1. Packages
  2. Azure Active Directory (Azure AD)
  3. API Docs
  4. AccessPackageAssignmentPolicy
Azure Active Directory (Azure AD) v5.42.0 published on Friday, Sep 22, 2023 by Pulumi

azuread.AccessPackageAssignmentPolicy

Explore with Pulumi AI

azuread logo
Azure Active Directory (Azure AD) v5.42.0 published on Friday, Sep 22, 2023 by Pulumi

    Manages an assignment policy for an access package within Identity Governance in Azure Active Directory.

    API Permissions

    The following API permissions are required in order to use this resource.

    When authenticated with a service principal, this resource requires the following application role: EntitlementManagement.ReadWrite.All.

    When authenticated with a user principal, this resource requires Global Administrator directory role, or one of the Catalog Owner and Access Package Manager role in Identity Governance.

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureAD = Pulumi.AzureAD;
    
    return await Deployment.RunAsync(() => 
    {
        var exampleGroup = new AzureAD.Group("exampleGroup", new()
        {
            DisplayName = "group-name",
            SecurityEnabled = true,
        });
    
        var exampleAccessPackageCatalog = new AzureAD.AccessPackageCatalog("exampleAccessPackageCatalog", new()
        {
            DisplayName = "example-catalog",
            Description = "Example catalog",
        });
    
        var exampleAccessPackage = new AzureAD.AccessPackage("exampleAccessPackage", new()
        {
            CatalogId = exampleAccessPackageCatalog.Id,
            DisplayName = "access-package",
            Description = "Access Package",
        });
    
        var exampleAccessPackageAssignmentPolicy = new AzureAD.AccessPackageAssignmentPolicy("exampleAccessPackageAssignmentPolicy", new()
        {
            AccessPackageId = exampleAccessPackage.Id,
            DisplayName = "assignment-policy",
            Description = "My assignment policy",
            DurationInDays = 90,
            RequestorSettings = new AzureAD.Inputs.AccessPackageAssignmentPolicyRequestorSettingsArgs
            {
                ScopeType = "AllExistingDirectoryMemberUsers",
            },
            ApprovalSettings = new AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsArgs
            {
                ApprovalRequired = true,
                ApprovalStages = new[]
                {
                    new AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs
                    {
                        ApprovalTimeoutInDays = 14,
                        PrimaryApprovers = new[]
                        {
                            new AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs
                            {
                                ObjectId = exampleGroup.ObjectId,
                                SubjectType = "groupMembers",
                            },
                        },
                    },
                },
            },
            AssignmentReviewSettings = new AzureAD.Inputs.AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs
            {
                Enabled = true,
                ReviewFrequency = "weekly",
                DurationInDays = 3,
                ReviewType = "Self",
                AccessReviewTimeoutBehavior = "keepAccess",
            },
            Questions = new[]
            {
                new AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionArgs
                {
                    Text = new AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionTextArgs
                    {
                        DefaultText = "hello, how are you?",
                    },
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		exampleGroup, err := azuread.NewGroup(ctx, "exampleGroup", &azuread.GroupArgs{
    			DisplayName:     pulumi.String("group-name"),
    			SecurityEnabled: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		exampleAccessPackageCatalog, err := azuread.NewAccessPackageCatalog(ctx, "exampleAccessPackageCatalog", &azuread.AccessPackageCatalogArgs{
    			DisplayName: pulumi.String("example-catalog"),
    			Description: pulumi.String("Example catalog"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleAccessPackage, err := azuread.NewAccessPackage(ctx, "exampleAccessPackage", &azuread.AccessPackageArgs{
    			CatalogId:   exampleAccessPackageCatalog.ID(),
    			DisplayName: pulumi.String("access-package"),
    			Description: pulumi.String("Access Package"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = azuread.NewAccessPackageAssignmentPolicy(ctx, "exampleAccessPackageAssignmentPolicy", &azuread.AccessPackageAssignmentPolicyArgs{
    			AccessPackageId: exampleAccessPackage.ID(),
    			DisplayName:     pulumi.String("assignment-policy"),
    			Description:     pulumi.String("My assignment policy"),
    			DurationInDays:  pulumi.Int(90),
    			RequestorSettings: &azuread.AccessPackageAssignmentPolicyRequestorSettingsArgs{
    				ScopeType: pulumi.String("AllExistingDirectoryMemberUsers"),
    			},
    			ApprovalSettings: &azuread.AccessPackageAssignmentPolicyApprovalSettingsArgs{
    				ApprovalRequired: pulumi.Bool(true),
    				ApprovalStages: azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArray{
    					&azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs{
    						ApprovalTimeoutInDays: pulumi.Int(14),
    						PrimaryApprovers: azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArray{
    							&azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs{
    								ObjectId:    exampleGroup.ObjectId,
    								SubjectType: pulumi.String("groupMembers"),
    							},
    						},
    					},
    				},
    			},
    			AssignmentReviewSettings: &azuread.AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs{
    				Enabled:                     pulumi.Bool(true),
    				ReviewFrequency:             pulumi.String("weekly"),
    				DurationInDays:              pulumi.Int(3),
    				ReviewType:                  pulumi.String("Self"),
    				AccessReviewTimeoutBehavior: pulumi.String("keepAccess"),
    			},
    			Questions: azuread.AccessPackageAssignmentPolicyQuestionArray{
    				&azuread.AccessPackageAssignmentPolicyQuestionArgs{
    					Text: &azuread.AccessPackageAssignmentPolicyQuestionTextArgs{
    						DefaultText: pulumi.String("hello, how are you?"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azuread.Group;
    import com.pulumi.azuread.GroupArgs;
    import com.pulumi.azuread.AccessPackageCatalog;
    import com.pulumi.azuread.AccessPackageCatalogArgs;
    import com.pulumi.azuread.AccessPackage;
    import com.pulumi.azuread.AccessPackageArgs;
    import com.pulumi.azuread.AccessPackageAssignmentPolicy;
    import com.pulumi.azuread.AccessPackageAssignmentPolicyArgs;
    import com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyRequestorSettingsArgs;
    import com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyApprovalSettingsArgs;
    import com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs;
    import com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyQuestionArgs;
    import com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyQuestionTextArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var exampleGroup = new Group("exampleGroup", GroupArgs.builder()        
                .displayName("group-name")
                .securityEnabled(true)
                .build());
    
