Azure Active Directory (Azure AD) v5.42.0, Sep 22 23

Azure Active Directory (Azure AD) v5.42.0 published on Friday, Sep 22, 2023 by Pulumi

azuread.AccessPackageAssignmentPolicy

Explore with Pulumi AI

Azure Active Directory (Azure AD) v5.42.0 published on Friday, Sep 22, 2023 by Pulumi

pulumi/pulumi-azuread

API Permissions

The following API permissions are required in order to use this resource.

When authenticated with a service principal, this resource requires the following application role: EntitlementManagement.ReadWrite.All.

When authenticated with a user principal, this resource requires Global Administrator directory role, or one of the Catalog Owner and Access Package Manager role in Identity Governance.

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;

return await Deployment.RunAsync(() => 
{
    var exampleGroup = new AzureAD.Group("exampleGroup", new()
    {
        DisplayName = "group-name",
        SecurityEnabled = true,
    });

    var exampleAccessPackageCatalog = new AzureAD.AccessPackageCatalog("exampleAccessPackageCatalog", new()
    {
        DisplayName = "example-catalog",
        Description = "Example catalog",
    });

    var exampleAccessPackage = new AzureAD.AccessPackage("exampleAccessPackage", new()
    {
        CatalogId = exampleAccessPackageCatalog.Id,
        DisplayName = "access-package",
        Description = "Access Package",
    });

    var exampleAccessPackageAssignmentPolicy = new AzureAD.AccessPackageAssignmentPolicy("exampleAccessPackageAssignmentPolicy", new()
    {
        AccessPackageId = exampleAccessPackage.Id,
        DisplayName = "assignment-policy",
        Description = "My assignment policy",
        DurationInDays = 90,
        RequestorSettings = new AzureAD.Inputs.AccessPackageAssignmentPolicyRequestorSettingsArgs
        {
            ScopeType = "AllExistingDirectoryMemberUsers",
        },
        ApprovalSettings = new AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsArgs
        {
            ApprovalRequired = true,
            ApprovalStages = new[]
            {
                new AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs
                {
                    ApprovalTimeoutInDays = 14,
                    PrimaryApprovers = new[]
                    {
                        new AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs
                        {
                            ObjectId = exampleGroup.ObjectId,
                            SubjectType = "groupMembers",
                        },
                    },
                },
            },
        },
        AssignmentReviewSettings = new AzureAD.Inputs.AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs
        {
            Enabled = true,
            ReviewFrequency = "weekly",
            DurationInDays = 3,
            ReviewType = "Self",
            AccessReviewTimeoutBehavior = "keepAccess",
        },
        Questions = new[]
        {
            new AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionArgs
            {
                Text = new AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionTextArgs
                {
                    DefaultText = "hello, how are you?",
                },
            },
        },
    });

});

package main

import (
	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleGroup, err := azuread.NewGroup(ctx, "exampleGroup", &azuread.GroupArgs{
			DisplayName:     pulumi.String("group-name"),
			SecurityEnabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		exampleAccessPackageCatalog, err := azuread.NewAccessPackageCatalog(ctx, "exampleAccessPackageCatalog", &azuread.AccessPackageCatalogArgs{
			DisplayName: pulumi.String("example-catalog"),
			Description: pulumi.String("Example catalog"),
		})
		if err != nil {
			return err
		}
		exampleAccessPackage, err := azuread.NewAccessPackage(ctx, "exampleAccessPackage", &azuread.AccessPackageArgs{
			CatalogId:   exampleAccessPackageCatalog.ID(),
			DisplayName: pulumi.String("access-package"),
			Description: pulumi.String("Access Package"),
		})
		if err != nil {
			return err
		}
		_, err = azuread.NewAccessPackageAssignmentPolicy(ctx, "exampleAccessPackageAssignmentPolicy", &azuread.AccessPackageAssignmentPolicyArgs{
			AccessPackageId: exampleAccessPackage.ID(),
			DisplayName:     pulumi.String("assignment-policy"),
			Description:     pulumi.String("My assignment policy"),
			DurationInDays:  pulumi.Int(90),
			RequestorSettings: &azuread.AccessPackageAssignmentPolicyRequestorSettingsArgs{
				ScopeType: pulumi.String("AllExistingDirectoryMemberUsers"),
			},
			ApprovalSettings: &azuread.AccessPackageAssignmentPolicyApprovalSettingsArgs{
				ApprovalRequired: pulumi.Bool(true),
				ApprovalStages: azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArray{
					&azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs{
						ApprovalTimeoutInDays: pulumi.Int(14),
						PrimaryApprovers: azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArray{
							&azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs{
								ObjectId:    exampleGroup.ObjectId,
								SubjectType: pulumi.String("groupMembers"),
							},
						},
					},
				},
			},
			AssignmentReviewSettings: &azuread.AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs{
				Enabled:                     pulumi.Bool(true),
				ReviewFrequency:             pulumi.String("weekly"),
				DurationInDays:              pulumi.Int(3),
				ReviewType:                  pulumi.String("Self"),
				AccessReviewTimeoutBehavior: pulumi.String("keepAccess"),
			},
			Questions: azuread.AccessPackageAssignmentPolicyQuestionArray{
				&azuread.AccessPackageAssignmentPolicyQuestionArgs{
					Text: &azuread.AccessPackageAssignmentPolicyQuestionTextArgs{
						DefaultText: pulumi.String("hello, how are you?"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.Group;
import com.pulumi.azuread.GroupArgs;
import com.pulumi.azuread.AccessPackageCatalog;
import com.pulumi.azuread.AccessPackageCatalogArgs;
import com.pulumi.azuread.AccessPackage;
import com.pulumi.azuread.AccessPackageArgs;
import com.pulumi.azuread.AccessPackageAssignmentPolicy;
import com.pulumi.azuread.AccessPackageAssignmentPolicyArgs;
import com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyRequestorSettingsArgs;
import com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyApprovalSettingsArgs;
import com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs;
import com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyQuestionArgs;
import com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyQuestionTextArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleGroup = new Group("exampleGroup", GroupArgs.builder()        
            .displayName("group-name")
            .securityEnabled(true)
            .build());

