azuread.AccessPackageAssignmentPolicy
Explore with Pulumi AI
Manages an assignment policy for an access package within Identity Governance in Azure Active Directory.
API Permissions
The following API permissions are required in order to use this resource.
When authenticated with a service principal, this resource requires the following application role: EntitlementManagement.ReadWrite.All
.
When authenticated with a user principal, this resource requires Global Administrator
directory role, or one of the Catalog Owner
and Access Package Manager
role in Identity Governance.
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var exampleGroup = new AzureAD.Group("exampleGroup", new()
{
DisplayName = "group-name",
SecurityEnabled = true,
});
var exampleAccessPackageCatalog = new AzureAD.AccessPackageCatalog("exampleAccessPackageCatalog", new()
{
DisplayName = "example-catalog",
Description = "Example catalog",
});
var exampleAccessPackage = new AzureAD.AccessPackage("exampleAccessPackage", new()
{
CatalogId = exampleAccessPackageCatalog.Id,
DisplayName = "access-package",
Description = "Access Package",
});
var exampleAccessPackageAssignmentPolicy = new AzureAD.AccessPackageAssignmentPolicy("exampleAccessPackageAssignmentPolicy", new()
{
AccessPackageId = exampleAccessPackage.Id,
DisplayName = "assignment-policy",
Description = "My assignment policy",
DurationInDays = 90,
RequestorSettings = new AzureAD.Inputs.AccessPackageAssignmentPolicyRequestorSettingsArgs
{
ScopeType = "AllExistingDirectoryMemberUsers",
},
ApprovalSettings = new AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsArgs
{
ApprovalRequired = true,
ApprovalStages = new[]
{
new AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs
{
ApprovalTimeoutInDays = 14,
PrimaryApprovers = new[]
{
new AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs
{
ObjectId = exampleGroup.ObjectId,
SubjectType = "groupMembers",
},
},
},
},
},
AssignmentReviewSettings = new AzureAD.Inputs.AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs
{
Enabled = true,
ReviewFrequency = "weekly",
DurationInDays = 3,
ReviewType = "Self",
AccessReviewTimeoutBehavior = "keepAccess",
},
Questions = new[]
{
new AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionArgs
{
Text = new AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionTextArgs
{
DefaultText = "hello, how are you?",
},
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleGroup, err := azuread.NewGroup(ctx, "exampleGroup", &azuread.GroupArgs{
DisplayName: pulumi.String("group-name"),
SecurityEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
exampleAccessPackageCatalog, err := azuread.NewAccessPackageCatalog(ctx, "exampleAccessPackageCatalog", &azuread.AccessPackageCatalogArgs{
DisplayName: pulumi.String("example-catalog"),
Description: pulumi.String("Example catalog"),
})
if err != nil {
return err
}
exampleAccessPackage, err := azuread.NewAccessPackage(ctx, "exampleAccessPackage", &azuread.AccessPackageArgs{
CatalogId: exampleAccessPackageCatalog.ID(),
DisplayName: pulumi.String("access-package"),
Description: pulumi.String("Access Package"),
})
if err != nil {
return err
}
_, err = azuread.NewAccessPackageAssignmentPolicy(ctx, "exampleAccessPackageAssignmentPolicy", &azuread.AccessPackageAssignmentPolicyArgs{
AccessPackageId: exampleAccessPackage.ID(),
DisplayName: pulumi.String("assignment-policy"),
Description: pulumi.String("My assignment policy"),
DurationInDays: pulumi.Int(90),
RequestorSettings: &azuread.AccessPackageAssignmentPolicyRequestorSettingsArgs{
ScopeType: pulumi.String("AllExistingDirectoryMemberUsers"),
},
ApprovalSettings: &azuread.AccessPackageAssignmentPolicyApprovalSettingsArgs{
ApprovalRequired: pulumi.Bool(true),
ApprovalStages: azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArray{
&azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs{
ApprovalTimeoutInDays: pulumi.Int(14),
PrimaryApprovers: azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArray{
&azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs{
ObjectId: exampleGroup.ObjectId,
SubjectType: pulumi.String("groupMembers"),
},
},
},
},
},
AssignmentReviewSettings: &azuread.AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs{
Enabled: pulumi.Bool(true),
ReviewFrequency: pulumi.String("weekly"),
DurationInDays: pulumi.Int(3),
ReviewType: pulumi.String("Self"),
AccessReviewTimeoutBehavior: pulumi.String("keepAccess"),
},
Questions: azuread.AccessPackageAssignmentPolicyQuestionArray{
&azuread.AccessPackageAssignmentPolicyQuestionArgs{
Text: &azuread.AccessPackageAssignmentPolicyQuestionTextArgs{
DefaultText: pulumi.String("hello, how are you?"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.Group;
import com.pulumi.azuread.GroupArgs;
import com.pulumi.azuread.AccessPackageCatalog;
import com.pulumi.azuread.AccessPackageCatalogArgs;
import com.pulumi.azuread.AccessPackage;
import com.pulumi.azuread.AccessPackageArgs;
import com.pulumi.azuread.AccessPackageAssignmentPolicy;
import com.pulumi.azuread.AccessPackageAssignmentPolicyArgs;
import com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyRequestorSettingsArgs;
import com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyApprovalSettingsArgs;
import com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs;
import com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyQuestionArgs;
import com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyQuestionTextArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleGroup = new Group("exampleGroup", GroupArgs.builder()
.displayName("group-name")
.securityEnabled(true)
.build());
var exampleAccessPackageCatalog = new AccessPackageCatalog("exampleAccessPackageCatalog", AccessPackageCatalogArgs.builder()
.displayName("example-catalog")
.description("Example catalog")
.build());
var exampleAccessPackage = new AccessPackage("exampleAccessPackage", AccessPackageArgs.builder()
.catalogId(exampleAccessPackageCatalog.id())
.displayName("access-package")
.description("Access Package")
.build());
var exampleAccessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy("exampleAccessPackageAssignmentPolicy", AccessPackageAssignmentPolicyArgs.builder()
.accessPackageId(exampleAccessPackage.id())
.displayName("assignment-policy")
.description("My assignment policy")
.durationInDays(90)
.requestorSettings(AccessPackageAssignmentPolicyRequestorSettingsArgs.builder()
.scopeType("AllExistingDirectoryMemberUsers")
.build())
.approvalSettings(AccessPackageAssignmentPolicyApprovalSettingsArgs.builder()
.approvalRequired(true)
.approvalStages(AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs.builder()
.approvalTimeoutInDays(14)
.primaryApprovers(AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs.builder()
.objectId(exampleGroup.objectId())
.subjectType("groupMembers")
.build())
.build())
.build())
.assignmentReviewSettings(AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs.builder()
.enabled(true)
.reviewFrequency("weekly")
.durationInDays(3)
.reviewType("Self")
.accessReviewTimeoutBehavior("keepAccess")
.build())
.questions(AccessPackageAssignmentPolicyQuestionArgs.builder()
.text(AccessPackageAssignmentPolicyQuestionTextArgs.builder()
.defaultText("hello, how are you?")
