Docs
Packagesazure-native.authorization.RoleDefinition
Explore with Pulumi AI
Role definition. Azure REST API version: 2022-05-01-preview. Prior API version in Azure Native 1.x: 2018-01-01-preview
Example Usage
Create role definition
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var roleDefinition = new AzureNative.Authorization.RoleDefinition("roleDefinition", new()
{
RoleDefinitionId = "roleDefinitionId",
Scope = "scope",
});
});
package main
import (
"github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewRoleDefinition(ctx, "roleDefinition", &authorization.RoleDefinitionArgs{
RoleDefinitionId: pulumi.String("roleDefinitionId"),
Scope: pulumi.String("scope"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.RoleDefinition;
import com.pulumi.azurenative.authorization.RoleDefinitionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var roleDefinition = new RoleDefinition("roleDefinition", RoleDefinitionArgs.builder()
.roleDefinitionId("roleDefinitionId")
.scope("scope")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
role_definition = azure_native.authorization.RoleDefinition("roleDefinition",
role_definition_id="roleDefinitionId",
scope="scope")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const roleDefinition = new azure_native.authorization.RoleDefinition("roleDefinition", {
roleDefinitionId: "roleDefinitionId",
scope: "scope",
});
resources:
roleDefinition:
type: azure-native:authorization:RoleDefinition
properties:
roleDefinitionId: roleDefinitionId
scope: scope
Create RoleDefinition Resource
new RoleDefinition(name: string, args: RoleDefinitionArgs, opts?: CustomResourceOptions);@overload
def RoleDefinition(resource_name: str,
opts: Optional[ResourceOptions] = None,
assignable_scopes: Optional[Sequence[str]] = None,
description: Optional[str] = None,
permissions: Optional[Sequence[PermissionArgs]] = None,
role_definition_id: Optional[str] = None,
role_name: Optional[str] = None,
role_type: Optional[str] = None,
scope: Optional[str] = None)
@overload
def RoleDefinition(resource_name: str,
args: RoleDefinitionArgs,
opts: Optional[ResourceOptions] = None)func NewRoleDefinition(ctx *Context, name string, args RoleDefinitionArgs, opts ...ResourceOption) (*RoleDefinition, error)public RoleDefinition(string name, RoleDefinitionArgs args, CustomResourceOptions? opts = null)
public RoleDefinition(String name, RoleDefinitionArgs args)
public RoleDefinition(String name, RoleDefinitionArgs args, CustomResourceOptions options)
type: azure-native:authorization:RoleDefinition
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RoleDefinitionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RoleDefinitionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RoleDefinitionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RoleDefinitionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RoleDefinitionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
RoleDefinition Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The RoleDefinition resource accepts the following input properties:
- Scope string
The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- Assignable
Scopes List<string> Role definition assignable scopes.
- Description string
The role definition description.
- Permissions
List<Pulumi.
Azure Native. Authorization. Inputs. Permission> Role definition permissions.
- Role
Definition stringId The ID of the role definition.
- Role
Name string The role name.
- Role
Type string The role type.
- Scope string
The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- Assignable
Scopes []string Role definition assignable scopes.
- Description string
The role definition description.
- Permissions
[]Permission
Args Role definition permissions.
- Role
Definition stringId The ID of the role definition.
- Role
Name string The role name.
- Role
Type string The role type.
- scope String
The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- assignable
Scopes List<String> Role definition assignable scopes.
- description String
The role definition description.
- permissions List<Permission>
Role definition permissions.
- role
Definition StringId The ID of the role definition.
- role
Name String The role name.
- role
Type String The role type.
- scope string
The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- assignable
Scopes string[] Role definition assignable scopes.
- description string
The role definition description.
- permissions Permission[]
Role definition permissions.
- role
Definition stringId The ID of the role definition.
- role
Name string The role name.
- role
Type string The role type.
- scope str
The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- assignable_
scopes Sequence[str] Role definition assignable scopes.
- description str
The role definition description.
- permissions
Sequence[Permission
Args] Role definition permissions.
- role_
definition_ strid The ID of the role definition.
- role_
name str The role name.
- role_
type str The role type.
- scope String
The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- assignable
Scopes List<String> Role definition assignable scopes.
- description String
The role definition description.
- permissions List<Property Map>
Role definition permissions.
- role
Definition StringId The ID of the role definition.
- role
Name String The role name.
- role
Type String The role type.
Outputs
All input properties are implicitly available as output properties. Additionally, the RoleDefinition resource produces the following output properties:
- Created
By string Id of the user who created the assignment
- Created
On string Time it was created
- Id string
The provider-assigned unique ID for this managed resource.
- Name string
The role definition name.