        var exampleAccessPackageCatalog = new AccessPackageCatalog("exampleAccessPackageCatalog", AccessPackageCatalogArgs.builder()        
            .displayName("example-catalog")
            .description("Example catalog")
            .build());

        var exampleAccessPackage = new AccessPackage("exampleAccessPackage", AccessPackageArgs.builder()        
            .catalogId(exampleAccessPackageCatalog.id())
            .displayName("access-package")
            .description("Access Package")
            .build());

        var exampleAccessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy("exampleAccessPackageAssignmentPolicy", AccessPackageAssignmentPolicyArgs.builder()        
            .accessPackageId(exampleAccessPackage.id())
            .displayName("assignment-policy")
            .description("My assignment policy")
            .durationInDays(90)
            .requestorSettings(AccessPackageAssignmentPolicyRequestorSettingsArgs.builder()
                .scopeType("AllExistingDirectoryMemberUsers")
                .build())
            .approvalSettings(AccessPackageAssignmentPolicyApprovalSettingsArgs.builder()
                .approvalRequired(true)
                .approvalStages(AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs.builder()
                    .approvalTimeoutInDays(14)
                    .primaryApprovers(AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs.builder()
                        .objectId(exampleGroup.objectId())
                        .subjectType("groupMembers")
                        .build())
                    .build())
                .build())
            .assignmentReviewSettings(AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs.builder()
                .enabled(true)
                .reviewFrequency("weekly")
                .durationInDays(3)
                .reviewType("Self")
                .accessReviewTimeoutBehavior("keepAccess")
                .build())
            .questions(AccessPackageAssignmentPolicyQuestionArgs.builder()
                .text(AccessPackageAssignmentPolicyQuestionTextArgs.builder()
                    .defaultText("hello, how are you?")
                    .build())
                .build())
            .build());

    }
}

import pulumi
import pulumi_azuread as azuread

example_group = azuread.Group("exampleGroup",
    display_name="group-name",
    security_enabled=True)
example_access_package_catalog = azuread.AccessPackageCatalog("exampleAccessPackageCatalog",
    display_name="example-catalog",
    description="Example catalog")
example_access_package = azuread.AccessPackage("exampleAccessPackage",
    catalog_id=example_access_package_catalog.id,
    display_name="access-package",
    description="Access Package")
example_access_package_assignment_policy = azuread.AccessPackageAssignmentPolicy("exampleAccessPackageAssignmentPolicy",
    access_package_id=example_access_package.id,
    display_name="assignment-policy",
    description="My assignment policy",
    duration_in_days=90,
    requestor_settings=azuread.AccessPackageAssignmentPolicyRequestorSettingsArgs(
        scope_type="AllExistingDirectoryMemberUsers",
    ),
    approval_settings=azuread.AccessPackageAssignmentPolicyApprovalSettingsArgs(
        approval_required=True,
        approval_stages=[azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs(
            approval_timeout_in_days=14,
            primary_approvers=[azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs(
                object_id=example_group.object_id,
                subject_type="groupMembers",
            )],
        )],
    ),
    assignment_review_settings=azuread.AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs(
        enabled=True,
        review_frequency="weekly",
        duration_in_days=3,
        review_type="Self",
        access_review_timeout_behavior="keepAccess",
    ),
    questions=[azuread.AccessPackageAssignmentPolicyQuestionArgs(
        text=azuread.AccessPackageAssignmentPolicyQuestionTextArgs(
            default_text="hello, how are you?",
        ),
    )])

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const exampleGroup = new azuread.Group("exampleGroup", {
    displayName: "group-name",
    securityEnabled: true,
});
const exampleAccessPackageCatalog = new azuread.AccessPackageCatalog("exampleAccessPackageCatalog", {
    displayName: "example-catalog",
    description: "Example catalog",
});
const exampleAccessPackage = new azuread.AccessPackage("exampleAccessPackage", {
    catalogId: exampleAccessPackageCatalog.id,
    displayName: "access-package",
    description: "Access Package",
});
const exampleAccessPackageAssignmentPolicy = new azuread.AccessPackageAssignmentPolicy("exampleAccessPackageAssignmentPolicy", {
    accessPackageId: exampleAccessPackage.id,
    displayName: "assignment-policy",
    description: "My assignment policy",
    durationInDays: 90,
    requestorSettings: {
        scopeType: "AllExistingDirectoryMemberUsers",
    },
    approvalSettings: {
        approvalRequired: true,
        approvalStages: [{
            approvalTimeoutInDays: 14,
            primaryApprovers: [{
                objectId: exampleGroup.objectId,
                subjectType: "groupMembers",
            }],
        }],
    },
    assignmentReviewSettings: {
        enabled: true,
        reviewFrequency: "weekly",
        durationInDays: 3,
        reviewType: "Self",
        accessReviewTimeoutBehavior: "keepAccess",
    },
    questions: [{
        text: {
            defaultText: "hello, how are you?",
        },
    }],
});

resources:
  exampleGroup:
    type: azuread:Group
    properties:
      displayName: group-name
      securityEnabled: true
  exampleAccessPackageCatalog:
    type: azuread:AccessPackageCatalog
    properties:
      displayName: example-catalog
      description: Example catalog
  exampleAccessPackage:
    type: azuread:AccessPackage
    properties:
      catalogId: ${exampleAccessPackageCatalog.id}
      displayName: access-package
      description: Access Package
  exampleAccessPackageAssignmentPolicy:
    type: azuread:AccessPackageAssignmentPolicy
    properties:
      accessPackageId: ${exampleAccessPackage.id}
      displayName: assignment-policy
      description: My assignment policy
      durationInDays: 90
      requestorSettings:
        scopeType: AllExistingDirectoryMemberUsers
      approvalSettings:
        approvalRequired: true
        approvalStages:
          - approvalTimeoutInDays: 14
            primaryApprovers:
              - objectId: ${exampleGroup.objectId}
                subjectType: groupMembers
      assignmentReviewSettings:
        enabled: true
        reviewFrequency: weekly
        durationInDays: 3
        reviewType: Self
        accessReviewTimeoutBehavior: keepAccess
      questions:
        - text:
            defaultText: hello, how are you?