.build())
.build())
.build());
}
}
import pulumi
import pulumi_azuread as azuread
example_group = azuread.Group("exampleGroup",
display_name="group-name",
security_enabled=True)
example_access_package_catalog = azuread.AccessPackageCatalog("exampleAccessPackageCatalog",
display_name="example-catalog",
description="Example catalog")
example_access_package = azuread.AccessPackage("exampleAccessPackage",
catalog_id=example_access_package_catalog.id,
display_name="access-package",
description="Access Package")
example_access_package_assignment_policy = azuread.AccessPackageAssignmentPolicy("exampleAccessPackageAssignmentPolicy",
access_package_id=example_access_package.id,
display_name="assignment-policy",
description="My assignment policy",
duration_in_days=90,
requestor_settings=azuread.AccessPackageAssignmentPolicyRequestorSettingsArgs(
scope_type="AllExistingDirectoryMemberUsers",
),
approval_settings=azuread.AccessPackageAssignmentPolicyApprovalSettingsArgs(
approval_required=True,
approval_stages=[azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs(
approval_timeout_in_days=14,
primary_approvers=[azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs(
object_id=example_group.object_id,
subject_type="groupMembers",
)],
)],
),
assignment_review_settings=azuread.AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs(
enabled=True,
review_frequency="weekly",
duration_in_days=3,
review_type="Self",
access_review_timeout_behavior="keepAccess",
),
questions=[azuread.AccessPackageAssignmentPolicyQuestionArgs(
text=azuread.AccessPackageAssignmentPolicyQuestionTextArgs(
default_text="hello, how are you?",
),
)])
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
const exampleGroup = new azuread.Group("exampleGroup", {
displayName: "group-name",
securityEnabled: true,
});
const exampleAccessPackageCatalog = new azuread.AccessPackageCatalog("exampleAccessPackageCatalog", {
displayName: "example-catalog",
description: "Example catalog",
});
const exampleAccessPackage = new azuread.AccessPackage("exampleAccessPackage", {
catalogId: exampleAccessPackageCatalog.id,
displayName: "access-package",
description: "Access Package",
});
const exampleAccessPackageAssignmentPolicy = new azuread.AccessPackageAssignmentPolicy("exampleAccessPackageAssignmentPolicy", {
accessPackageId: exampleAccessPackage.id,
displayName: "assignment-policy",
description: "My assignment policy",
durationInDays: 90,
requestorSettings: {
scopeType: "AllExistingDirectoryMemberUsers",
},
approvalSettings: {
approvalRequired: true,
approvalStages: [{
approvalTimeoutInDays: 14,
primaryApprovers: [{
objectId: exampleGroup.objectId,
subjectType: "groupMembers",
}],
}],
},
assignmentReviewSettings: {
enabled: true,
reviewFrequency: "weekly",
durationInDays: 3,
reviewType: "Self",
accessReviewTimeoutBehavior: "keepAccess",
},
questions: [{
text: {
defaultText: "hello, how are you?",
},
}],
});
resources:
exampleGroup:
type: azuread:Group
properties:
displayName: group-name
securityEnabled: true
exampleAccessPackageCatalog:
type: azuread:AccessPackageCatalog
properties:
displayName: example-catalog
description: Example catalog
exampleAccessPackage:
type: azuread:AccessPackage
properties:
catalogId: ${exampleAccessPackageCatalog.id}
displayName: access-package
description: Access Package
exampleAccessPackageAssignmentPolicy:
type: azuread:AccessPackageAssignmentPolicy
properties:
accessPackageId: ${exampleAccessPackage.id}
displayName: assignment-policy
description: My assignment policy
durationInDays: 90
requestorSettings:
scopeType: AllExistingDirectoryMemberUsers
approvalSettings:
approvalRequired: true
approvalStages:
- approvalTimeoutInDays: 14
primaryApprovers:
- objectId: ${exampleGroup.objectId}
subjectType: groupMembers
assignmentReviewSettings:
enabled: true
reviewFrequency: weekly
durationInDays: 3
reviewType: Self
accessReviewTimeoutBehavior: keepAccess
questions:
- text:
defaultText: hello, how are you?
