We recommend using Azure Native.
Azure v6.28.0 published on Friday, Oct 3, 2025 by Pulumi
azure.pim.getRoleAssignments
Use this data source to access information about existing Role Assignments.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const exampleResourceGroup = new azure.core.ResourceGroup("example", {
name: "example",
location: "West Europe",
});
const example = azure.pim.getRoleAssignmentsOutput({
scope: exampleResourceGroup.id,
});
export const id = example.apply(example => example.roleAssignments);
import pulumi
import pulumi_azure as azure
example_resource_group = azure.core.ResourceGroup("example",
name="example",
location="West Europe")
example = azure.pim.get_role_assignments_output(scope=example_resource_group.id)
pulumi.export("id", example.role_assignments)
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/pim"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleResourceGroup, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
example := pim.GetRoleAssignmentsOutput(ctx, pim.GetRoleAssignmentsOutputArgs{
Scope: exampleResourceGroup.ID(),
}, nil)
ctx.Export("id", example.ApplyT(func(example pim.GetRoleAssignmentsResult) ([]pim.GetRoleAssignmentsRoleAssignment, error) {
return []pim.GetRoleAssignmentsRoleAssignment(example.RoleAssignments), nil
}).([]pim.GetRoleAssignmentsRoleAssignmentOutput))
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var exampleResourceGroup = new Azure.Core.ResourceGroup("example", new()
{
Name = "example",
Location = "West Europe",
});
var example = Azure.Pim.GetRoleAssignments.Invoke(new()
{
Scope = exampleResourceGroup.Id,
});
return new Dictionary<string, object?>
{
["id"] = example.Apply(getRoleAssignmentsResult => getRoleAssignmentsResult.RoleAssignments),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.pim.PimFunctions;
import com.pulumi.azure.pim.inputs.GetRoleAssignmentsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
.name("example")
.location("West Europe")
.build());
final var example = PimFunctions.getRoleAssignments(GetRoleAssignmentsArgs.builder()
.scope(exampleResourceGroup.id())
.build());
ctx.export("id", example.applyValue(_example -> _example.roleAssignments()));
}
}
resources:
exampleResourceGroup:
type: azure:core:ResourceGroup
name: example
properties:
name: example
location: West Europe
variables:
example:
fn::invoke:
function: azure:pim:getRoleAssignments
arguments:
scope: ${exampleResourceGroup.id}
outputs:
id: ${example.roleAssignments}
API Providers
This data source uses the following Azure API Providers:
Microsoft.Authorization- 2022-04-01
Using getRoleAssignments
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getRoleAssignments(args: GetRoleAssignmentsArgs, opts?: InvokeOptions): Promise<GetRoleAssignmentsResult>
function getRoleAssignmentsOutput(args: GetRoleAssignmentsOutputArgs, opts?: InvokeOptions): Output<GetRoleAssignmentsResult>def get_role_assignments(limit_at_scope: Optional[bool] = None,
principal_id: Optional[str] = None,
scope: Optional[str] = None,
tenant_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetRoleAssignmentsResult
def get_role_assignments_output(limit_at_scope: Optional[pulumi.Input[bool]] = None,
principal_id: Optional[pulumi.Input[str]] = None,
scope: Optional[pulumi.Input[str]] = None,
tenant_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetRoleAssignmentsResult]func GetRoleAssignments(ctx *Context, args *GetRoleAssignmentsArgs, opts ...InvokeOption) (*GetRoleAssignmentsResult, error)
func GetRoleAssignmentsOutput(ctx *Context, args *GetRoleAssignmentsOutputArgs, opts ...InvokeOption) GetRoleAssignmentsResultOutput> Note: This function is named GetRoleAssignments in the Go SDK.
public static class GetRoleAssignments
{
public static Task<GetRoleAssignmentsResult> InvokeAsync(GetRoleAssignmentsArgs args, InvokeOptions? opts = null)
public static Output<GetRoleAssignmentsResult> Invoke(GetRoleAssignmentsInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetRoleAssignmentsResult> getRoleAssignments(GetRoleAssignmentsArgs args, InvokeOptions options)
public static Output<GetRoleAssignmentsResult> getRoleAssignments(GetRoleAssignmentsArgs args, InvokeOptions options)
fn::invoke:
function: azure:pim/getRoleAssignments:getRoleAssignments
arguments:
# arguments dictionaryThe following arguments are supported:
- Scope string
- The scope at which to list Role Assignments.
- Limit
At boolScope - Whether to limit the result exactly at the specified scope and not above or below it. Defaults to
false. - Principal
Id string - The principal ID to filter the list of Role Assignments against.
- Tenant
Id string - The tenant ID for cross-tenant requests.
- Scope string
- The scope at which to list Role Assignments.
- Limit
At boolScope - Whether to limit the result exactly at the specified scope and not above or below it. Defaults to
false. - Principal
Id string - The principal ID to filter the list of Role Assignments against.
- Tenant
Id string - The tenant ID for cross-tenant requests.
- scope String
- The scope at which to list Role Assignments.
- limit
At BooleanScope - Whether to limit the result exactly at the specified scope and not above or below it. Defaults to
false. - principal
Id String - The principal ID to filter the list of Role Assignments against.
- tenant
Id String - The tenant ID for cross-tenant requests.
- scope string
- The scope at which to list Role Assignments.
- limit
At booleanScope - Whether to limit the result exactly at the specified scope and not above or below it. Defaults to
false. - principal
Id string - The principal ID to filter the list of Role Assignments against.
- tenant
Id string - The tenant ID for cross-tenant requests.
- scope str
- The scope at which to list Role Assignments.
- limit_
at_ boolscope - Whether to limit the result exactly at the specified scope and not above or below it. Defaults to
false. - principal_
id str - The principal ID to filter the list of Role Assignments against.