            var exampleAccessPackageCatalog = new AccessPackageCatalog("exampleAccessPackageCatalog", AccessPackageCatalogArgs.builder()        
                .displayName("example-catalog")
                .description("Example catalog")
                .build());
    
            var exampleAccessPackage = new AccessPackage("exampleAccessPackage", AccessPackageArgs.builder()        
                .catalogId(exampleAccessPackageCatalog.id())
                .displayName("access-package")
                .description("Access Package")
                .build());
    
            var exampleAccessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy("exampleAccessPackageAssignmentPolicy", AccessPackageAssignmentPolicyArgs.builder()        
                .accessPackageId(exampleAccessPackage.id())
                .displayName("assignment-policy")
                .description("My assignment policy")
                .durationInDays(90)
                .requestorSettings(AccessPackageAssignmentPolicyRequestorSettingsArgs.builder()
                    .scopeType("AllExistingDirectoryMemberUsers")
                    .build())
                .approvalSettings(AccessPackageAssignmentPolicyApprovalSettingsArgs.builder()
                    .approvalRequired(true)
                    .approvalStages(AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs.builder()
                        .approvalTimeoutInDays(14)
                        .primaryApprovers(AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs.builder()
                            .objectId(exampleGroup.objectId())
                            .subjectType("groupMembers")
                            .build())
                        .build())
                    .build())
                .assignmentReviewSettings(AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs.builder()
                    .enabled(true)
                    .reviewFrequency("weekly")
                    .durationInDays(3)
                    .reviewType("Self")
                    .accessReviewTimeoutBehavior("keepAccess")
                    .build())
                .questions(AccessPackageAssignmentPolicyQuestionArgs.builder()
                    .text(AccessPackageAssignmentPolicyQuestionTextArgs.builder()
                        .defaultText("hello, how are you?")
                        .build())
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azuread as azuread
    
    example_group = azuread.Group("exampleGroup",
        display_name="group-name",
        security_enabled=True)
    example_access_package_catalog = azuread.AccessPackageCatalog("exampleAccessPackageCatalog",
        display_name="example-catalog",
        description="Example catalog")
    example_access_package = azuread.AccessPackage("exampleAccessPackage",
        catalog_id=example_access_package_catalog.id,
        display_name="access-package",
        description="Access Package")
    example_access_package_assignment_policy = azuread.AccessPackageAssignmentPolicy("exampleAccessPackageAssignmentPolicy",
        access_package_id=example_access_package.id,
        display_name="assignment-policy",
        description="My assignment policy",
        duration_in_days=90,
        requestor_settings=azuread.AccessPackageAssignmentPolicyRequestorSettingsArgs(
            scope_type="AllExistingDirectoryMemberUsers",
        ),
        approval_settings=azuread.AccessPackageAssignmentPolicyApprovalSettingsArgs(
            approval_required=True,
            approval_stages=[azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs(
                approval_timeout_in_days=14,
                primary_approvers=[azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs(
                    object_id=example_group.object_id,
                    subject_type="groupMembers",
                )],
            )],
        ),
        assignment_review_settings=azuread.AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs(
            enabled=True,
            review_frequency="weekly",
            duration_in_days=3,
            review_type="Self",
            access_review_timeout_behavior="keepAccess",
        ),
        questions=[azuread.AccessPackageAssignmentPolicyQuestionArgs(
            text=azuread.AccessPackageAssignmentPolicyQuestionTextArgs(
                default_text="hello, how are you?",
            ),
        )])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azuread from "@pulumi/azuread";
    
    const exampleGroup = new azuread.Group("exampleGroup", {
        displayName: "group-name",
        securityEnabled: true,
    });
    const exampleAccessPackageCatalog = new azuread.AccessPackageCatalog("exampleAccessPackageCatalog", {
        displayName: "example-catalog",
        description: "Example catalog",
    });
    const exampleAccessPackage = new azuread.AccessPackage("exampleAccessPackage", {
        catalogId: exampleAccessPackageCatalog.id,
        displayName: "access-package",
        description: "Access Package",
    });
    const exampleAccessPackageAssignmentPolicy = new azuread.AccessPackageAssignmentPolicy("exampleAccessPackageAssignmentPolicy", {
        accessPackageId: exampleAccessPackage.id,
        displayName: "assignment-policy",
        description: "My assignment policy",
        durationInDays: 90,
        requestorSettings: {
            scopeType: "AllExistingDirectoryMemberUsers",
        },
        approvalSettings: {
            approvalRequired: true,
            approvalStages: [{
                approvalTimeoutInDays: 14,
                primaryApprovers: [{
                    objectId: exampleGroup.objectId,
                    subjectType: "groupMembers",
                }],
            }],
        },
        assignmentReviewSettings: {
            enabled: true,
            reviewFrequency: "weekly",
            durationInDays: 3,
            reviewType: "Self",
            accessReviewTimeoutBehavior: "keepAccess",
        },
        questions: [{
            text: {
                defaultText: "hello, how are you?",
            },
        }],
    });
    
    resources:
      exampleGroup:
        type: azuread:Group
        properties:
          displayName: group-name
          securityEnabled: true
      exampleAccessPackageCatalog:
        type: azuread:AccessPackageCatalog
        properties:
          displayName: example-catalog
          description: Example catalog
      exampleAccessPackage:
        type: azuread:AccessPackage
        properties:
          catalogId: ${exampleAccessPackageCatalog.id}
          displayName: access-package
          description: Access Package
      exampleAccessPackageAssignmentPolicy:
        type: azuread:AccessPackageAssignmentPolicy
        properties:
          accessPackageId: ${exampleAccessPackage.id}
          displayName: assignment-policy
          description: My assignment policy
          durationInDays: 90
          requestorSettings:
            scopeType: AllExistingDirectoryMemberUsers
          approvalSettings:
            approvalRequired: true
            approvalStages:
              - approvalTimeoutInDays: 14
                primaryApprovers:
                  - objectId: ${exampleGroup.objectId}
                    subjectType: groupMembers
          assignmentReviewSettings:
            enabled: true
            reviewFrequency: weekly
            durationInDays: 3
            reviewType: Self
            accessReviewTimeoutBehavior: keepAccess
          questions:
            - text:
                defaultText: hello, how are you?
    