Create AccessPackageAssignmentPolicy Resource
new AccessPackageAssignmentPolicy(name: string, args: AccessPackageAssignmentPolicyArgs, opts?: CustomResourceOptions);
@overload
def AccessPackageAssignmentPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
access_package_id: Optional[str] = None,
approval_settings: Optional[AccessPackageAssignmentPolicyApprovalSettingsArgs] = None,
assignment_review_settings: Optional[AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
duration_in_days: Optional[int] = None,
expiration_date: Optional[str] = None,
extension_enabled: Optional[bool] = None,
questions: Optional[Sequence[AccessPackageAssignmentPolicyQuestionArgs]] = None,
requestor_settings: Optional[AccessPackageAssignmentPolicyRequestorSettingsArgs] = None)
@overload
def AccessPackageAssignmentPolicy(resource_name: str,
args: AccessPackageAssignmentPolicyArgs,
opts: Optional[ResourceOptions] = None)
func NewAccessPackageAssignmentPolicy(ctx *Context, name string, args AccessPackageAssignmentPolicyArgs, opts ...ResourceOption) (*AccessPackageAssignmentPolicy, error)
public AccessPackageAssignmentPolicy(string name, AccessPackageAssignmentPolicyArgs args, CustomResourceOptions? opts = null)
public AccessPackageAssignmentPolicy(String name, AccessPackageAssignmentPolicyArgs args)
public AccessPackageAssignmentPolicy(String name, AccessPackageAssignmentPolicyArgs args, CustomResourceOptions options)
type: azuread:AccessPackageAssignmentPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessPackageAssignmentPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AccessPackageAssignmentPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccessPackageAssignmentPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessPackageAssignmentPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AccessPackageAssignmentPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AccessPackageAssignmentPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AccessPackageAssignmentPolicy resource accepts the following input properties:
- Access
Package stringId The ID of the access package that will contain the policy.
- Description string
The description of the policy.
- Display
Name string The display name of the policy.
- Approval
Settings Pulumi.Azure AD. Inputs. Access Package Assignment Policy Approval Settings An
approval_settings
block to specify whether approvals are required and how they are obtained, as documented below.- Assignment
Review Pulumi.Settings Azure AD. Inputs. Access Package Assignment Policy Assignment Review Settings An
assignment_review_settings
block, to specify whether assignment review is needed and how it is conducted, as documented below.- Duration
In intDays How many days this assignment is valid for.
- Expiration
Date string The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
- Extension
Enabled bool Whether users will be able to request extension of their access to this package before their access expires.
- Questions
List<Pulumi.
Azure AD. Inputs. Access Package Assignment Policy Question> One or more
question
blocks for the requestor, as documented below.- Requestor
Settings Pulumi.Azure AD. Inputs. Access Package Assignment Policy Requestor Settings A
requestor_settings
block to configure the users who can request access, as documented below.
- Access
Package stringId The ID of the access package that will contain the policy.
- Description string
The description of the policy.
- Display
Name string The display name of the policy.
- Approval
Settings AccessPackage Assignment Policy Approval Settings Args An
approval_settings
block to specify whether approvals are required and how they are obtained, as documented below.- Assignment
Review AccessSettings Package Assignment Policy Assignment Review Settings Args An
assignment_review_settings
block, to specify whether assignment review is needed and how it is conducted, as documented below.- Duration
In intDays How many days this assignment is valid for.
- Expiration
Date string The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
- Extension
Enabled bool Whether users will be able to request extension of their access to this package before their access expires.
- Questions
[]Access
Package Assignment Policy Question Args One or more
question
blocks for the requestor, as documented below.- Requestor
Settings AccessPackage Assignment Policy Requestor Settings Args A
requestor_settings
block to configure the users who can request access, as documented below.
- access
Package StringId The ID of the access package that will contain the policy.
- description String
The description of the policy.
- display
Name String The display name of the policy.
- approval
Settings AccessPackage Assignment Policy Approval Settings An
approval_settings
block to specify whether approvals are required and how they are obtained, as documented below.- assignment
Review AccessSettings Package Assignment Policy Assignment Review Settings An
assignment_review_settings
block, to specify whether assignment review is needed and how it is conducted, as documented below.- duration
In IntegerDays How many days this assignment is valid for.
- expiration
Date String The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
- extension
Enabled Boolean Whether users will be able to request extension of their access to this package before their access expires.
- questions
List<Access
Package Assignment Policy Question> One or more
question
blocks for the requestor, as documented below.- requestor
Settings AccessPackage Assignment Policy Requestor Settings A
requestor_settings
block to configure the users who can request access, as documented below.
- access
Package stringId The ID of the access package that will contain the policy.
- description string
The description of the policy.
- display
Name string The display name of the policy.
- approval
Settings AccessPackage Assignment Policy Approval Settings An
approval_settings
block to specify whether approvals are required and how they are obtained, as documented below.- assignment
Review AccessSettings Package Assignment Policy Assignment Review Settings An
assignment_review_settings
block, to specify whether assignment review is needed and how it is conducted, as documented below.- duration
In numberDays How many days this assignment is valid for.
- expiration
Date string The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
- extension
Enabled boolean Whether users will be able to request extension of their access to this package before their access expires.
- questions
Access
Package Assignment Policy Question[] One or more
question
blocks for the requestor, as documented below.- requestor
Settings AccessPackage Assignment Policy Requestor Settings A
requestor_settings
block to configure the users who can request access, as documented below.
- access_
package_ strid The ID of the access package that will contain the policy.
- description str
The description of the policy.
- display_
name str The display name of the policy.
- approval_
settings AccessPackage Assignment Policy Approval Settings Args An
approval_settings
block to specify whether approvals are required and how they are obtained, as documented below.- assignment_
review_ Accesssettings Package Assignment Policy Assignment Review Settings Args An
assignment_review_settings
block, to specify whether assignment review is needed and how it is conducted, as documented below.- duration_
in_ intdays How many days this assignment is valid for.
- expiration_
date str The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
- extension_
enabled bool Whether users will be able to request extension of their access to this package before their access expires.
- questions
Sequence[Access
Package Assignment Policy Question Args] One or more
question
blocks for the requestor, as documented below.- requestor_
settings AccessPackage Assignment Policy Requestor Settings Args A
requestor_settings
block to configure the users who can request access, as documented below.
- access
Package StringId The ID of the access package that will contain the policy.
- description String
The description of the policy.
- display
Name String The display name of the policy.