Create AccessPackageAssignmentPolicy Resource

new AccessPackageAssignmentPolicy(name: string, args: AccessPackageAssignmentPolicyArgs, opts?: CustomResourceOptions);

@overload
def AccessPackageAssignmentPolicy(resource_name: str,
                                  opts: Optional[ResourceOptions] = None,
                                  access_package_id: Optional[str] = None,
                                  approval_settings: Optional[AccessPackageAssignmentPolicyApprovalSettingsArgs] = None,
                                  assignment_review_settings: Optional[AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs] = None,
                                  description: Optional[str] = None,
                                  display_name: Optional[str] = None,
                                  duration_in_days: Optional[int] = None,
                                  expiration_date: Optional[str] = None,
                                  extension_enabled: Optional[bool] = None,
                                  questions: Optional[Sequence[AccessPackageAssignmentPolicyQuestionArgs]] = None,
                                  requestor_settings: Optional[AccessPackageAssignmentPolicyRequestorSettingsArgs] = None)
@overload
def AccessPackageAssignmentPolicy(resource_name: str,
                                  args: AccessPackageAssignmentPolicyArgs,
                                  opts: Optional[ResourceOptions] = None)

func NewAccessPackageAssignmentPolicy(ctx *Context, name string, args AccessPackageAssignmentPolicyArgs, opts ...ResourceOption) (*AccessPackageAssignmentPolicy, error)

public AccessPackageAssignmentPolicy(string name, AccessPackageAssignmentPolicyArgs args, CustomResourceOptions? opts = null)

public AccessPackageAssignmentPolicy(String name, AccessPackageAssignmentPolicyArgs args)
public AccessPackageAssignmentPolicy(String name, AccessPackageAssignmentPolicyArgs args, CustomResourceOptions options)

type: azuread:AccessPackageAssignmentPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AccessPackageAssignmentPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args AccessPackageAssignmentPolicyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AccessPackageAssignmentPolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AccessPackageAssignmentPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args AccessPackageAssignmentPolicyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

AccessPackageAssignmentPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AccessPackageAssignmentPolicy resource accepts the following input properties:

AccessPackageId string: The ID of the access package that will contain the policy.
Description string: The description of the policy.
DisplayName string: The display name of the policy.
ApprovalSettings Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettings: An approval_settings block to specify whether approvals are required and how they are obtained, as documented below.
AssignmentReviewSettings Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyAssignmentReviewSettings: An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below.
DurationInDays int: How many days this assignment is valid for.
ExpirationDate string: The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
ExtensionEnabled bool: Whether users will be able to request extension of their access to this package before their access expires.
Questions List<Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyQuestion>: One or more question blocks for the requestor, as documented below.
RequestorSettings Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyRequestorSettings: A requestor_settings block to configure the users who can request access, as documented below.

AccessPackageId string: The ID of the access package that will contain the policy.
Description string: The description of the policy.
DisplayName string: The display name of the policy.
ApprovalSettings AccessPackageAssignmentPolicyApprovalSettingsArgs: An approval_settings block to specify whether approvals are required and how they are obtained, as documented below.
AssignmentReviewSettings AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs: An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below.
DurationInDays int: How many days this assignment is valid for.
ExpirationDate string: The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
ExtensionEnabled bool: Whether users will be able to request extension of their access to this package before their access expires.
Questions []AccessPackageAssignmentPolicyQuestionArgs: One or more question blocks for the requestor, as documented below.
RequestorSettings AccessPackageAssignmentPolicyRequestorSettingsArgs: A requestor_settings block to configure the users who can request access, as documented below.

accessPackageId String: The ID of the access package that will contain the policy.
description String: The description of the policy.
displayName String: The display name of the policy.
approvalSettings AccessPackageAssignmentPolicyApprovalSettings: An approval_settings block to specify whether approvals are required and how they are obtained, as documented below.
assignmentReviewSettings AccessPackageAssignmentPolicyAssignmentReviewSettings: An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below.
durationInDays Integer: How many days this assignment is valid for.
expirationDate String: The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
extensionEnabled Boolean: Whether users will be able to request extension of their access to this package before their access expires.
questions List<AccessPackageAssignmentPolicyQuestion>: One or more question blocks for the requestor, as documented below.
requestorSettings AccessPackageAssignmentPolicyRequestorSettings: A requestor_settings block to configure the users who can request access, as documented below.

accessPackageId string: The ID of the access package that will contain the policy.
description string: The description of the policy.
displayName string: The display name of the policy.
approvalSettings AccessPackageAssignmentPolicyApprovalSettings: An approval_settings block to specify whether approvals are required and how they are obtained, as documented below.
assignmentReviewSettings AccessPackageAssignmentPolicyAssignmentReviewSettings: An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below.
durationInDays number: How many days this assignment is valid for.
expirationDate string: The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
extensionEnabled boolean: Whether users will be able to request extension of their access to this package before their access expires.
questions AccessPackageAssignmentPolicyQuestion[]: One or more question blocks for the requestor, as documented below.
requestorSettings AccessPackageAssignmentPolicyRequestorSettings: A requestor_settings block to configure the users who can request access, as documented below.

access_package_id str: The ID of the access package that will contain the policy.
description str: The description of the policy.
display_name str: The display name of the policy.
approval_settings AccessPackageAssignmentPolicyApprovalSettingsArgs: An approval_settings block to specify whether approvals are required and how they are obtained, as documented below.
assignment_review_settings AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs: An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below.
duration_in_days int: How many days this assignment is valid for.
expiration_date str: The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
extension_enabled bool: Whether users will be able to request extension of their access to this package before their access expires.
questions Sequence[AccessPackageAssignmentPolicyQuestionArgs]: One or more question blocks for the requestor, as documented below.
requestor_settings AccessPackageAssignmentPolicyRequestorSettingsArgs: A requestor_settings block to configure the users who can request access, as documented below.

accessPackageId String: The ID of the access package that will contain the policy.
description String: The description of the policy.
displayName String: The display name of the policy.
approvalSettings Property Map: An approval_settings block to specify whether approvals are required and how they are obtained, as documented below.
assignmentReviewSettings Property Map: An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below.
durationInDays Number: How many days this assignment is valid for.
expirationDate String: The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
extensionEnabled Boolean: Whether users will be able to request extension of their access to this package before their access expires.
questions List<Property Map>: One or more question blocks for the requestor, as documented below.
requestorSettings Property Map: A requestor_settings block to configure the users who can request access, as documented below.