    Create AccessPackageAssignmentPolicy Resource

    new AccessPackageAssignmentPolicy(name: string, args: AccessPackageAssignmentPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def AccessPackageAssignmentPolicy(resource_name: str,
                                      opts: Optional[ResourceOptions] = None,
                                      access_package_id: Optional[str] = None,
                                      approval_settings: Optional[AccessPackageAssignmentPolicyApprovalSettingsArgs] = None,
                                      assignment_review_settings: Optional[AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs] = None,
                                      description: Optional[str] = None,
                                      display_name: Optional[str] = None,
                                      duration_in_days: Optional[int] = None,
                                      expiration_date: Optional[str] = None,
                                      extension_enabled: Optional[bool] = None,
                                      questions: Optional[Sequence[AccessPackageAssignmentPolicyQuestionArgs]] = None,
                                      requestor_settings: Optional[AccessPackageAssignmentPolicyRequestorSettingsArgs] = None)
    @overload
    def AccessPackageAssignmentPolicy(resource_name: str,
                                      args: AccessPackageAssignmentPolicyArgs,
                                      opts: Optional[ResourceOptions] = None)
    func NewAccessPackageAssignmentPolicy(ctx *Context, name string, args AccessPackageAssignmentPolicyArgs, opts ...ResourceOption) (*AccessPackageAssignmentPolicy, error)
    public AccessPackageAssignmentPolicy(string name, AccessPackageAssignmentPolicyArgs args, CustomResourceOptions? opts = null)
    public AccessPackageAssignmentPolicy(String name, AccessPackageAssignmentPolicyArgs args)
    public AccessPackageAssignmentPolicy(String name, AccessPackageAssignmentPolicyArgs args, CustomResourceOptions options)
    
    type: azuread:AccessPackageAssignmentPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args AccessPackageAssignmentPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AccessPackageAssignmentPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AccessPackageAssignmentPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AccessPackageAssignmentPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AccessPackageAssignmentPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    AccessPackageAssignmentPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AccessPackageAssignmentPolicy resource accepts the following input properties:

    AccessPackageId string

    The ID of the access package that will contain the policy.

    Description string

    The description of the policy.

    DisplayName string

    The display name of the policy.

    ApprovalSettings Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettings

    An approval_settings block to specify whether approvals are required and how they are obtained, as documented below.

    AssignmentReviewSettings Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyAssignmentReviewSettings

    An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below.

    DurationInDays int

    How many days this assignment is valid for.

    ExpirationDate string

    The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).

    ExtensionEnabled bool

    Whether users will be able to request extension of their access to this package before their access expires.

    Questions List<Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyQuestion>

    One or more question blocks for the requestor, as documented below.

    RequestorSettings Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyRequestorSettings

    A requestor_settings block to configure the users who can request access, as documented below.

    AccessPackageId string

    The ID of the access package that will contain the policy.

    Description string

    The description of the policy.

    DisplayName string

    The display name of the policy.

    ApprovalSettings AccessPackageAssignmentPolicyApprovalSettingsArgs

    An approval_settings block to specify whether approvals are required and how they are obtained, as documented below.

    AssignmentReviewSettings AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs

    An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below.

    DurationInDays int

    How many days this assignment is valid for.

    ExpirationDate string

    The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).

    ExtensionEnabled bool

    Whether users will be able to request extension of their access to this package before their access expires.

    Questions []AccessPackageAssignmentPolicyQuestionArgs

    One or more question blocks for the requestor, as documented below.

    RequestorSettings AccessPackageAssignmentPolicyRequestorSettingsArgs

    A requestor_settings block to configure the users who can request access, as documented below.

    accessPackageId String

    The ID of the access package that will contain the policy.

    description String

    The description of the policy.

    displayName String

    The display name of the policy.

    approvalSettings AccessPackageAssignmentPolicyApprovalSettings

    An approval_settings block to specify whether approvals are required and how they are obtained, as documented below.

    assignmentReviewSettings AccessPackageAssignmentPolicyAssignmentReviewSettings

    An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below.

    durationInDays Integer

    How many days this assignment is valid for.

    expirationDate String

    The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).

    extensionEnabled Boolean

    Whether users will be able to request extension of their access to this package before their access expires.

    questions List<AccessPackageAssignmentPolicyQuestion>

    One or more question blocks for the requestor, as documented below.

    requestorSettings AccessPackageAssignmentPolicyRequestorSettings

    A requestor_settings block to configure the users who can request access, as documented below.

    accessPackageId string

    The ID of the access package that will contain the policy.

    description string

    The description of the policy.

    displayName string

    The display name of the policy.

    approvalSettings AccessPackageAssignmentPolicyApprovalSettings

    An approval_settings block to specify whether approvals are required and how they are obtained, as documented below.

    assignmentReviewSettings AccessPackageAssignmentPolicyAssignmentReviewSettings

    An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below.

    durationInDays number

    How many days this assignment is valid for.

    expirationDate string

    The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).

    extensionEnabled boolean

    Whether users will be able to request extension of their access to this package before their access expires.

    questions AccessPackageAssignmentPolicyQuestion[]

    One or more question blocks for the requestor, as documented below.

    requestorSettings AccessPackageAssignmentPolicyRequestorSettings

    A requestor_settings block to configure the users who can request access, as documented below.

    access_package_id str

    The ID of the access package that will contain the policy.

    description str

    The description of the policy.

    display_name str

    The display name of the policy.

    approval_settings AccessPackageAssignmentPolicyApprovalSettingsArgs

    An approval_settings block to specify whether approvals are required and how they are obtained, as documented below.

    assignment_review_settings AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs

    An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below.

    duration_in_days int

    How many days this assignment is valid for.

    expiration_date str

    The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).

    extension_enabled bool

    Whether users will be able to request extension of their access to this package before their access expires.

    questions Sequence[AccessPackageAssignmentPolicyQuestionArgs]

    One or more question blocks for the requestor, as documented below.

    requestor_settings AccessPackageAssignmentPolicyRequestorSettingsArgs

    A requestor_settings block to configure the users who can request access, as documented below.

    accessPackageId String

    The ID of the access package that will contain the policy.

    description String

    The description of the policy.

    displayName String

    The display name of the policy.

    approvalSettings Property Map

    An approval_settings block to specify whether approvals are required and how they are obtained, as documented below.

    assignmentReviewSettings Property Map

    An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below.

    durationInDays Number

    How many days this assignment is valid for.

    expirationDate String

    The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).

    extensionEnabled Boolean

    Whether users will be able to request extension of their access to this package before their access expires.

    questions List<Property Map>

    One or more question blocks for the requestor, as documented below.

    requestorSettings Property Map

    A requestor_settings block to configure the users who can request access, as documented below.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AccessPackageAssignmentPolicy resource produces the following output properties:

    Id string

    The provider-assigned unique ID for this managed resource.