- approval
Settings Property Map An
approval_settings
block to specify whether approvals are required and how they are obtained, as documented below.- assignment
Review Property MapSettings An
assignment_review_settings
block, to specify whether assignment review is needed and how it is conducted, as documented below.- duration
In NumberDays How many days this assignment is valid for.
- expiration
Date String The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
- extension
Enabled Boolean Whether users will be able to request extension of their access to this package before their access expires.
- questions List<Property Map>
One or more
question
blocks for the requestor, as documented below.- requestor
Settings Property Map A
requestor_settings
block to configure the users who can request access, as documented below.
Outputs
All input properties are implicitly available as output properties. Additionally, the AccessPackageAssignmentPolicy resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing AccessPackageAssignmentPolicy Resource
Get an existing AccessPackageAssignmentPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AccessPackageAssignmentPolicyState, opts?: CustomResourceOptions): AccessPackageAssignmentPolicy
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_package_id: Optional[str] = None,
approval_settings: Optional[AccessPackageAssignmentPolicyApprovalSettingsArgs] = None,
assignment_review_settings: Optional[AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
duration_in_days: Optional[int] = None,
expiration_date: Optional[str] = None,
extension_enabled: Optional[bool] = None,
questions: Optional[Sequence[AccessPackageAssignmentPolicyQuestionArgs]] = None,
requestor_settings: Optional[AccessPackageAssignmentPolicyRequestorSettingsArgs] = None) -> AccessPackageAssignmentPolicy
func GetAccessPackageAssignmentPolicy(ctx *Context, name string, id IDInput, state *AccessPackageAssignmentPolicyState, opts ...ResourceOption) (*AccessPackageAssignmentPolicy, error)
public static AccessPackageAssignmentPolicy Get(string name, Input<string> id, AccessPackageAssignmentPolicyState? state, CustomResourceOptions? opts = null)
public static AccessPackageAssignmentPolicy get(String name, Output<String> id, AccessPackageAssignmentPolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Package stringId The ID of the access package that will contain the policy.
- Approval
Settings Pulumi.Azure AD. Inputs. Access Package Assignment Policy Approval Settings An
approval_settings
block to specify whether approvals are required and how they are obtained, as documented below.- Assignment
Review Pulumi.Settings Azure AD. Inputs. Access Package Assignment Policy Assignment Review Settings An
assignment_review_settings
block, to specify whether assignment review is needed and how it is conducted, as documented below.- Description string
The description of the policy.
- Display
Name string The display name of the policy.
- Duration
In intDays How many days this assignment is valid for.
- Expiration
Date string The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
- Extension
Enabled bool Whether users will be able to request extension of their access to this package before their access expires.
- Questions
List<Pulumi.
Azure AD. Inputs. Access Package Assignment Policy Question> One or more
question
blocks for the requestor, as documented below.- Requestor
Settings Pulumi.Azure AD. Inputs. Access Package Assignment Policy Requestor Settings A
requestor_settings
block to configure the users who can request access, as documented below.
- Access
Package stringId The ID of the access package that will contain the policy.
- Approval
Settings AccessPackage Assignment Policy Approval Settings Args An
approval_settings
block to specify whether approvals are required and how they are obtained, as documented below.- Assignment
Review AccessSettings Package Assignment Policy Assignment Review Settings Args An
assignment_review_settings
block, to specify whether assignment review is needed and how it is conducted, as documented below.- Description string
The description of the policy.
- Display
Name string The display name of the policy.
- Duration
In intDays How many days this assignment is valid for.
- Expiration
Date string The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
- Extension
Enabled bool Whether users will be able to request extension of their access to this package before their access expires.
- Questions
[]Access
Package Assignment Policy Question Args One or more
question
blocks for the requestor, as documented below.- Requestor
Settings AccessPackage Assignment Policy Requestor Settings Args A
requestor_settings
block to configure the users who can request access, as documented below.
- access
Package StringId The ID of the access package that will contain the policy.
- approval
Settings AccessPackage Assignment Policy Approval Settings An
approval_settings
block to specify whether approvals are required and how they are obtained, as documented below.- assignment
Review AccessSettings Package Assignment Policy Assignment Review Settings An
assignment_review_settings
block, to specify whether assignment review is needed and how it is conducted, as documented below.- description String
The description of the policy.
- display
Name String The display name of the policy.
- duration
In IntegerDays How many days this assignment is valid for.
- expiration
Date String The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
- extension
Enabled Boolean Whether users will be able to request extension of their access to this package before their access expires.
- questions
List<Access
Package Assignment Policy Question> One or more
question
blocks for the requestor, as documented below.- requestor
Settings AccessPackage Assignment Policy Requestor Settings A
requestor_settings
block to configure the users who can request access, as documented below.
- access
Package stringId The ID of the access package that will contain the policy.
- approval
Settings AccessPackage Assignment Policy Approval Settings An
approval_settings
block to specify whether approvals are required and how they are obtained, as documented below.- assignment
Review AccessSettings Package Assignment Policy Assignment Review Settings An
assignment_review_settings
block, to specify whether assignment review is needed and how it is conducted, as documented below.- description string
The description of the policy.
- display
Name string The display name of the policy.
- duration
In numberDays How many days this assignment is valid for.
- expiration
Date string The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
- extension
Enabled boolean Whether users will be able to request extension of their access to this package before their access expires.
- questions
Access
Package Assignment Policy Question[] One or more
question
blocks for the requestor, as documented below.- requestor
Settings AccessPackage Assignment Policy Requestor Settings A
requestor_settings
block to configure the users who can request access, as documented below.
- access_
package_ strid The ID of the access package that will contain the policy.
- approval_
settings AccessPackage Assignment Policy Approval Settings Args An
approval_settings
block to specify whether approvals are required and how they are obtained, as documented below.- assignment_
review_ Accesssettings Package Assignment Policy Assignment Review Settings Args An
assignment_review_settings
block, to specify whether assignment review is needed and how it is conducted, as documented below.- description str
The description of the policy.
- display_
name str The display name of the policy.
- duration_
in_ intdays How many days this assignment is valid for.
