role_definition_id="/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
        scope="subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const roleAssignment = new azure_native.authorization.RoleAssignment("roleAssignment", {
        principalId: "ce2ce14e-85d7-4629-bdbc-454d0519d987",
        principalType: "User",
        roleAssignmentName: "05c5a614-a7d6-4502-b150-c2fb455033ff",
        roleDefinitionId: "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
        scope: "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg",
    });
    
    resources:
      roleAssignment:
        type: azure-native:authorization:RoleAssignment
        properties:
          principalId: ce2ce14e-85d7-4629-bdbc-454d0519d987
          principalType: User
          roleAssignmentName: 05c5a614-a7d6-4502-b150-c2fb455033ff
          roleDefinitionId: /subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d
          scope: subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg
    

    Create role assignment for subscription

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var roleAssignment = new AzureNative.Authorization.RoleAssignment("roleAssignment", new()
        {
            PrincipalId = "ce2ce14e-85d7-4629-bdbc-454d0519d987",
            PrincipalType = "User",
            RoleAssignmentName = "05c5a614-a7d6-4502-b150-c2fb455033ff",
            RoleDefinitionId = "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
            Scope = "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := authorization.NewRoleAssignment(ctx, "roleAssignment", &authorization.RoleAssignmentArgs{
    			PrincipalId:        pulumi.String("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
    			PrincipalType:      pulumi.String("User"),
    			RoleAssignmentName: pulumi.String("05c5a614-a7d6-4502-b150-c2fb455033ff"),
    			RoleDefinitionId:   pulumi.String("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
    			Scope:              pulumi.String("subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.authorization.RoleAssignment;
    import com.pulumi.azurenative.authorization.RoleAssignmentArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var roleAssignment = new RoleAssignment("roleAssignment", RoleAssignmentArgs.builder()        
                .principalId("ce2ce14e-85d7-4629-bdbc-454d0519d987")
                .principalType("User")
                .roleAssignmentName("05c5a614-a7d6-4502-b150-c2fb455033ff")
                .roleDefinitionId("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d")
                .scope("subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    role_assignment = azure_native.authorization.RoleAssignment("roleAssignment",
        principal_id="ce2ce14e-85d7-4629-bdbc-454d0519d987",
        principal_type="User",
        role_assignment_name="05c5a614-a7d6-4502-b150-c2fb455033ff",
        role_definition_id="/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
        scope="subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const roleAssignment = new azure_native.authorization.RoleAssignment("roleAssignment", {
        principalId: "ce2ce14e-85d7-4629-bdbc-454d0519d987",
        principalType: "User",
        roleAssignmentName: "05c5a614-a7d6-4502-b150-c2fb455033ff",
        roleDefinitionId: "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
        scope: "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2",
    });
    
    resources:
      roleAssignment:
        type: azure-native:authorization:RoleAssignment
        properties:
          principalId: ce2ce14e-85d7-4629-bdbc-454d0519d987
          principalType: User
          roleAssignmentName: 05c5a614-a7d6-4502-b150-c2fb455033ff
          roleDefinitionId: /subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d
          scope: subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2
    

    Create RoleAssignment Resource

    new RoleAssignment(name: string, args: RoleAssignmentArgs, opts?: CustomResourceOptions);
    @overload
    def RoleAssignment(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       condition: Optional[str] = None,
                       condition_version: Optional[str] = None,
                       delegated_managed_identity_resource_id: Optional[str] = None,
                       description: Optional[str] = None,
                       principal_id: Optional[str] = None,
                       principal_type: Optional[Union[str, PrincipalType]] = None,
                       role_assignment_name: Optional[str] = None,
                       role_definition_id: Optional[str] = None,
                       scope: Optional[str] = None)
    @overload
    def RoleAssignment(resource_name: str,
                       args: RoleAssignmentArgs,
                       opts: Optional[ResourceOptions] = None)
    func NewRoleAssignment(ctx *Context, name string, args RoleAssignmentArgs, opts ...ResourceOption) (*RoleAssignment, error)
    public RoleAssignment(string name, RoleAssignmentArgs args, CustomResourceOptions? opts = null)
    public RoleAssignment(String name, RoleAssignmentArgs args)
    public RoleAssignment(String name, RoleAssignmentArgs args, CustomResourceOptions options)
    
    type: azure-native:authorization:RoleAssignment
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args RoleAssignmentArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args RoleAssignmentArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args RoleAssignmentArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args RoleAssignmentArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args RoleAssignmentArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    RoleAssignment Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The RoleAssignment resource accepts the following input properties:

    PrincipalId string

    The principal ID.

    RoleDefinitionId string

    The role definition ID.

    Scope string

    The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'

    Condition string

    The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'

    ConditionVersion string

    Version of the condition. Currently the only accepted value is '2.0'

    DelegatedManagedIdentityResourceId string

    Id of the delegated managed identity resource

    Description string

    Description of role assignment

    PrincipalType string | Pulumi.AzureNative.Authorization.PrincipalType

    The principal type of the assigned principal ID.

    RoleAssignmentName string

    The name of the role assignment. It can be any valid GUID.

    PrincipalId string

    The principal ID.

    RoleDefinitionId string

    The role definition ID.

    Scope string

    The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'

    Condition string

    The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'

    ConditionVersion string

    Version of the condition. Currently the only accepted value is '2.0'

    DelegatedManagedIdentityResourceId string

    Id of the delegated managed identity resource

    Description string

    Description of role assignment

    PrincipalType string | PrincipalType

    The principal type of the assigned principal ID.