    Id string

    The provider-assigned unique ID for this managed resource.

    id String

    The provider-assigned unique ID for this managed resource.

    id string

    The provider-assigned unique ID for this managed resource.

    id str

    The provider-assigned unique ID for this managed resource.

    id String

    The provider-assigned unique ID for this managed resource.

    Look up Existing AccessPackageAssignmentPolicy Resource

    Get an existing AccessPackageAssignmentPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AccessPackageAssignmentPolicyState, opts?: CustomResourceOptions): AccessPackageAssignmentPolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            access_package_id: Optional[str] = None,
            approval_settings: Optional[AccessPackageAssignmentPolicyApprovalSettingsArgs] = None,
            assignment_review_settings: Optional[AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs] = None,
            description: Optional[str] = None,
            display_name: Optional[str] = None,
            duration_in_days: Optional[int] = None,
            expiration_date: Optional[str] = None,
            extension_enabled: Optional[bool] = None,
            questions: Optional[Sequence[AccessPackageAssignmentPolicyQuestionArgs]] = None,
            requestor_settings: Optional[AccessPackageAssignmentPolicyRequestorSettingsArgs] = None) -> AccessPackageAssignmentPolicy
    func GetAccessPackageAssignmentPolicy(ctx *Context, name string, id IDInput, state *AccessPackageAssignmentPolicyState, opts ...ResourceOption) (*AccessPackageAssignmentPolicy, error)
    public static AccessPackageAssignmentPolicy Get(string name, Input<string> id, AccessPackageAssignmentPolicyState? state, CustomResourceOptions? opts = null)
    public static AccessPackageAssignmentPolicy get(String name, Output<String> id, AccessPackageAssignmentPolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccessPackageId string

    The ID of the access package that will contain the policy.

    ApprovalSettings Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettings

    An approval_settings block to specify whether approvals are required and how they are obtained, as documented below.

    AssignmentReviewSettings Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyAssignmentReviewSettings

    An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below.

    Description string

    The description of the policy.

    DisplayName string

    The display name of the policy.

    DurationInDays int

    How many days this assignment is valid for.

    ExpirationDate string

    The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).

    ExtensionEnabled bool

    Whether users will be able to request extension of their access to this package before their access expires.

    Questions List<Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyQuestion>

    One or more question blocks for the requestor, as documented below.

    RequestorSettings Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyRequestorSettings

    A requestor_settings block to configure the users who can request access, as documented below.

    AccessPackageId string

    The ID of the access package that will contain the policy.

    ApprovalSettings AccessPackageAssignmentPolicyApprovalSettingsArgs

    An approval_settings block to specify whether approvals are required and how they are obtained, as documented below.

    AssignmentReviewSettings AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs

    An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below.

    Description string

    The description of the policy.

    DisplayName string

    The display name of the policy.

    DurationInDays int

    How many days this assignment is valid for.

    ExpirationDate string

    The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).

    ExtensionEnabled bool

    Whether users will be able to request extension of their access to this package before their access expires.

    Questions []AccessPackageAssignmentPolicyQuestionArgs

    One or more question blocks for the requestor, as documented below.

    RequestorSettings AccessPackageAssignmentPolicyRequestorSettingsArgs

    A requestor_settings block to configure the users who can request access, as documented below.

    accessPackageId String

    The ID of the access package that will contain the policy.

    approvalSettings AccessPackageAssignmentPolicyApprovalSettings

    An approval_settings block to specify whether approvals are required and how they are obtained, as documented below.

    assignmentReviewSettings AccessPackageAssignmentPolicyAssignmentReviewSettings

    An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below.

    description String

    The description of the policy.

    displayName String

    The display name of the policy.

    durationInDays Integer

    How many days this assignment is valid for.

    expirationDate String

    The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).

    extensionEnabled Boolean

    Whether users will be able to request extension of their access to this package before their access expires.

    questions List<AccessPackageAssignmentPolicyQuestion>

    One or more question blocks for the requestor, as documented below.

    requestorSettings AccessPackageAssignmentPolicyRequestorSettings

    A requestor_settings block to configure the users who can request access, as documented below.

    accessPackageId string

    The ID of the access package that will contain the policy.

    approvalSettings AccessPackageAssignmentPolicyApprovalSettings

    An approval_settings block to specify whether approvals are required and how they are obtained, as documented below.

    assignmentReviewSettings AccessPackageAssignmentPolicyAssignmentReviewSettings

    An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below.

    description string

    The description of the policy.

    displayName string

    The display name of the policy.

    durationInDays number

    How many days this assignment is valid for.

    expirationDate string

    The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).

    extensionEnabled boolean

    Whether users will be able to request extension of their access to this package before their access expires.

    questions AccessPackageAssignmentPolicyQuestion[]

    One or more question blocks for the requestor, as documented below.

    requestorSettings AccessPackageAssignmentPolicyRequestorSettings

    A requestor_settings block to configure the users who can request access, as documented below.

    access_package_id str

    The ID of the access package that will contain the policy.

    approval_settings AccessPackageAssignmentPolicyApprovalSettingsArgs

    An approval_settings block to specify whether approvals are required and how they are obtained, as documented below.

    assignment_review_settings AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs

    An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below.

    description str

    The description of the policy.

    display_name str

    The display name of the policy.

    duration_in_days int

    How many days this assignment is valid for.

    expiration_date str

    The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).

    extension_enabled bool

    Whether users will be able to request extension of their access to this package before their access expires.

    questions Sequence[AccessPackageAssignmentPolicyQuestionArgs]

    One or more question blocks for the requestor, as documented below.

    requestor_settings AccessPackageAssignmentPolicyRequestorSettingsArgs

    A requestor_settings block to configure the users who can request access, as documented below.

    accessPackageId String

    The ID of the access package that will contain the policy.

    approvalSettings Property Map

    An approval_settings block to specify whether approvals are required and how they are obtained, as documented below.

    assignmentReviewSettings Property Map

    An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below.

    description String

    The description of the policy.

    displayName String

    The display name of the policy.

    durationInDays Number

    How many days this assignment is valid for.

    expirationDate String

    The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).

    extensionEnabled Boolean

    Whether users will be able to request extension of their access to this package before their access expires.

    questions List<Property Map>

    One or more question blocks for the requestor, as documented below.

    requestorSettings Property Map

    A requestor_settings block to configure the users who can request access, as documented below.