- expiration_
date str The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
- extension_
enabled bool Whether users will be able to request extension of their access to this package before their access expires.
- questions
Sequence[Access
Package Assignment Policy Question Args] One or more
question
blocks for the requestor, as documented below.- requestor_
settings AccessPackage Assignment Policy Requestor Settings Args A
requestor_settings
block to configure the users who can request access, as documented below.
- access
Package StringId The ID of the access package that will contain the policy.
- approval
Settings Property Map An
approval_settings
block to specify whether approvals are required and how they are obtained, as documented below.- assignment
Review Property MapSettings An
assignment_review_settings
block, to specify whether assignment review is needed and how it is conducted, as documented below.- description String
The description of the policy.
- display
Name String The display name of the policy.
- duration
In NumberDays How many days this assignment is valid for.
- expiration
Date String The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
- extension
Enabled Boolean Whether users will be able to request extension of their access to this package before their access expires.
- questions List<Property Map>
One or more
question
blocks for the requestor, as documented below.- requestor
Settings Property Map A
requestor_settings
block to configure the users who can request access, as documented below.
Supporting Types
AccessPackageAssignmentPolicyApprovalSettings, AccessPackageAssignmentPolicyApprovalSettingsArgs
- Approval
Required bool Whether an approval is required.
- Approval
Required boolFor Extension Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.
- Approval
Stages List<Pulumi.Azure AD. Inputs. Access Package Assignment Policy Approval Settings Approval Stage> An
approval_stage
block specifying the process to obtain an approval, as documented below.- Requestor
Justification boolRequired Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.
- Approval
Required bool Whether an approval is required.
- Approval
Required boolFor Extension Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.
- Approval
Stages []AccessPackage Assignment Policy Approval Settings Approval Stage An
approval_stage
block specifying the process to obtain an approval, as documented below.- Requestor
Justification boolRequired Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.
- approval
Required Boolean Whether an approval is required.
- approval
Required BooleanFor Extension Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.
- approval
Stages List<AccessPackage Assignment Policy Approval Settings Approval Stage> An
approval_stage
block specifying the process to obtain an approval, as documented below.- requestor
Justification BooleanRequired Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.
- approval
Required boolean Whether an approval is required.
- approval
Required booleanFor Extension Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.
- approval
Stages AccessPackage Assignment Policy Approval Settings Approval Stage[] An
approval_stage
block specifying the process to obtain an approval, as documented below.- requestor
Justification booleanRequired Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.
- approval_
required bool Whether an approval is required.
- approval_
required_ boolfor_ extension Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.
- approval_
stages Sequence[AccessPackage Assignment Policy Approval Settings Approval Stage] An
approval_stage
block specifying the process to obtain an approval, as documented below.- requestor_
justification_ boolrequired Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.
- approval
Required Boolean Whether an approval is required.
- approval
Required BooleanFor Extension Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.
- approval
Stages List<Property Map> An
approval_stage
block specifying the process to obtain an approval, as documented below.- requestor
Justification BooleanRequired Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.
AccessPackageAssignmentPolicyApprovalSettingsApprovalStage, AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs
- Approval
Timeout intIn Days Maximum number of days within which a request must be approved. If a request is not approved within this time period after it is made, it will be automatically rejected.
- Alternative
Approval boolEnabled Whether alternative approvers are enabled.
- Alternative
Approvers List<Pulumi.Azure AD. Inputs. Access Package Assignment Policy Approval Settings Approval Stage Alternative Approver> A block specifying alternative approvers when escalation is enabled and the primary approvers do not respond before the escalation time, as documented below.
- Approver
Justification boolRequired Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor.
- Enable
Alternative intApproval In Days Number of days before the request is forwarded to alternative approvers.
- Primary
Approvers List<Pulumi.Azure AD. Inputs. Access Package Assignment Policy Approval Settings Approval Stage Primary Approver> A block specifying the users who will be asked to approve requests, as documented below.
- Approval
Timeout intIn Days Maximum number of days within which a request must be approved. If a request is not approved within this time period after it is made, it will be automatically rejected.
- Alternative
Approval boolEnabled Whether alternative approvers are enabled.
- Alternative
Approvers []AccessPackage Assignment Policy Approval Settings Approval Stage Alternative Approver A block specifying alternative approvers when escalation is enabled and the primary approvers do not respond before the escalation time, as documented below.
- Approver
Justification boolRequired Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor.
- Enable
Alternative intApproval In Days Number of days before the request is forwarded to alternative approvers.
- Primary
Approvers []AccessPackage Assignment Policy Approval Settings Approval Stage Primary Approver A block specifying the users who will be asked to approve requests, as documented below.
- approval
Timeout IntegerIn Days Maximum number of days within which a request must be approved. If a request is not approved within this time period after it is made, it will be automatically rejected.
- alternative
Approval BooleanEnabled Whether alternative approvers are enabled.
- alternative
Approvers List<AccessPackage Assignment Policy Approval Settings Approval Stage Alternative Approver> A block specifying alternative approvers when escalation is enabled and the primary approvers do not respond before the escalation time, as documented below.
- approver
Justification BooleanRequired Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor.
- enable
Alternative IntegerApproval In Days Number of days before the request is forwarded to alternative approvers.
- primary
Approvers List<AccessPackage Assignment Policy Approval Settings Approval Stage Primary Approver> A block specifying the users who will be asked to approve requests, as documented below.
- approval
Timeout numberIn Days Maximum number of days within which a request must be approved. If a request is not approved within this time period after it is made, it will be automatically rejected.
- alternative
Approval booleanEnabled Whether alternative approvers are enabled.
- alternative
Approvers AccessPackage Assignment Policy Approval Settings Approval Stage Alternative Approver[] A block specifying alternative approvers when escalation is enabled and the primary approvers do not respond before the escalation time, as documented below.
- approver
Justification booleanRequired Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor.
- enable
Alternative numberApproval In Days Number of days before the request is forwarded to alternative approvers.