Outputs

All input properties are implicitly available as output properties. Additionally, the AccessPackageAssignmentPolicy resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing AccessPackageAssignmentPolicy Resource

Get an existing AccessPackageAssignmentPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AccessPackageAssignmentPolicyState, opts?: CustomResourceOptions): AccessPackageAssignmentPolicy

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_package_id: Optional[str] = None,
        approval_settings: Optional[AccessPackageAssignmentPolicyApprovalSettingsArgs] = None,
        assignment_review_settings: Optional[AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs] = None,
        description: Optional[str] = None,
        display_name: Optional[str] = None,
        duration_in_days: Optional[int] = None,
        expiration_date: Optional[str] = None,
        extension_enabled: Optional[bool] = None,
        questions: Optional[Sequence[AccessPackageAssignmentPolicyQuestionArgs]] = None,
        requestor_settings: Optional[AccessPackageAssignmentPolicyRequestorSettingsArgs] = None) -> AccessPackageAssignmentPolicy

func GetAccessPackageAssignmentPolicy(ctx *Context, name string, id IDInput, state *AccessPackageAssignmentPolicyState, opts ...ResourceOption) (*AccessPackageAssignmentPolicy, error)

public static AccessPackageAssignmentPolicy Get(string name, Input<string> id, AccessPackageAssignmentPolicyState? state, CustomResourceOptions? opts = null)

public static AccessPackageAssignmentPolicy get(String name, Output<String> id, AccessPackageAssignmentPolicyState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccessPackageId string: The ID of the access package that will contain the policy.
ApprovalSettings Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettings: An approval_settings block to specify whether approvals are required and how they are obtained, as documented below.
AssignmentReviewSettings Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyAssignmentReviewSettings: An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below.
Description string: The description of the policy.
DisplayName string: The display name of the policy.
DurationInDays int: How many days this assignment is valid for.
ExpirationDate string: The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
ExtensionEnabled bool: Whether users will be able to request extension of their access to this package before their access expires.
Questions List<Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyQuestion>: One or more question blocks for the requestor, as documented below.
RequestorSettings Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyRequestorSettings: A requestor_settings block to configure the users who can request access, as documented below.

AccessPackageId string: The ID of the access package that will contain the policy.
ApprovalSettings AccessPackageAssignmentPolicyApprovalSettingsArgs: An approval_settings block to specify whether approvals are required and how they are obtained, as documented below.
AssignmentReviewSettings AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs: An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below.
Description string: The description of the policy.
DisplayName string: The display name of the policy.
DurationInDays int: How many days this assignment is valid for.
ExpirationDate string: The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
ExtensionEnabled bool: Whether users will be able to request extension of their access to this package before their access expires.
Questions []AccessPackageAssignmentPolicyQuestionArgs: One or more question blocks for the requestor, as documented below.
RequestorSettings AccessPackageAssignmentPolicyRequestorSettingsArgs: A requestor_settings block to configure the users who can request access, as documented below.

accessPackageId String: The ID of the access package that will contain the policy.
approvalSettings AccessPackageAssignmentPolicyApprovalSettings: An approval_settings block to specify whether approvals are required and how they are obtained, as documented below.
assignmentReviewSettings AccessPackageAssignmentPolicyAssignmentReviewSettings: An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below.
description String: The description of the policy.
displayName String: The display name of the policy.
durationInDays Integer: How many days this assignment is valid for.
expirationDate String: The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
extensionEnabled Boolean: Whether users will be able to request extension of their access to this package before their access expires.
questions List<AccessPackageAssignmentPolicyQuestion>: One or more question blocks for the requestor, as documented below.
requestorSettings AccessPackageAssignmentPolicyRequestorSettings: A requestor_settings block to configure the users who can request access, as documented below.

accessPackageId string: The ID of the access package that will contain the policy.
approvalSettings AccessPackageAssignmentPolicyApprovalSettings: An approval_settings block to specify whether approvals are required and how they are obtained, as documented below.
assignmentReviewSettings AccessPackageAssignmentPolicyAssignmentReviewSettings: An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below.
description string: The description of the policy.
displayName string: The display name of the policy.
durationInDays number: How many days this assignment is valid for.
expirationDate string: The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
extensionEnabled boolean: Whether users will be able to request extension of their access to this package before their access expires.
questions AccessPackageAssignmentPolicyQuestion[]: One or more question blocks for the requestor, as documented below.
requestorSettings AccessPackageAssignmentPolicyRequestorSettings: A requestor_settings block to configure the users who can request access, as documented below.

access_package_id str: The ID of the access package that will contain the policy.
approval_settings AccessPackageAssignmentPolicyApprovalSettingsArgs: An approval_settings block to specify whether approvals are required and how they are obtained, as documented below.
assignment_review_settings AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs: An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below.
description str: The description of the policy.
display_name str: The display name of the policy.
duration_in_days int: How many days this assignment is valid for.
expiration_date str: The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
extension_enabled bool: Whether users will be able to request extension of their access to this package before their access expires.
questions Sequence[AccessPackageAssignmentPolicyQuestionArgs]: One or more question blocks for the requestor, as documented below.
requestor_settings AccessPackageAssignmentPolicyRequestorSettingsArgs: A requestor_settings block to configure the users who can request access, as documented below.

accessPackageId String: The ID of the access package that will contain the policy.
approvalSettings Property Map: An approval_settings block to specify whether approvals are required and how they are obtained, as documented below.
assignmentReviewSettings Property Map: An assignment_review_settings block, to specify whether assignment review is needed and how it is conducted, as documented below.
description String: The description of the policy.
displayName String: The display name of the policy.
durationInDays Number: How many days this assignment is valid for.
expirationDate String: The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
extensionEnabled Boolean: Whether users will be able to request extension of their access to this package before their access expires.
questions List<Property Map>: One or more question blocks for the requestor, as documented below.
requestorSettings Property Map: A requestor_settings block to configure the users who can request access, as documented below.