    Supporting Types

    AccessPackageAssignmentPolicyApprovalSettings, AccessPackageAssignmentPolicyApprovalSettingsArgs

    ApprovalRequired bool

    Whether an approval is required.

    ApprovalRequiredForExtension bool

    Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.

    ApprovalStages List<Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsApprovalStage>

    An approval_stage block specifying the process to obtain an approval, as documented below.

    RequestorJustificationRequired bool

    Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.

    ApprovalRequired bool

    Whether an approval is required.

    ApprovalRequiredForExtension bool

    Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.

    ApprovalStages []AccessPackageAssignmentPolicyApprovalSettingsApprovalStage

    An approval_stage block specifying the process to obtain an approval, as documented below.

    RequestorJustificationRequired bool

    Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.

    approvalRequired Boolean

    Whether an approval is required.

    approvalRequiredForExtension Boolean

    Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.

    approvalStages List<AccessPackageAssignmentPolicyApprovalSettingsApprovalStage>

    An approval_stage block specifying the process to obtain an approval, as documented below.

    requestorJustificationRequired Boolean

    Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.

    approvalRequired boolean

    Whether an approval is required.

    approvalRequiredForExtension boolean

    Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.

    approvalStages AccessPackageAssignmentPolicyApprovalSettingsApprovalStage[]

    An approval_stage block specifying the process to obtain an approval, as documented below.

    requestorJustificationRequired boolean

    Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.

    approval_required bool

    Whether an approval is required.

    approval_required_for_extension bool

    Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.

    approval_stages Sequence[AccessPackageAssignmentPolicyApprovalSettingsApprovalStage]

    An approval_stage block specifying the process to obtain an approval, as documented below.

    requestor_justification_required bool

    Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.

    approvalRequired Boolean

    Whether an approval is required.

    approvalRequiredForExtension Boolean

    Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.

    approvalStages List<Property Map>

    An approval_stage block specifying the process to obtain an approval, as documented below.

    requestorJustificationRequired Boolean

    Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.

    AccessPackageAssignmentPolicyApprovalSettingsApprovalStage, AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs

    ApprovalTimeoutInDays int

    Maximum number of days within which a request must be approved. If a request is not approved within this time period after it is made, it will be automatically rejected.

    AlternativeApprovalEnabled bool

    Whether alternative approvers are enabled.

    AlternativeApprovers List<Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApprover>

    A block specifying alternative approvers when escalation is enabled and the primary approvers do not respond before the escalation time, as documented below.

    ApproverJustificationRequired bool

    Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor.

    EnableAlternativeApprovalInDays int

    Number of days before the request is forwarded to alternative approvers.

    PrimaryApprovers List<Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApprover>

    A block specifying the users who will be asked to approve requests, as documented below.

    ApprovalTimeoutInDays int

    Maximum number of days within which a request must be approved. If a request is not approved within this time period after it is made, it will be automatically rejected.

    AlternativeApprovalEnabled bool

    Whether alternative approvers are enabled.

    AlternativeApprovers []AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApprover

    A block specifying alternative approvers when escalation is enabled and the primary approvers do not respond before the escalation time, as documented below.

    ApproverJustificationRequired bool

    Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor.

    EnableAlternativeApprovalInDays int

    Number of days before the request is forwarded to alternative approvers.

    PrimaryApprovers []AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApprover

    A block specifying the users who will be asked to approve requests, as documented below.

    approvalTimeoutInDays Integer

    Maximum number of days within which a request must be approved. If a request is not approved within this time period after it is made, it will be automatically rejected.

    alternativeApprovalEnabled Boolean

    Whether alternative approvers are enabled.

    alternativeApprovers List<AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApprover>

    A block specifying alternative approvers when escalation is enabled and the primary approvers do not respond before the escalation time, as documented below.

    approverJustificationRequired Boolean

    Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor.

    enableAlternativeApprovalInDays Integer

    Number of days before the request is forwarded to alternative approvers.

    primaryApprovers List<AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApprover>

    A block specifying the users who will be asked to approve requests, as documented below.

    approvalTimeoutInDays number

    Maximum number of days within which a request must be approved. If a request is not approved within this time period after it is made, it will be automatically rejected.

    alternativeApprovalEnabled boolean

    Whether alternative approvers are enabled.

    alternativeApprovers AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApprover[]

    A block specifying alternative approvers when escalation is enabled and the primary approvers do not respond before the escalation time, as documented below.

    approverJustificationRequired boolean

    Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor.

    enableAlternativeApprovalInDays number

    Number of days before the request is forwarded to alternative approvers.

    primaryApprovers AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApprover[]

    A block specifying the users who will be asked to approve requests, as documented below.

    approval_timeout_in_days int

    Maximum number of days within which a request must be approved. If a request is not approved within this time period after it is made, it will be automatically rejected.

    alternative_approval_enabled bool

    Whether alternative approvers are enabled.

    alternative_approvers Sequence[AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApprover]

    A block specifying alternative approvers when escalation is enabled and the primary approvers do not respond before the escalation time, as documented below.

    approver_justification_required bool

    Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor.

    enable_alternative_approval_in_days int

    Number of days before the request is forwarded to alternative approvers.

    primary_approvers Sequence[AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApprover]

    A block specifying the users who will be asked to approve requests, as documented below.

    approvalTimeoutInDays Number

    Maximum number of days within which a request must be approved. If a request is not approved within this time period after it is made, it will be automatically rejected.

    alternativeApprovalEnabled Boolean

    Whether alternative approvers are enabled.

    alternativeApprovers List<Property Map>

    A block specifying alternative approvers when escalation is enabled and the primary approvers do not respond before the escalation time, as documented below.

    approverJustificationRequired Boolean

    Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor.

    enableAlternativeApprovalInDays Number

    Number of days before the request is forwarded to alternative approvers.

    primaryApprovers List<Property Map>

    A block specifying the users who will be asked to approve requests, as documented below.

    AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApprover, AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApproverArgs

    SubjectType string

    Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.

    Backup bool

    For a user in an approval stage, this property indicates whether the user is a backup fallback approver.

    ObjectId string

    The ID of the subject.

    SubjectType string

    Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.

    Backup bool

    For a user in an approval stage, this property indicates whether the user is a backup fallback approver.