- primary
Approvers AccessPackage Assignment Policy Approval Settings Approval Stage Primary Approver[] A block specifying the users who will be asked to approve requests, as documented below.
- approval_
timeout_ intin_ days Maximum number of days within which a request must be approved. If a request is not approved within this time period after it is made, it will be automatically rejected.
- alternative_
approval_ boolenabled Whether alternative approvers are enabled.
- alternative_
approvers Sequence[AccessPackage Assignment Policy Approval Settings Approval Stage Alternative Approver] A block specifying alternative approvers when escalation is enabled and the primary approvers do not respond before the escalation time, as documented below.
- approver_
justification_ boolrequired Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor.
- enable_
alternative_ intapproval_ in_ days Number of days before the request is forwarded to alternative approvers.
- primary_
approvers Sequence[AccessPackage Assignment Policy Approval Settings Approval Stage Primary Approver] A block specifying the users who will be asked to approve requests, as documented below.
- approval
Timeout NumberIn Days Maximum number of days within which a request must be approved. If a request is not approved within this time period after it is made, it will be automatically rejected.
- alternative
Approval BooleanEnabled Whether alternative approvers are enabled.
- alternative
Approvers List<Property Map> A block specifying alternative approvers when escalation is enabled and the primary approvers do not respond before the escalation time, as documented below.
- approver
Justification BooleanRequired Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor.
- enable
Alternative NumberApproval In Days Number of days before the request is forwarded to alternative approvers.
- primary
Approvers List<Property Map> A block specifying the users who will be asked to approve requests, as documented below.
AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApprover, AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApproverArgs
- Subject
Type string Specifies the type of users. Valid values are
singleUser
,groupMembers
,connectedOrganizationMembers
,requestorManager
,internalSponsors
, orexternalSponsors
.- Backup bool
For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
- Object
Id string The ID of the subject.
- Subject
Type string Specifies the type of users. Valid values are
singleUser
,groupMembers
,connectedOrganizationMembers
,requestorManager
,internalSponsors
, orexternalSponsors
.- Backup bool
For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
- Object
Id string The ID of the subject.
- subject
Type String Specifies the type of users. Valid values are
singleUser
,groupMembers
,connectedOrganizationMembers
,requestorManager
,internalSponsors
, orexternalSponsors
.- backup Boolean
For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
- object
Id String The ID of the subject.
- subject
Type string Specifies the type of users. Valid values are
singleUser
,groupMembers
,connectedOrganizationMembers
,requestorManager
,internalSponsors
, orexternalSponsors
.- backup boolean
For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
- object
Id string The ID of the subject.
- subject_
type str Specifies the type of users. Valid values are
singleUser
,groupMembers
,connectedOrganizationMembers
,requestorManager
,internalSponsors
, orexternalSponsors
.- backup bool
For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
- object_
id str The ID of the subject.
- subject
Type String Specifies the type of users. Valid values are
singleUser
,groupMembers
,connectedOrganizationMembers
,requestorManager
,internalSponsors
, orexternalSponsors
.- backup Boolean
For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
- object
Id String The ID of the subject.
AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApprover, AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs
- Subject
Type string Specifies the type of users. Valid values are
singleUser
,groupMembers
,connectedOrganizationMembers
,requestorManager
,internalSponsors
, orexternalSponsors
.- Backup bool
For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
- Object
Id string The ID of the subject.
- Subject
Type string Specifies the type of users. Valid values are
singleUser
,groupMembers
,connectedOrganizationMembers
,requestorManager
,internalSponsors
, orexternalSponsors
.- Backup bool
For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
- Object
Id string The ID of the subject.
- subject
Type String Specifies the type of users. Valid values are
singleUser
,groupMembers
,connectedOrganizationMembers
,requestorManager
,internalSponsors
, orexternalSponsors
.- backup Boolean
For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
- object
Id String The ID of the subject.
- subject
Type string Specifies the type of users. Valid values are
singleUser
,groupMembers
,connectedOrganizationMembers
,requestorManager
,internalSponsors
, orexternalSponsors
.- backup boolean
For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
- object
Id string The ID of the subject.
- subject_
type str Specifies the type of users. Valid values are
singleUser
,groupMembers
,connectedOrganizationMembers
,requestorManager
,internalSponsors
, orexternalSponsors
.- backup bool
For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
- object_
id str The ID of the subject.
- subject
Type String Specifies the type of users. Valid values are
singleUser
,groupMembers
,connectedOrganizationMembers
,requestorManager
,internalSponsors
, orexternalSponsors
.- backup Boolean
For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
- object
Id String The ID of the subject.
AccessPackageAssignmentPolicyAssignmentReviewSettings, AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs
- Access
Recommendation boolEnabled Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.
- Access
Review stringTimeout Behavior Specifies the actions the system takes if reviewers don't respond in time. Valid values are
keepAccess
,removeAccess
, oracceptAccessRecommendation
.- Approver
Justification boolRequired Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.
- Duration
In intDays How many days each occurrence of the access review series will run.
- Enabled bool
Whether to enable assignment review.
- Review
Frequency string This will determine how often the access review campaign runs, valid values are
weekly
,monthly
,quarterly
,halfyearly
, orannual
.- Review
Type string Self-review or specific reviewers. Valid values are
Manager
,Reviewers
, orSelf
.- Reviewers
List<Pulumi.
Azure AD. Inputs. Access Package Assignment Policy Assignment Review Settings Reviewer> One or more
reviewer
blocks to specify the users who will be reviewers (whenreview_type
isReviewers
), as documented below.- Starting
On string This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date
- Access
Recommendation boolEnabled Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.
- Access
Review stringTimeout Behavior Specifies the actions the system takes if reviewers don't respond in time. Valid values are
keepAccess
,removeAccess
, oracceptAccessRecommendation
.- Approver
Justification boolRequired Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.
- Duration
In intDays How many days each occurrence of the access review series will run.
- Enabled bool
Whether to enable assignment review.