Supporting Types

AccessPackageAssignmentPolicyApprovalSettings, AccessPackageAssignmentPolicyApprovalSettingsArgs

ApprovalRequired bool: Whether an approval is required.
ApprovalRequiredForExtension bool: Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.
ApprovalStages List<Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsApprovalStage>: An approval_stage block specifying the process to obtain an approval, as documented below.
RequestorJustificationRequired bool: Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.

ApprovalRequired bool: Whether an approval is required.
ApprovalRequiredForExtension bool: Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.
ApprovalStages []AccessPackageAssignmentPolicyApprovalSettingsApprovalStage: An approval_stage block specifying the process to obtain an approval, as documented below.
RequestorJustificationRequired bool: Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.

approvalRequired Boolean: Whether an approval is required.
approvalRequiredForExtension Boolean: Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.
approvalStages List<AccessPackageAssignmentPolicyApprovalSettingsApprovalStage>: An approval_stage block specifying the process to obtain an approval, as documented below.
requestorJustificationRequired Boolean: Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.

approvalRequired boolean: Whether an approval is required.
approvalRequiredForExtension boolean: Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.
approvalStages AccessPackageAssignmentPolicyApprovalSettingsApprovalStage[]: An approval_stage block specifying the process to obtain an approval, as documented below.
requestorJustificationRequired boolean: Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.

approval_required bool: Whether an approval is required.
approval_required_for_extension bool: Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.
approval_stages Sequence[AccessPackageAssignmentPolicyApprovalSettingsApprovalStage]: An approval_stage block specifying the process to obtain an approval, as documented below.
requestor_justification_required bool: Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.

approvalRequired Boolean: Whether an approval is required.
approvalRequiredForExtension Boolean: Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.
approvalStages List<Property Map>: An approval_stage block specifying the process to obtain an approval, as documented below.
requestorJustificationRequired Boolean: Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.

AccessPackageAssignmentPolicyApprovalSettingsApprovalStage, AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs

ApprovalTimeoutInDays int: Maximum number of days within which a request must be approved. If a request is not approved within this time period after it is made, it will be automatically rejected.
AlternativeApprovalEnabled bool: Whether alternative approvers are enabled.
AlternativeApprovers List<Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApprover>: A block specifying alternative approvers when escalation is enabled and the primary approvers do not respond before the escalation time, as documented below.
ApproverJustificationRequired bool: Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor.
EnableAlternativeApprovalInDays int: Number of days before the request is forwarded to alternative approvers.
PrimaryApprovers List<Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApprover>: A block specifying the users who will be asked to approve requests, as documented below.

ApprovalTimeoutInDays int: Maximum number of days within which a request must be approved. If a request is not approved within this time period after it is made, it will be automatically rejected.
AlternativeApprovalEnabled bool: Whether alternative approvers are enabled.
AlternativeApprovers []AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApprover: A block specifying alternative approvers when escalation is enabled and the primary approvers do not respond before the escalation time, as documented below.
ApproverJustificationRequired bool: Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor.
EnableAlternativeApprovalInDays int: Number of days before the request is forwarded to alternative approvers.
PrimaryApprovers []AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApprover: A block specifying the users who will be asked to approve requests, as documented below.

approvalTimeoutInDays Integer: Maximum number of days within which a request must be approved. If a request is not approved within this time period after it is made, it will be automatically rejected.
alternativeApprovalEnabled Boolean: Whether alternative approvers are enabled.
alternativeApprovers List<AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApprover>: A block specifying alternative approvers when escalation is enabled and the primary approvers do not respond before the escalation time, as documented below.
approverJustificationRequired Boolean: Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor.
enableAlternativeApprovalInDays Integer: Number of days before the request is forwarded to alternative approvers.
primaryApprovers List<AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApprover>: A block specifying the users who will be asked to approve requests, as documented below.

approvalTimeoutInDays number: Maximum number of days within which a request must be approved. If a request is not approved within this time period after it is made, it will be automatically rejected.
alternativeApprovalEnabled boolean: Whether alternative approvers are enabled.
alternativeApprovers AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApprover[]: A block specifying alternative approvers when escalation is enabled and the primary approvers do not respond before the escalation time, as documented below.
approverJustificationRequired boolean: Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor.
enableAlternativeApprovalInDays number: Number of days before the request is forwarded to alternative approvers.
primaryApprovers AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApprover[]: A block specifying the users who will be asked to approve requests, as documented below.

approval_timeout_in_days int: Maximum number of days within which a request must be approved. If a request is not approved within this time period after it is made, it will be automatically rejected.
alternative_approval_enabled bool: Whether alternative approvers are enabled.
alternative_approvers Sequence[AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApprover]: A block specifying alternative approvers when escalation is enabled and the primary approvers do not respond before the escalation time, as documented below.
approver_justification_required bool: Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor.
enable_alternative_approval_in_days int: Number of days before the request is forwarded to alternative approvers.
primary_approvers Sequence[AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApprover]: A block specifying the users who will be asked to approve requests, as documented below.

approvalTimeoutInDays Number: Maximum number of days within which a request must be approved. If a request is not approved within this time period after it is made, it will be automatically rejected.
alternativeApprovalEnabled Boolean: Whether alternative approvers are enabled.
alternativeApprovers List<Property Map>: A block specifying alternative approvers when escalation is enabled and the primary approvers do not respond before the escalation time, as documented below.
approverJustificationRequired Boolean: Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor.
enableAlternativeApprovalInDays Number: Number of days before the request is forwarded to alternative approvers.
primaryApprovers List<Property Map>: A block specifying the users who will be asked to approve requests, as documented below.

AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApprover, AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApproverArgs

SubjectType string: Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.
Backup bool: For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
ObjectId string: The ID of the subject.

SubjectType string: Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.
Backup bool: For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
ObjectId string: The ID of the subject.

subjectType String: Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.
backup Boolean: For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
objectId String: The ID of the subject.

subjectType string: Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.
backup boolean: For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
objectId string: The ID of the subject.

subject_type str: Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.
backup bool: For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
object_id str: The ID of the subject.

subjectType String: Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.
backup Boolean: For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
objectId String: The ID of the subject.

AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApprover, AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs

SubjectType string: Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.
Backup bool: For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
ObjectId string: The ID of the subject.

SubjectType string: Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.
Backup bool: For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
ObjectId string: The ID of the subject.

subjectType String: Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.
backup Boolean: For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
objectId String: The ID of the subject.

subjectType string: Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.
backup boolean: For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
objectId string: The ID of the subject.

subject_type str: Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.
backup bool: For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
object_id str: The ID of the subject.

subjectType String: Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.
backup Boolean: For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
objectId String: The ID of the subject.

AccessPackageAssignmentPolicyAssignmentReviewSettings, AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs

AccessRecommendationEnabled bool: Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.
AccessReviewTimeoutBehavior string: Specifies the actions the system takes if reviewers don't respond in time. Valid values are keepAccess, removeAccess, or acceptAccessRecommendation.
ApproverJustificationRequired bool: Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.
DurationInDays int: How many days each occurrence of the access review series will run.
Enabled bool: Whether to enable assignment review.
ReviewFrequency string: This will determine how often the access review campaign runs, valid values are weekly, monthly, quarterly, halfyearly, or annual.
ReviewType string: Self-review or specific reviewers. Valid values are Manager, Reviewers, or Self.
Reviewers List<Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewer>: One or more reviewer blocks to specify the users who will be reviewers (when review_type is Reviewers), as documented below.
StartingOn string: This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date

AccessRecommendationEnabled bool: Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.
AccessReviewTimeoutBehavior string: Specifies the actions the system takes if reviewers don't respond in time. Valid values are keepAccess, removeAccess, or acceptAccessRecommendation.
ApproverJustificationRequired bool: Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.
DurationInDays int: How many days each occurrence of the access review series will run.
Enabled bool: Whether to enable assignment review.
ReviewFrequency string: This will determine how often the access review campaign runs, valid values are weekly, monthly, quarterly, halfyearly, or annual.
ReviewType string: Self-review or specific reviewers. Valid values are Manager, Reviewers, or Self.
Reviewers []AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewer: One or more reviewer blocks to specify the users who will be reviewers (when review_type is Reviewers), as documented below.
StartingOn string: This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date

accessRecommendationEnabled Boolean: Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.
accessReviewTimeoutBehavior String: Specifies the actions the system takes if reviewers don't respond in time. Valid values are keepAccess, removeAccess, or acceptAccessRecommendation.
approverJustificationRequired Boolean: Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.
durationInDays Integer: How many days each occurrence of the access review series will run.
enabled Boolean: Whether to enable assignment review.
reviewFrequency String: This will determine how often the access review campaign runs, valid values are weekly, monthly, quarterly, halfyearly, or annual.
reviewType String: Self-review or specific reviewers. Valid values are Manager, Reviewers, or Self.
reviewers List<AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewer>: One or more reviewer blocks to specify the users who will be reviewers (when review_type is Reviewers), as documented below.
startingOn String: This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date

accessRecommendationEnabled boolean: Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.
accessReviewTimeoutBehavior string: Specifies the actions the system takes if reviewers don't respond in time. Valid values are keepAccess, removeAccess, or acceptAccessRecommendation.
approverJustificationRequired boolean: Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.
durationInDays number: How many days each occurrence of the access review series will run.
enabled boolean: Whether to enable assignment review.
reviewFrequency string: This will determine how often the access review campaign runs, valid values are weekly, monthly, quarterly, halfyearly, or annual.
reviewType string: Self-review or specific reviewers. Valid values are Manager, Reviewers, or Self.
reviewers AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewer[]: One or more reviewer blocks to specify the users who will be reviewers (when review_type is Reviewers), as documented below.
startingOn string: This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date

access_recommendation_enabled bool: Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.
access_review_timeout_behavior str: Specifies the actions the system takes if reviewers don't respond in time. Valid values are keepAccess, removeAccess, or acceptAccessRecommendation.
approver_justification_required bool: Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.
duration_in_days int: How many days each occurrence of the access review series will run.
enabled bool: Whether to enable assignment review.
review_frequency str: This will determine how often the access review campaign runs, valid values are weekly, monthly, quarterly, halfyearly, or annual.
review_type str: Self-review or specific reviewers. Valid values are Manager, Reviewers, or Self.
reviewers Sequence[AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewer]: One or more reviewer blocks to specify the users who will be reviewers (when review_type is Reviewers), as documented below.
starting_on str: This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date

accessRecommendationEnabled Boolean: Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.
accessReviewTimeoutBehavior String: Specifies the actions the system takes if reviewers don't respond in time. Valid values are keepAccess, removeAccess, or acceptAccessRecommendation.
approverJustificationRequired Boolean: Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.
durationInDays Number: How many days each occurrence of the access review series will run.
enabled Boolean: Whether to enable assignment review.
reviewFrequency String: This will determine how often the access review campaign runs, valid values are weekly, monthly, quarterly, halfyearly, or annual.
reviewType String: Self-review or specific reviewers. Valid values are Manager, Reviewers, or Self.
reviewers List<Property Map>: One or more reviewer blocks to specify the users who will be reviewers (when review_type is Reviewers), as documented below.
startingOn String: This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date

AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewer, AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewerArgs

SubjectType string: Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.
Backup bool: For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
ObjectId string: The ID of the subject.

SubjectType string: Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.
Backup bool: For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
ObjectId string: The ID of the subject.

subjectType String: Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.
backup Boolean: For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
objectId String: The ID of the subject.

subjectType string: Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.
backup boolean: For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
objectId string: The ID of the subject.

subject_type str: Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.
backup bool: For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
object_id str: The ID of the subject.

subjectType String: Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.
backup Boolean: For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
objectId String: The ID of the subject.

AccessPackageAssignmentPolicyQuestion, AccessPackageAssignmentPolicyQuestionArgs

Text Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionText: A block describing the content of this question, as documented below.
Choices List<Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionChoice>: One or more blocks configuring a choice to the question, as documented below.
Required bool: Whether this question is required.
Sequence int: The sequence number of this question.