- tenant_
id str - The tenant ID for cross-tenant requests.
- scope String
- The scope at which to list Role Assignments.
- limit
At BooleanScope - Whether to limit the result exactly at the specified scope and not above or below it. Defaults to
false. - principal
Id String - The principal ID to filter the list of Role Assignments against.
- tenant
Id String - The tenant ID for cross-tenant requests.
getRoleAssignments Result
The following output properties are available:
- Id string
- The provider-assigned unique ID for this managed resource.
- Role
Assignments List<GetRole Assignments Role Assignment> - A
role_assignmentsblock as defined below. - Scope string
- Limit
At boolScope - Principal
Id string - The principal ID.
- Tenant
Id string
- Id string
- The provider-assigned unique ID for this managed resource.
- Role
Assignments []GetRole Assignments Role Assignment - A
role_assignmentsblock as defined below. - Scope string
- Limit
At boolScope - Principal
Id string - The principal ID.
- Tenant
Id string
- id String
- The provider-assigned unique ID for this managed resource.
- role
Assignments List<GetRole Assignments Role Assignment> - A
role_assignmentsblock as defined below. - scope String
- limit
At BooleanScope - principal
Id String - The principal ID.
- tenant
Id String
- id string
- The provider-assigned unique ID for this managed resource.
- role
Assignments GetRole Assignments Role Assignment[] - A
role_assignmentsblock as defined below. - scope string
- limit
At booleanScope - principal
Id string - The principal ID.
- tenant
Id string
- id str
- The provider-assigned unique ID for this managed resource.
- role_
assignments Sequence[GetRole Assignments Role Assignment] - A
role_assignmentsblock as defined below. - scope str
- limit_
at_ boolscope - principal_
id str - The principal ID.
- tenant_
id str
- id String
- The provider-assigned unique ID for this managed resource.
- role
Assignments List<Property Map> - A
role_assignmentsblock as defined below. - scope String
- limit
At BooleanScope - principal
Id String - The principal ID.
- tenant
Id String
Supporting Types
GetRoleAssignmentsRoleAssignment
- Condition string
- The condition that limits the resource the role can be assigned to.
- Condition
Version string - The version of the condition.
- Delegated
Managed stringIdentity Resource Id - The ID of the delegated managed identity resource.
- Description string
- The description for this Role Assignment.
- Principal
Id string - The principal ID to filter the list of Role Assignments against.
- Principal
Type string - The type of the
principal_id. - Role
Assignment stringId - The ID of the Role Assignment.
- Role
Assignment stringName - The name of the Role Assignment.
- Role
Assignment stringScope - The scope of the Role Assignment.
- Role
Definition stringId - The ID of the Role Definition.
- Condition string
- The condition that limits the resource the role can be assigned to.
- Condition
Version string - The version of the condition.
- Delegated
Managed stringIdentity Resource Id - The ID of the delegated managed identity resource.
- Description string
- The description for this Role Assignment.
- Principal
Id string - The principal ID to filter the list of Role Assignments against.
- Principal
Type string - The type of the
principal_id. - Role
Assignment stringId - The ID of the Role Assignment.
- Role
Assignment stringName - The name of the Role Assignment.
- Role
Assignment stringScope - The scope of the Role Assignment.
- Role
Definition stringId - The ID of the Role Definition.
- condition String
- The condition that limits the resource the role can be assigned to.
- condition
Version String - The version of the condition.
- delegated
Managed StringIdentity Resource Id - The ID of the delegated managed identity resource.
- description String
- The description for this Role Assignment.
- principal
Id String - The principal ID to filter the list of Role Assignments against.
- principal
Type String - The type of the
principal_id. - role
Assignment StringId - The ID of the Role Assignment.
- role
Assignment StringName - The name of the Role Assignment.
- role
Assignment StringScope - The scope of the Role Assignment.
- role
Definition StringId - The ID of the Role Definition.
- condition string
- The condition that limits the resource the role can be assigned to.
- condition
Version string - The version of the condition.
- delegated
Managed stringIdentity Resource Id - The ID of the delegated managed identity resource.
- description string
- The description for this Role Assignment.
- principal
Id string - The principal ID to filter the list of Role Assignments against.
- principal
Type string - The type of the
principal_id. - role
Assignment stringId - The ID of the Role Assignment.
- role
Assignment stringName - The name of the Role Assignment.
- role
Assignment stringScope - The scope of the Role Assignment.
- role
Definition stringId - The ID of the Role Definition.
- condition str
- The condition that limits the resource the role can be assigned to.
- condition_
version str - The version of the condition.
- delegated_
managed_ stridentity_ resource_ id - The ID of the delegated managed identity resource.
- description str
- The description for this Role Assignment.
- principal_
id str - The principal ID to filter the list of Role Assignments against.
- principal_
type str - The type of the
principal_id. - role_
assignment_ strid - The ID of the Role Assignment.
- role_
assignment_ strname - The name of the Role Assignment.
- role_
assignment_ strscope - The scope of the Role Assignment.
- role_
definition_ strid - The ID of the Role Definition.
- condition String
- The condition that limits the resource the role can be assigned to.
- condition
Version String - The version of the condition.
- delegated
Managed StringIdentity Resource Id - The ID of the delegated managed identity resource.
- description String
- The description for this Role Assignment.
- principal
Id String - The principal ID to filter the list of Role Assignments against.
- principal
Type String - The type of the
principal_id. - role
Assignment StringId - The ID of the Role Assignment.
- role
Assignment StringName - The name of the Role Assignment.
- role
Assignment StringScope - The scope of the Role Assignment.
- role
Definition StringId - The ID of the Role Definition.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.