- Review
Frequency string This will determine how often the access review campaign runs, valid values are
weekly
,monthly
,quarterly
,halfyearly
, orannual
.- Review
Type string Self-review or specific reviewers. Valid values are
Manager
,Reviewers
, orSelf
.- Reviewers
[]Access
Package Assignment Policy Assignment Review Settings Reviewer One or more
reviewer
blocks to specify the users who will be reviewers (whenreview_type
isReviewers
), as documented below.- Starting
On string This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date
- access
Recommendation BooleanEnabled Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.
- access
Review StringTimeout Behavior Specifies the actions the system takes if reviewers don't respond in time. Valid values are
keepAccess
,removeAccess
, oracceptAccessRecommendation
.- approver
Justification BooleanRequired Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.
- duration
In IntegerDays How many days each occurrence of the access review series will run.
- enabled Boolean
Whether to enable assignment review.
- review
Frequency String This will determine how often the access review campaign runs, valid values are
weekly
,monthly
,quarterly
,halfyearly
, orannual
.- review
Type String Self-review or specific reviewers. Valid values are
Manager
,Reviewers
, orSelf
.- reviewers
List<Access
Package Assignment Policy Assignment Review Settings Reviewer> One or more
reviewer
blocks to specify the users who will be reviewers (whenreview_type
isReviewers
), as documented below.- starting
On String This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date
- access
Recommendation booleanEnabled Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.
- access
Review stringTimeout Behavior Specifies the actions the system takes if reviewers don't respond in time. Valid values are
keepAccess
,removeAccess
, oracceptAccessRecommendation
.- approver
Justification booleanRequired Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.
- duration
In numberDays How many days each occurrence of the access review series will run.
- enabled boolean
Whether to enable assignment review.
- review
Frequency string This will determine how often the access review campaign runs, valid values are
weekly
,monthly
,quarterly
,halfyearly
, orannual
.- review
Type string Self-review or specific reviewers. Valid values are
Manager
,Reviewers
, orSelf
.- reviewers
Access
Package Assignment Policy Assignment Review Settings Reviewer[] One or more
reviewer
blocks to specify the users who will be reviewers (whenreview_type
isReviewers
), as documented below.- starting
On string This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date
- access_
recommendation_ boolenabled Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.
- access_
review_ strtimeout_ behavior Specifies the actions the system takes if reviewers don't respond in time. Valid values are
keepAccess
,removeAccess
, oracceptAccessRecommendation
.- approver_
justification_ boolrequired Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.
- duration_
in_ intdays How many days each occurrence of the access review series will run.
- enabled bool
Whether to enable assignment review.
- review_
frequency str This will determine how often the access review campaign runs, valid values are
weekly
,monthly
,quarterly
,halfyearly
, orannual
.- review_
type str Self-review or specific reviewers. Valid values are
Manager
,Reviewers
, orSelf
.- reviewers
Sequence[Access
Package Assignment Policy Assignment Review Settings Reviewer] One or more
reviewer
blocks to specify the users who will be reviewers (whenreview_type
isReviewers
), as documented below.- starting_
on str This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date
- access
Recommendation BooleanEnabled Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.
- access
Review StringTimeout Behavior Specifies the actions the system takes if reviewers don't respond in time. Valid values are
keepAccess
,removeAccess
, oracceptAccessRecommendation
.- approver
Justification BooleanRequired Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.
- duration
In NumberDays How many days each occurrence of the access review series will run.
- enabled Boolean
Whether to enable assignment review.
- review
Frequency String This will determine how often the access review campaign runs, valid values are
weekly
,monthly
,quarterly
,halfyearly
, orannual
.- review
Type String Self-review or specific reviewers. Valid values are
Manager
,Reviewers
, orSelf
.- reviewers List<Property Map>
One or more
reviewer
blocks to specify the users who will be reviewers (whenreview_type
isReviewers
), as documented below.- starting
On String This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date
AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewer, AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewerArgs
- Subject
Type string Specifies the type of users. Valid values are
singleUser
,groupMembers
,connectedOrganizationMembers
,requestorManager
,internalSponsors
, orexternalSponsors
.- Backup bool
For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
- Object
Id string The ID of the subject.
- Subject
Type string Specifies the type of users. Valid values are
singleUser
,groupMembers
,connectedOrganizationMembers
,requestorManager
,internalSponsors
, orexternalSponsors
.- Backup bool
For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
- Object
Id string The ID of the subject.
- subject
Type String Specifies the type of users. Valid values are
singleUser
,groupMembers
,connectedOrganizationMembers
,requestorManager
,internalSponsors
, orexternalSponsors
.- backup Boolean
For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
- object
Id String The ID of the subject.
- subject
Type string Specifies the type of users. Valid values are
singleUser
,groupMembers
,connectedOrganizationMembers
,requestorManager
,internalSponsors
, orexternalSponsors
.- backup boolean
For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
- object
Id string The ID of the subject.
- subject_
type str Specifies the type of users. Valid values are
singleUser
,groupMembers
,connectedOrganizationMembers
,requestorManager
,internalSponsors
, orexternalSponsors
.- backup bool
For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
- object_
id str The ID of the subject.
- subject
Type String Specifies the type of users. Valid values are
singleUser
,groupMembers
,connectedOrganizationMembers
,requestorManager
,internalSponsors
, orexternalSponsors
.- backup Boolean
For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
- object
Id String The ID of the subject.
AccessPackageAssignmentPolicyQuestion, AccessPackageAssignmentPolicyQuestionArgs
- Text
Pulumi.
Azure AD. Inputs. Access Package Assignment Policy Question Text A block describing the content of this question, as documented below.
- Choices
List<Pulumi.
Azure AD. Inputs. Access Package Assignment Policy Question Choice> One or more blocks configuring a choice to the question, as documented below.
- Required bool
Whether this question is required.
- Sequence int
The sequence number of this question.
- Text
Access
Package Assignment Policy Question Text A block describing the content of this question, as documented below.