    ObjectId string

    The ID of the subject.

    subjectType String

    Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.

    backup Boolean

    For a user in an approval stage, this property indicates whether the user is a backup fallback approver.

    objectId String

    The ID of the subject.

    subjectType string

    Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.

    backup boolean

    For a user in an approval stage, this property indicates whether the user is a backup fallback approver.

    objectId string

    The ID of the subject.

    subject_type str

    Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.

    backup bool

    For a user in an approval stage, this property indicates whether the user is a backup fallback approver.

    object_id str

    The ID of the subject.

    subjectType String

    Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.

    backup Boolean

    For a user in an approval stage, this property indicates whether the user is a backup fallback approver.

    objectId String

    The ID of the subject.

    AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApprover, AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs

    SubjectType string

    Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.

    Backup bool

    For a user in an approval stage, this property indicates whether the user is a backup fallback approver.

    ObjectId string

    The ID of the subject.

    SubjectType string

    Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.

    Backup bool

    For a user in an approval stage, this property indicates whether the user is a backup fallback approver.

    ObjectId string

    The ID of the subject.

    subjectType String

    Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.

    backup Boolean

    For a user in an approval stage, this property indicates whether the user is a backup fallback approver.

    objectId String

    The ID of the subject.

    subjectType string

    Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.

    backup boolean

    For a user in an approval stage, this property indicates whether the user is a backup fallback approver.

    objectId string

    The ID of the subject.

    subject_type str

    Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.

    backup bool

    For a user in an approval stage, this property indicates whether the user is a backup fallback approver.

    object_id str

    The ID of the subject.

    subjectType String

    Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.

    backup Boolean

    For a user in an approval stage, this property indicates whether the user is a backup fallback approver.

    objectId String

    The ID of the subject.

    AccessPackageAssignmentPolicyAssignmentReviewSettings, AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs

    AccessRecommendationEnabled bool

    Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.

    AccessReviewTimeoutBehavior string

    Specifies the actions the system takes if reviewers don't respond in time. Valid values are keepAccess, removeAccess, or acceptAccessRecommendation.

    ApproverJustificationRequired bool

    Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.

    DurationInDays int

    How many days each occurrence of the access review series will run.

    Enabled bool

    Whether to enable assignment review.

    ReviewFrequency string

    This will determine how often the access review campaign runs, valid values are weekly, monthly, quarterly, halfyearly, or annual.

    ReviewType string

    Self-review or specific reviewers. Valid values are Manager, Reviewers, or Self.

    Reviewers List<Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewer>

    One or more reviewer blocks to specify the users who will be reviewers (when review_type is Reviewers), as documented below.

    StartingOn string

    This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date

    AccessRecommendationEnabled bool

    Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.

    AccessReviewTimeoutBehavior string

    Specifies the actions the system takes if reviewers don't respond in time. Valid values are keepAccess, removeAccess, or acceptAccessRecommendation.

    ApproverJustificationRequired bool

    Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.

    DurationInDays int

    How many days each occurrence of the access review series will run.

    Enabled bool

    Whether to enable assignment review.

    ReviewFrequency string

    This will determine how often the access review campaign runs, valid values are weekly, monthly, quarterly, halfyearly, or annual.

    ReviewType string

    Self-review or specific reviewers. Valid values are Manager, Reviewers, or Self.

    Reviewers []AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewer

    One or more reviewer blocks to specify the users who will be reviewers (when review_type is Reviewers), as documented below.

    StartingOn string

    This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date

    accessRecommendationEnabled Boolean

    Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.

    accessReviewTimeoutBehavior String

    Specifies the actions the system takes if reviewers don't respond in time. Valid values are keepAccess, removeAccess, or acceptAccessRecommendation.

    approverJustificationRequired Boolean

    Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.

    durationInDays Integer

    How many days each occurrence of the access review series will run.

    enabled Boolean

    Whether to enable assignment review.

    reviewFrequency String

    This will determine how often the access review campaign runs, valid values are weekly, monthly, quarterly, halfyearly, or annual.

    reviewType String

    Self-review or specific reviewers. Valid values are Manager, Reviewers, or Self.

    reviewers List<AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewer>

    One or more reviewer blocks to specify the users who will be reviewers (when review_type is Reviewers), as documented below.

    startingOn String

    This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date

    accessRecommendationEnabled boolean

    Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.

    accessReviewTimeoutBehavior string

    Specifies the actions the system takes if reviewers don't respond in time. Valid values are keepAccess, removeAccess, or acceptAccessRecommendation.

    approverJustificationRequired boolean

    Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.

    durationInDays number

    How many days each occurrence of the access review series will run.

    enabled boolean

    Whether to enable assignment review.

    reviewFrequency string

    This will determine how often the access review campaign runs, valid values are weekly, monthly, quarterly, halfyearly, or annual.

    reviewType string

    Self-review or specific reviewers. Valid values are Manager, Reviewers, or Self.

    reviewers AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewer[]

    One or more reviewer blocks to specify the users who will be reviewers (when review_type is Reviewers), as documented below.

    startingOn string

    This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date

    access_recommendation_enabled bool

    Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.

    access_review_timeout_behavior str

    Specifies the actions the system takes if reviewers don't respond in time. Valid values are keepAccess, removeAccess, or acceptAccessRecommendation.

    approver_justification_required bool

    Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.

    duration_in_days int

    How many days each occurrence of the access review series will run.

    enabled bool

    Whether to enable assignment review.

    review_frequency str

    This will determine how often the access review campaign runs, valid values are weekly, monthly, quarterly, halfyearly, or annual.

    review_type str

    Self-review or specific reviewers. Valid values are Manager, Reviewers, or Self.

    reviewers Sequence[AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewer]

    One or more reviewer blocks to specify the users who will be reviewers (when review_type is Reviewers), as documented below.

    starting_on str

    This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date

    accessRecommendationEnabled Boolean

    Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.

    accessReviewTimeoutBehavior String

    Specifies the actions the system takes if reviewers don't respond in time. Valid values are keepAccess, removeAccess, or acceptAccessRecommendation.

    approverJustificationRequired Boolean

    Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.

    durationInDays Number

    How many days each occurrence of the access review series will run.

    enabled Boolean

    Whether to enable assignment review.

    reviewFrequency String

    This will determine how often the access review campaign runs, valid values are weekly, monthly, quarterly, halfyearly, or annual.

    reviewType String

    Self-review or specific reviewers. Valid values are Manager, Reviewers, or Self.

    reviewers List<Property Map>

    One or more reviewer blocks to specify the users who will be reviewers (when review_type is Reviewers), as documented below.

    startingOn String

    This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date

    AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewer, AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewerArgs

    SubjectType string

    Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.