Text AccessPackageAssignmentPolicyQuestionText: A block describing the content of this question, as documented below.
Choices []AccessPackageAssignmentPolicyQuestionChoice: One or more blocks configuring a choice to the question, as documented below.
Required bool: Whether this question is required.
Sequence int: The sequence number of this question.

text AccessPackageAssignmentPolicyQuestionText: A block describing the content of this question, as documented below.
choices List<AccessPackageAssignmentPolicyQuestionChoice>: One or more blocks configuring a choice to the question, as documented below.
required Boolean: Whether this question is required.
sequence Integer: The sequence number of this question.

text AccessPackageAssignmentPolicyQuestionText: A block describing the content of this question, as documented below.
choices AccessPackageAssignmentPolicyQuestionChoice[]: One or more blocks configuring a choice to the question, as documented below.
required boolean: Whether this question is required.
sequence number: The sequence number of this question.

text AccessPackageAssignmentPolicyQuestionText: A block describing the content of this question, as documented below.
choices Sequence[AccessPackageAssignmentPolicyQuestionChoice]: One or more blocks configuring a choice to the question, as documented below.
required bool: Whether this question is required.
sequence int: The sequence number of this question.

text Property Map: A block describing the content of this question, as documented below.
choices List<Property Map>: One or more blocks configuring a choice to the question, as documented below.
required Boolean: Whether this question is required.
sequence Number: The sequence number of this question.

AccessPackageAssignmentPolicyQuestionChoice, AccessPackageAssignmentPolicyQuestionChoiceArgs

ActualValue string: The actual value of this choice.
DisplayValue Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionChoiceDisplayValue: A block describing the display text of this choice, as documented below.

ActualValue string: The actual value of this choice.
DisplayValue AccessPackageAssignmentPolicyQuestionChoiceDisplayValue: A block describing the display text of this choice, as documented below.

actualValue String: The actual value of this choice.
displayValue AccessPackageAssignmentPolicyQuestionChoiceDisplayValue: A block describing the display text of this choice, as documented below.

actualValue string: The actual value of this choice.
displayValue AccessPackageAssignmentPolicyQuestionChoiceDisplayValue: A block describing the display text of this choice, as documented below.

actual_value str: The actual value of this choice.
display_value AccessPackageAssignmentPolicyQuestionChoiceDisplayValue: A block describing the display text of this choice, as documented below.

actualValue String: The actual value of this choice.
displayValue Property Map: A block describing the display text of this choice, as documented below.

AccessPackageAssignmentPolicyQuestionChoiceDisplayValue, AccessPackageAssignmentPolicyQuestionChoiceDisplayValueArgs

DefaultText string: The default text of this question.
LocalizedTexts List<Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedText>: One or more blocks describing localized text of this question, as documented below.

DefaultText string: The default text of this question.
LocalizedTexts []AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedText: One or more blocks describing localized text of this question, as documented below.

defaultText String: The default text of this question.
localizedTexts List<AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedText>: One or more blocks describing localized text of this question, as documented below.

defaultText string: The default text of this question.
localizedTexts AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedText[]: One or more blocks describing localized text of this question, as documented below.

default_text str: The default text of this question.
localized_texts Sequence[AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedText]: One or more blocks describing localized text of this question, as documented below.

defaultText String: The default text of this question.
localizedTexts List<Property Map>: One or more blocks describing localized text of this question, as documented below.

AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedText, AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedTextArgs

Content string: The localized content of this question.
LanguageCode string: The ISO 639 language code for this question content.

Content string: The localized content of this question.
LanguageCode string: The ISO 639 language code for this question content.

content String: The localized content of this question.
languageCode String: The ISO 639 language code for this question content.

content string: The localized content of this question.
languageCode string: The ISO 639 language code for this question content.

content str: The localized content of this question.
language_code str: The ISO 639 language code for this question content.

content String: The localized content of this question.
languageCode String: The ISO 639 language code for this question content.

AccessPackageAssignmentPolicyQuestionText, AccessPackageAssignmentPolicyQuestionTextArgs

DefaultText string: The default text of this question.
LocalizedTexts List<Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionTextLocalizedText>: One or more blocks describing localized text of this question, as documented below.

DefaultText string: The default text of this question.
LocalizedTexts []AccessPackageAssignmentPolicyQuestionTextLocalizedText: One or more blocks describing localized text of this question, as documented below.

defaultText String: The default text of this question.
localizedTexts List<AccessPackageAssignmentPolicyQuestionTextLocalizedText>: One or more blocks describing localized text of this question, as documented below.

defaultText string: The default text of this question.
localizedTexts AccessPackageAssignmentPolicyQuestionTextLocalizedText[]: One or more blocks describing localized text of this question, as documented below.

default_text str: The default text of this question.
localized_texts Sequence[AccessPackageAssignmentPolicyQuestionTextLocalizedText]: One or more blocks describing localized text of this question, as documented below.

defaultText String: The default text of this question.
localizedTexts List<Property Map>: One or more blocks describing localized text of this question, as documented below.

AccessPackageAssignmentPolicyQuestionTextLocalizedText, AccessPackageAssignmentPolicyQuestionTextLocalizedTextArgs

Content string: The localized content of this question.
LanguageCode string: The ISO 639 language code for this question content.

Content string: The localized content of this question.
LanguageCode string: The ISO 639 language code for this question content.

content String: The localized content of this question.
languageCode String: The ISO 639 language code for this question content.

content string: The localized content of this question.
languageCode string: The ISO 639 language code for this question content.

content str: The localized content of this question.
language_code str: The ISO 639 language code for this question content.

content String: The localized content of this question.
languageCode String: The ISO 639 language code for this question content.

AccessPackageAssignmentPolicyRequestorSettings, AccessPackageAssignmentPolicyRequestorSettingsArgs

Requestors List<Pulumi.AzureAD.Inputs.AccessPackageAssignmentPolicyRequestorSettingsRequestor>: A block specifying the users who are allowed to request on this policy, as documented below.
RequestsAccepted bool: Whether to accept requests using this policy. When false, no new requests can be made using this policy.
ScopeType string: Specifies the scopes of the requestors. Valid values are AllConfiguredConnectedOrganizationSubjects, AllExistingConnectedOrganizationSubjects, AllExistingDirectoryMemberUsers, AllExistingDirectorySubjects, AllExternalSubjects, NoSubjects, SpecificConnectedOrganizationSubjects, or SpecificDirectorySubjects.