- Type string
The role definition type.
- Updated
By string Id of the user who updated the assignment
- Updated
On string Time it was updated
- Created
By string Id of the user who created the assignment
- Created
On string Time it was created
- Id string
The provider-assigned unique ID for this managed resource.
- Name string
The role definition name.
- Type string
The role definition type.
- Updated
By string Id of the user who updated the assignment
- Updated
On string Time it was updated
- created
By String Id of the user who created the assignment
- created
On String Time it was created
- id String
The provider-assigned unique ID for this managed resource.
- name String
The role definition name.
- type String
The role definition type.
- updated
By String Id of the user who updated the assignment
- updated
On String Time it was updated
- created
By string Id of the user who created the assignment
- created
On string Time it was created
- id string
The provider-assigned unique ID for this managed resource.
- name string
The role definition name.
- type string
The role definition type.
- updated
By string Id of the user who updated the assignment
- updated
On string Time it was updated
- created_
by str Id of the user who created the assignment
- created_
on str Time it was created
- id str
The provider-assigned unique ID for this managed resource.
- name str
The role definition name.
- type str
The role definition type.
- updated_
by str Id of the user who updated the assignment
- updated_
on str Time it was updated
- created
By String Id of the user who created the assignment
- created
On String Time it was created
- id String
The provider-assigned unique ID for this managed resource.
- name String
The role definition name.
- type String
The role definition type.
- updated
By String Id of the user who updated the assignment
- updated
On String Time it was updated
Supporting Types
Permission, PermissionArgs
- Actions List<string>
Allowed actions.
- Data
Actions List<string> Allowed Data actions.
- Not
Actions List<string> Denied actions.
- Not
Data List<string>Actions Denied Data actions.
- Actions []string
Allowed actions.
- Data
Actions []string Allowed Data actions.
- Not
Actions []string Denied actions.
- Not
Data []stringActions Denied Data actions.
- actions List<String>
Allowed actions.
- data
Actions List<String> Allowed Data actions.
- not
Actions List<String> Denied actions.
- not
Data List<String>Actions Denied Data actions.
- actions string[]
Allowed actions.
- data
Actions string[] Allowed Data actions.
- not
Actions string[] Denied actions.
- not
Data string[]Actions Denied Data actions.
- actions Sequence[str]
Allowed actions.
- data_
actions Sequence[str] Allowed Data actions.
- not_
actions Sequence[str] Denied actions.
- not_
data_ Sequence[str]actions Denied Data actions.
- actions List<String>
Allowed actions.
- data
Actions List<String> Allowed Data actions.
- not
Actions List<String> Denied actions.
- not
Data List<String>Actions Denied Data actions.
PermissionResponse, PermissionResponseArgs
- Condition string
The conditions on the role definition. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
- Condition
Version string Version of the condition. Currently the only accepted value is '2.0'
- Actions List<string>
Allowed actions.
- Data
Actions List<string> Allowed Data actions.
- Not
Actions List<string> Denied actions.
- Not
Data List<string>Actions Denied Data actions.
- Condition string
The conditions on the role definition. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
- Condition
Version string Version of the condition. Currently the only accepted value is '2.0'
- Actions []string
Allowed actions.
- Data
Actions []string Allowed Data actions.
- Not
Actions []string Denied actions.
- Not
Data []stringActions Denied Data actions.
- condition String
The conditions on the role definition. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
- condition
Version String Version of the condition. Currently the only accepted value is '2.0'
- actions List<String>
Allowed actions.
- data
Actions List<String> Allowed Data actions.
- not
Actions List<String> Denied actions.
- not
Data List<String>Actions Denied Data actions.
- condition string
The conditions on the role definition. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
- condition
Version string Version of the condition. Currently the only accepted value is '2.0'
- actions string[]
Allowed actions.
- data
Actions string[] Allowed Data actions.
- not
Actions string[] Denied actions.
- not
Data string[]Actions Denied Data actions.
- condition str
The conditions on the role definition. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
- condition_
version str Version of the condition. Currently the only accepted value is '2.0'
- actions Sequence[str]
Allowed actions.
- data_
actions Sequence[str] Allowed Data actions.
- not_
actions Sequence[str] Denied actions.
- not_
data_ Sequence[str]actions Denied Data actions.
- condition String
The conditions on the role definition. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
- condition
Version String Version of the condition. Currently the only accepted value is '2.0'
- actions List<String>
Allowed actions.
- data
Actions List<String> Allowed Data actions.
- not
Actions List<String> Denied actions.
- not
Data List<String>Actions Denied Data actions.
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:authorization:RoleDefinition roleDefinitionId /{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionId}
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0