    Backup bool

    For a user in an approval stage, this property indicates whether the user is a backup fallback approver.

    ObjectId string

    The ID of the subject.

    SubjectType string

    Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.

    Backup bool

    For a user in an approval stage, this property indicates whether the user is a backup fallback approver.

    ObjectId string

    The ID of the subject.

    subjectType String

    Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.

    backup Boolean

    For a user in an approval stage, this property indicates whether the user is a backup fallback approver.

    objectId String

    The ID of the subject.

    subjectType string

    Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.

    backup boolean

    For a user in an approval stage, this property indicates whether the user is a backup fallback approver.

    objectId string

    The ID of the subject.

    subject_type str

    Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.

    backup bool

    For a user in an approval stage, this property indicates whether the user is a backup fallback approver.

    object_id str

    The ID of the subject.

    subjectType String

    Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.

    backup Boolean

    For a user in an approval stage, this property indicates whether the user is a backup fallback approver.

    objectId String

    The ID of the subject.

    AccessPackageAssignmentPolicyQuestion, AccessPackageAssignmentPolicyQuestionArgs

    Text Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionText

    A block describing the content of this question, as documented below.

    Choices List<Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionChoice>

    One or more blocks configuring a choice to the question, as documented below.

    Required bool

    Whether this question is required.

    Sequence int

    The sequence number of this question.

    Text AccessPackageAssignmentPolicyQuestionText

    A block describing the content of this question, as documented below.

    Choices []AccessPackageAssignmentPolicyQuestionChoice

    One or more blocks configuring a choice to the question, as documented below.

    Required bool

    Whether this question is required.

    Sequence int

    The sequence number of this question.

    text AccessPackageAssignmentPolicyQuestionText

    A block describing the content of this question, as documented below.

    choices List<AccessPackageAssignmentPolicyQuestionChoice>

    One or more blocks configuring a choice to the question, as documented below.

    required Boolean

    Whether this question is required.

    sequence Integer

    The sequence number of this question.

    text AccessPackageAssignmentPolicyQuestionText

    A block describing the content of this question, as documented below.

    choices AccessPackageAssignmentPolicyQuestionChoice[]

    One or more blocks configuring a choice to the question, as documented below.

    required boolean

    Whether this question is required.

    sequence number

    The sequence number of this question.

    text AccessPackageAssignmentPolicyQuestionText

    A block describing the content of this question, as documented below.

    choices Sequence[AccessPackageAssignmentPolicyQuestionChoice]

    One or more blocks configuring a choice to the question, as documented below.

    required bool

    Whether this question is required.

    sequence int

    The sequence number of this question.

    text Property Map

    A block describing the content of this question, as documented below.

    choices List<Property Map>

    One or more blocks configuring a choice to the question, as documented below.

    required Boolean

    Whether this question is required.

    sequence Number

    The sequence number of this question.

    AccessPackageAssignmentPolicyQuestionChoice, AccessPackageAssignmentPolicyQuestionChoiceArgs

    ActualValue string

    The actual value of this choice.

    DisplayValue Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionChoiceDisplayValue

    A block describing the display text of this choice, as documented below.

    ActualValue string

    The actual value of this choice.

    DisplayValue AccessPackageAssignmentPolicyQuestionChoiceDisplayValue

    A block describing the display text of this choice, as documented below.

    actualValue String

    The actual value of this choice.

    displayValue AccessPackageAssignmentPolicyQuestionChoiceDisplayValue

    A block describing the display text of this choice, as documented below.

    actualValue string

    The actual value of this choice.

    displayValue AccessPackageAssignmentPolicyQuestionChoiceDisplayValue

    A block describing the display text of this choice, as documented below.

    actual_value str

    The actual value of this choice.

    display_value AccessPackageAssignmentPolicyQuestionChoiceDisplayValue

    A block describing the display text of this choice, as documented below.

    actualValue String

    The actual value of this choice.

    displayValue Property Map

    A block describing the display text of this choice, as documented below.

    AccessPackageAssignmentPolicyQuestionChoiceDisplayValue, AccessPackageAssignmentPolicyQuestionChoiceDisplayValueArgs

    DefaultText string

    The default text of this question.

    LocalizedTexts List<Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedText>

    One or more blocks describing localized text of this question, as documented below.

    DefaultText string

    The default text of this question.

    LocalizedTexts []AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedText

    One or more blocks describing localized text of this question, as documented below.

    defaultText String

    The default text of this question.

    localizedTexts List<AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedText>

    One or more blocks describing localized text of this question, as documented below.

    defaultText string

    The default text of this question.

    localizedTexts AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedText[]

    One or more blocks describing localized text of this question, as documented below.

    default_text str

    The default text of this question.

    localized_texts Sequence[AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedText]

    One or more blocks describing localized text of this question, as documented below.

    defaultText String

    The default text of this question.

    localizedTexts List<Property Map>

    One or more blocks describing localized text of this question, as documented below.

    AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedText, AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedTextArgs

    Content string

    The localized content of this question.

    LanguageCode string

    The ISO 639 language code for this question content.

    Content string

    The localized content of this question.

    LanguageCode string

    The ISO 639 language code for this question content.

    content String

    The localized content of this question.

    languageCode String

    The ISO 639 language code for this question content.

    content string

    The localized content of this question.

    languageCode string

    The ISO 639 language code for this question content.

    content str

    The localized content of this question.

    language_code str

    The ISO 639 language code for this question content.

    content String

    The localized content of this question.

    languageCode String

    The ISO 639 language code for this question content.

    AccessPackageAssignmentPolicyQuestionText, AccessPackageAssignmentPolicyQuestionTextArgs

    DefaultText string

    The default text of this question.

    LocalizedTexts List<Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionTextLocalizedText>

    One or more blocks describing localized text of this question, as documented below.

    DefaultText string

    The default text of this question.

    LocalizedTexts []AccessPackageAssignmentPolicyQuestionTextLocalizedText

    One or more blocks describing localized text of this question, as documented below.

    defaultText String

    The default text of this question.

    localizedTexts List<AccessPackageAssignmentPolicyQuestionTextLocalizedText>

    One or more blocks describing localized text of this question, as documented below.

    defaultText string

    The default text of this question.

    localizedTexts AccessPackageAssignmentPolicyQuestionTextLocalizedText[]

    One or more blocks describing localized text of this question, as documented below.

    default_text str

    The default text of this question.

    localized_texts Sequence[AccessPackageAssignmentPolicyQuestionTextLocalizedText]

    One or more blocks describing localized text of this question, as documented below.

    defaultText String

    The default text of this question.

    localizedTexts List<Property Map>

    One or more blocks describing localized text of this question, as documented below.