Requestors []AccessPackageAssignmentPolicyRequestorSettingsRequestor: A block specifying the users who are allowed to request on this policy, as documented below.
RequestsAccepted bool: Whether to accept requests using this policy. When false, no new requests can be made using this policy.
ScopeType string: Specifies the scopes of the requestors. Valid values are AllConfiguredConnectedOrganizationSubjects, AllExistingConnectedOrganizationSubjects, AllExistingDirectoryMemberUsers, AllExistingDirectorySubjects, AllExternalSubjects, NoSubjects, SpecificConnectedOrganizationSubjects, or SpecificDirectorySubjects.

requestors List<AccessPackageAssignmentPolicyRequestorSettingsRequestor>: A block specifying the users who are allowed to request on this policy, as documented below.
requestsAccepted Boolean: Whether to accept requests using this policy. When false, no new requests can be made using this policy.
scopeType String: Specifies the scopes of the requestors. Valid values are AllConfiguredConnectedOrganizationSubjects, AllExistingConnectedOrganizationSubjects, AllExistingDirectoryMemberUsers, AllExistingDirectorySubjects, AllExternalSubjects, NoSubjects, SpecificConnectedOrganizationSubjects, or SpecificDirectorySubjects.

requestors AccessPackageAssignmentPolicyRequestorSettingsRequestor[]: A block specifying the users who are allowed to request on this policy, as documented below.
requestsAccepted boolean: Whether to accept requests using this policy. When false, no new requests can be made using this policy.
scopeType string: Specifies the scopes of the requestors. Valid values are AllConfiguredConnectedOrganizationSubjects, AllExistingConnectedOrganizationSubjects, AllExistingDirectoryMemberUsers, AllExistingDirectorySubjects, AllExternalSubjects, NoSubjects, SpecificConnectedOrganizationSubjects, or SpecificDirectorySubjects.

requestors Sequence[AccessPackageAssignmentPolicyRequestorSettingsRequestor]: A block specifying the users who are allowed to request on this policy, as documented below.
requests_accepted bool: Whether to accept requests using this policy. When false, no new requests can be made using this policy.
scope_type str: Specifies the scopes of the requestors. Valid values are AllConfiguredConnectedOrganizationSubjects, AllExistingConnectedOrganizationSubjects, AllExistingDirectoryMemberUsers, AllExistingDirectorySubjects, AllExternalSubjects, NoSubjects, SpecificConnectedOrganizationSubjects, or SpecificDirectorySubjects.

requestors List<Property Map>: A block specifying the users who are allowed to request on this policy, as documented below.
requestsAccepted Boolean: Whether to accept requests using this policy. When false, no new requests can be made using this policy.
scopeType String: Specifies the scopes of the requestors. Valid values are AllConfiguredConnectedOrganizationSubjects, AllExistingConnectedOrganizationSubjects, AllExistingDirectoryMemberUsers, AllExistingDirectorySubjects, AllExternalSubjects, NoSubjects, SpecificConnectedOrganizationSubjects, or SpecificDirectorySubjects.

AccessPackageAssignmentPolicyRequestorSettingsRequestor, AccessPackageAssignmentPolicyRequestorSettingsRequestorArgs

SubjectType string: Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.
Backup bool: For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
ObjectId string: The ID of the subject.

SubjectType string: Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.
Backup bool: For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
ObjectId string: The ID of the subject.

subjectType String: Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.
backup Boolean: For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
objectId String: The ID of the subject.

subjectType string: Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.
backup boolean: For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
objectId string: The ID of the subject.

subject_type str: Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.
backup bool: For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
object_id str: The ID of the subject.

subjectType String: Specifies the type of users. Valid values are singleUser, groupMembers, connectedOrganizationMembers, requestorManager, internalSponsors, or externalSponsors.
backup Boolean: For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
objectId String: The ID of the subject.

Import

An access package assignment policy can be imported using the ID, e.g.

 $ pulumi import azuread:index/accessPackageAssignmentPolicy:AccessPackageAssignmentPolicy example 00000000-0000-0000-0000-000000000000

Package Details

Repository: Azure Active Directory (Azure AD) pulumi/pulumi-azuread
License: Apache-2.0
Notes: This Pulumi package is based on the azuread Terraform Provider.

Azure Active Directory (Azure AD) v5.42.0 published on Friday, Sep 22, 2023 by Pulumi

pulumi/pulumi-azuread

azuread.AccessPackageAssignmentPolicy

On this page

On this page

API Permissions

Example Usage

Create AccessPackageAssignmentPolicy Resource

AccessPackageAssignmentPolicy Resource Properties

Inputs

Outputs

Look up Existing AccessPackageAssignmentPolicy Resource

Supporting Types

AccessPackageAssignmentPolicyApprovalSettings, AccessPackageAssignmentPolicyApprovalSettingsArgs

AccessPackageAssignmentPolicyApprovalSettingsApprovalStage, AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs

AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApprover, AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApproverArgs

AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApprover, AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs

AccessPackageAssignmentPolicyAssignmentReviewSettings, AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs

AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewer, AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewerArgs

AccessPackageAssignmentPolicyQuestion, AccessPackageAssignmentPolicyQuestionArgs

AccessPackageAssignmentPolicyQuestionChoice, AccessPackageAssignmentPolicyQuestionChoiceArgs

AccessPackageAssignmentPolicyQuestionChoiceDisplayValue, AccessPackageAssignmentPolicyQuestionChoiceDisplayValueArgs

AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedText, AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedTextArgs

AccessPackageAssignmentPolicyQuestionText, AccessPackageAssignmentPolicyQuestionTextArgs

AccessPackageAssignmentPolicyQuestionTextLocalizedText, AccessPackageAssignmentPolicyQuestionTextLocalizedTextArgs

AccessPackageAssignmentPolicyRequestorSettings, AccessPackageAssignmentPolicyRequestorSettingsArgs

AccessPackageAssignmentPolicyRequestorSettingsRequestor, AccessPackageAssignmentPolicyRequestorSettingsRequestorArgs

Import

Package Details

On this page

On this page