    RoleAssignmentName string

    The name of the role assignment. It can be any valid GUID.

    principalId String

    The principal ID.

    roleDefinitionId String

    The role definition ID.

    scope String

    The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'

    condition String

    The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'

    conditionVersion String

    Version of the condition. Currently the only accepted value is '2.0'

    delegatedManagedIdentityResourceId String

    Id of the delegated managed identity resource

    description String

    Description of role assignment

    principalType String | PrincipalType

    The principal type of the assigned principal ID.

    roleAssignmentName String

    The name of the role assignment. It can be any valid GUID.

    principalId string

    The principal ID.

    roleDefinitionId string

    The role definition ID.

    scope string

    The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'

    condition string

    The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'

    conditionVersion string

    Version of the condition. Currently the only accepted value is '2.0'

    delegatedManagedIdentityResourceId string

    Id of the delegated managed identity resource

    description string

    Description of role assignment

    principalType string | PrincipalType

    The principal type of the assigned principal ID.

    roleAssignmentName string

    The name of the role assignment. It can be any valid GUID.

    principal_id str

    The principal ID.

    role_definition_id str

    The role definition ID.

    scope str

    The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'

    condition str

    The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'

    condition_version str

    Version of the condition. Currently the only accepted value is '2.0'

    delegated_managed_identity_resource_id str

    Id of the delegated managed identity resource

    description str

    Description of role assignment

    principal_type str | PrincipalType

    The principal type of the assigned principal ID.

    role_assignment_name str

    The name of the role assignment. It can be any valid GUID.

    principalId String

    The principal ID.

    roleDefinitionId String

    The role definition ID.

    scope String

    The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'

    condition String

    The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'

    conditionVersion String

    Version of the condition. Currently the only accepted value is '2.0'

    delegatedManagedIdentityResourceId String

    Id of the delegated managed identity resource

    description String

    Description of role assignment

    principalType String | "User" | "Group" | "ServicePrincipal" | "ForeignGroup" | "Device"

    The principal type of the assigned principal ID.

    roleAssignmentName String

    The name of the role assignment. It can be any valid GUID.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the RoleAssignment resource produces the following output properties:

    CreatedBy string

    Id of the user who created the assignment

    CreatedOn string

    Time it was created

    Id string

    The provider-assigned unique ID for this managed resource.

    Name string

    The role assignment name.

    Type string

    The role assignment type.

    UpdatedBy string

    Id of the user who updated the assignment

    UpdatedOn string

    Time it was updated

    CreatedBy string

    Id of the user who created the assignment

    CreatedOn string

    Time it was created

    Id string

    The provider-assigned unique ID for this managed resource.

    Name string

    The role assignment name.

    Type string

    The role assignment type.

    UpdatedBy string

    Id of the user who updated the assignment

    UpdatedOn string

    Time it was updated

    createdBy String

    Id of the user who created the assignment

    createdOn String

    Time it was created

    id String

    The provider-assigned unique ID for this managed resource.

    name String

    The role assignment name.

    type String

    The role assignment type.

    updatedBy String

    Id of the user who updated the assignment

    updatedOn String

    Time it was updated

    createdBy string

    Id of the user who created the assignment

    createdOn string

    Time it was created

    id string

    The provider-assigned unique ID for this managed resource.

    name string

    The role assignment name.

    type string

    The role assignment type.

    updatedBy string

    Id of the user who updated the assignment

    updatedOn string

    Time it was updated

    created_by str

    Id of the user who created the assignment

    created_on str

    Time it was created

    id str

    The provider-assigned unique ID for this managed resource.

    name str

    The role assignment name.

    type str

    The role assignment type.

    updated_by str

    Id of the user who updated the assignment

    updated_on str

    Time it was updated

    createdBy String

    Id of the user who created the assignment

    createdOn String

    Time it was created

    id String

    The provider-assigned unique ID for this managed resource.

    name String

    The role assignment name.

    type String

    The role assignment type.

    updatedBy String

    Id of the user who updated the assignment

    updatedOn String

    Time it was updated

    Supporting Types

    PrincipalType, PrincipalTypeArgs

    User
    User
    Group
    Group
    ServicePrincipal
    ServicePrincipal
    ForeignGroup
    ForeignGroup
    Device
    Device
    PrincipalTypeUser
    User
    PrincipalTypeGroup
    Group
    PrincipalTypeServicePrincipal
    ServicePrincipal
    PrincipalTypeForeignGroup
    ForeignGroup
    PrincipalTypeDevice
    Device
    User
    User
    Group
    Group
    ServicePrincipal
    ServicePrincipal
    ForeignGroup
    ForeignGroup
    Device
    Device
    User
    User
    Group
    Group
    ServicePrincipal
    ServicePrincipal
    ForeignGroup
    ForeignGroup
    Device
    Device
    USER
    User
    GROUP
    Group
    SERVICE_PRINCIPAL
    ServicePrincipal
    FOREIGN_GROUP
    ForeignGroup
    DEVICE
    Device
    "User"
    User
    "Group"
    Group
    "ServicePrincipal"
    ServicePrincipal
    "ForeignGroup"
    ForeignGroup
    "Device"
    Device

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:authorization:RoleAssignment 05c5a614-a7d6-4502-b150-c2fb455033ff /{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName} 
    

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.20.0 published on Wednesday, Nov 29, 2023 by Pulumi