    AccessPackageAssignmentPolicyQuestionTextLocalizedText, AccessPackageAssignmentPolicyQuestionTextLocalizedTextArgs

    Content string

    The localized content of this question.

    LanguageCode string

    The ISO 639 language code for this question content.

    Content string

    The localized content of this question.

    LanguageCode string

    The ISO 639 language code for this question content.

    content String

    The localized content of this question.

    languageCode String

    The ISO 639 language code for this question content.

    content string

    The localized content of this question.

    languageCode string

    The ISO 639 language code for this question content.

    content str

    The localized content of this question.

    language_code str

    The ISO 639 language code for this question content.

    content String

    The localized content of this question.

    languageCode String

    The ISO 639 language code for this question content.

    AccessPackageAssignmentPolicyRequestorSettings, AccessPackageAssignmentPolicyRequestorSettingsArgs

    Requestors List<Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyRequestorSettingsRequestor>

    A block specifying the users who are allowed to request on this policy, as documented below.

    RequestsAccepted bool

    Whether to accept requests using this policy. When false, no new requests can be made using this policy.

    ScopeType string

    Specifies the scopes of the requestors. Valid values are AllConfiguredConnectedOrganizationSubjects, AllExistingConnectedOrganizationSubjects, AllExistingDirectoryMemberUsers, AllExistingDirectorySubjects, AllExternalSubjects, NoSubjects, SpecificConnectedOrganizationSubjects, or SpecificDirectorySubjects.

    Requestors []AccessPackageAssignmentPolicyRequestorSettingsRequestor

    A block specifying the users who are allowed to request on this policy, as documented below.

    RequestsAccepted bool

    Whether to accept requests using this policy. When false, no new requests can be made using this policy.

    ScopeType string

    Specifies the scopes of the requestors. Valid values are AllConfiguredConnectedOrganizationSubjects, AllExistingConnectedOrganizationSubjects, AllExistingDirectoryMemberUsers, AllExistingDirectorySubjects, AllExternalSubjects, NoSubjects, SpecificConnectedOrganizationSubjects, or SpecificDirectorySubjects.

    requestors List<AccessPackageAssignmentPolicyRequestorSettingsRequestor>

    A block specifying the users who are allowed to request on this policy, as documented below.

    requestsAccepted Boolean

    Whether to accept requests using this policy. When false, no new requests can be made using this policy.

    scopeType String

    Specifies the scopes of the requestors. Valid values are AllConfiguredConnectedOrganizationSubjects, AllExistingConnectedOrganizationSubjects, AllExistingDirectoryMemberUsers, AllExistingDirectorySubjects, AllExternalSubjects, NoSubjects, SpecificConnectedOrganizationSubjects, or SpecificDirectorySubjects.

    requestors AccessPackageAssignmentPolicyRequestorSettingsRequestor[]

    A block specifying the users who are allowed to request on this policy, as documented below.

    requestsAccepted boolean

    Whether to accept requests using this policy. When false, no new requests can be made using this policy.

    scopeType string

    Specifies the scopes of the requestors. Valid values are AllConfiguredConnectedOrganizationSubjects, AllExistingConnectedOrganizationSubjects, AllExistingDirectoryMemberUsers, AllExistingDirectorySubjects, AllExternalSubjects, NoSubjects, SpecificConnectedOrganizationSubjects, or SpecificDirectorySubjects.

    requestors Sequence[AccessPackageAssignmentPolicyRequestorSettingsRequestor]

    A block specifying the users who are allowed to request on this policy, as documented below.

    requests_accepted bool

    Whether to accept requests using this policy. When false, no new requests can be made using this policy.

    scope_type str

    Specifies the scopes of the requestors. Valid values are AllConfiguredConnectedOrganizationSubjects, AllExistingConnectedOrganizationSubjects, AllExistingDirectoryMemberUsers, AllExistingDirectorySubjects, AllExternalSubjects, NoSubjects, SpecificConnectedOrganizationSubjects, or SpecificDirectorySubjects.

    requestors List<Property Map>

    A block specifying the users who are allowed to request on this policy, as documented below.

    requestsAccepted Boolean

    Whether to accept requests using this policy. When false, no new requests can be made using this policy.

    scopeType String

    Specifies the scopes of the requestors. Valid values are AllConfiguredConnectedOrganizationSubjects, AllExistingConnectedOrganizationSubjects, AllExistingDirectoryMemberUsers, AllExistingDirectorySubjects, AllExternalSubjects, NoSubjects, SpecificConnectedOrganizationSubjects, or SpecificDirectorySubjects.

    AccessPackageAssignmentPolicyRequestorSettingsRequestor, AccessPackageAssignmentPolicyRequestorSettingsRequestorArgs

    SubjectType string

    Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.

    Backup bool

    For a user in an approval stage, this property indicates whether the user is a backup fallback approver.

    ObjectId string

    The ID of the subject.

    SubjectType string

    Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.

    Backup bool

    For a user in an approval stage, this property indicates whether the user is a backup fallback approver.

    ObjectId string

    The ID of the subject.

    subjectType String

    Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.

    backup Boolean

    For a user in an approval stage, this property indicates whether the user is a backup fallback approver.

    objectId String

    The ID of the subject.

    subjectType string

    Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.

    backup boolean

    For a user in an approval stage, this property indicates whether the user is a backup fallback approver.

    objectId string

    The ID of the subject.

    subject_type str

    Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.

    backup bool

    For a user in an approval stage, this property indicates whether the user is a backup fallback approver.

    object_id str

    The ID of the subject.

    subjectType String

    Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.

    backup Boolean

    For a user in an approval stage, this property indicates whether the user is a backup fallback approver.

    objectId String

    The ID of the subject.

    Import

    An access package assignment policy can be imported using the ID, e.g.

     $ pulumi import azuread:index/accessPackageAssignmentPolicy:AccessPackageAssignmentPolicy example 00000000-0000-0000-0000-000000000000
    

    Package Details

    Repository
    Azure Active Directory (Azure AD) pulumi/pulumi-azuread
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the azuread Terraform Provider.

    azuread logo
    Azure Active Directory (Azure AD) v5.42.0 published on Friday, Sep 22, 2023 by Pulumi