- Choices
[]Access
Package Assignment Policy Question Choice One or more blocks configuring a choice to the question, as documented below.
- Required bool
Whether this question is required.
- Sequence int
The sequence number of this question.
- text
Access
Package Assignment Policy Question Text A block describing the content of this question, as documented below.
- choices
List<Access
Package Assignment Policy Question Choice> One or more blocks configuring a choice to the question, as documented below.
- required Boolean
Whether this question is required.
- sequence Integer
The sequence number of this question.
- text
Access
Package Assignment Policy Question Text A block describing the content of this question, as documented below.
- choices
Access
Package Assignment Policy Question Choice[] One or more blocks configuring a choice to the question, as documented below.
- required boolean
Whether this question is required.
- sequence number
The sequence number of this question.
- text
Access
Package Assignment Policy Question Text A block describing the content of this question, as documented below.
- choices
Sequence[Access
Package Assignment Policy Question Choice] One or more blocks configuring a choice to the question, as documented below.
- required bool
Whether this question is required.
- sequence int
The sequence number of this question.
- text Property Map
A block describing the content of this question, as documented below.
- choices List<Property Map>
One or more blocks configuring a choice to the question, as documented below.
- required Boolean
Whether this question is required.
- sequence Number
The sequence number of this question.
AccessPackageAssignmentPolicyQuestionChoice, AccessPackageAssignmentPolicyQuestionChoiceArgs
- Actual
Value string The actual value of this choice.
- Display
Value Pulumi.Azure AD. Inputs. Access Package Assignment Policy Question Choice Display Value A block describing the display text of this choice, as documented below.
- Actual
Value string The actual value of this choice.
- Display
Value AccessPackage Assignment Policy Question Choice Display Value A block describing the display text of this choice, as documented below.
- actual
Value String The actual value of this choice.
- display
Value AccessPackage Assignment Policy Question Choice Display Value A block describing the display text of this choice, as documented below.
- actual
Value string The actual value of this choice.
- display
Value AccessPackage Assignment Policy Question Choice Display Value A block describing the display text of this choice, as documented below.
- actual_
value str The actual value of this choice.
- display_
value AccessPackage Assignment Policy Question Choice Display Value A block describing the display text of this choice, as documented below.
- actual
Value String The actual value of this choice.
- display
Value Property Map A block describing the display text of this choice, as documented below.
AccessPackageAssignmentPolicyQuestionChoiceDisplayValue, AccessPackageAssignmentPolicyQuestionChoiceDisplayValueArgs
- Default
Text string The default text of this question.
- Localized
Texts List<Pulumi.Azure AD. Inputs. Access Package Assignment Policy Question Choice Display Value Localized Text> One or more blocks describing localized text of this question, as documented below.
- Default
Text string The default text of this question.
- Localized
Texts []AccessPackage Assignment Policy Question Choice Display Value Localized Text One or more blocks describing localized text of this question, as documented below.
- default
Text String The default text of this question.
- localized
Texts List<AccessPackage Assignment Policy Question Choice Display Value Localized Text> One or more blocks describing localized text of this question, as documented below.
- default
Text string The default text of this question.
- localized
Texts AccessPackage Assignment Policy Question Choice Display Value Localized Text[] One or more blocks describing localized text of this question, as documented below.
- default_
text str The default text of this question.
- localized_
texts Sequence[AccessPackage Assignment Policy Question Choice Display Value Localized Text] One or more blocks describing localized text of this question, as documented below.
- default
Text String The default text of this question.
- localized
Texts List<Property Map> One or more blocks describing localized text of this question, as documented below.
AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedText, AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedTextArgs
- Content string
The localized content of this question.
- Language
Code string The ISO 639 language code for this question content.
- Content string
The localized content of this question.
- Language
Code string The ISO 639 language code for this question content.
- content String
The localized content of this question.
- language
Code String The ISO 639 language code for this question content.
- content string
The localized content of this question.
- language
Code string The ISO 639 language code for this question content.
- content str
The localized content of this question.
- language_
code str The ISO 639 language code for this question content.
- content String
The localized content of this question.
- language
Code String The ISO 639 language code for this question content.
AccessPackageAssignmentPolicyQuestionText, AccessPackageAssignmentPolicyQuestionTextArgs
- Default
Text string The default text of this question.
- Localized
Texts List<Pulumi.Azure AD. Inputs. Access Package Assignment Policy Question Text Localized Text> One or more blocks describing localized text of this question, as documented below.
- Default
Text string The default text of this question.
- Localized
Texts []AccessPackage Assignment Policy Question Text Localized Text One or more blocks describing localized text of this question, as documented below.
- default
Text String The default text of this question.
- localized
Texts List<AccessPackage Assignment Policy Question Text Localized Text> One or more blocks describing localized text of this question, as documented below.
- default
Text string The default text of this question.
- localized
Texts AccessPackage Assignment Policy Question Text Localized Text[] One or more blocks describing localized text of this question, as documented below.
- default_
text str The default text of this question.
- localized_
texts Sequence[AccessPackage Assignment Policy Question Text Localized Text] One or more blocks describing localized text of this question, as documented below.
- default
Text String The default text of this question.
- localized
Texts List<Property Map> One or more blocks describing localized text of this question, as documented below.
AccessPackageAssignmentPolicyQuestionTextLocalizedText, AccessPackageAssignmentPolicyQuestionTextLocalizedTextArgs
- Content string
The localized content of this question.
- Language
Code string The ISO 639 language code for this question content.
- Content string
The localized content of this question.
- Language
Code string The ISO 639 language code for this question content.
- content String
The localized content of this question.
- language
Code String The ISO 639 language code for this question content.
- content string
The localized content of this question.
- language
Code string The ISO 639 language code for this question content.
- content str
The localized content of this question.
- language_
code str The ISO 639 language code for this question content.
- content String
The localized content of this question.
- language
Code String The ISO 639 language code for this question content.
AccessPackageAssignmentPolicyRequestorSettings, AccessPackageAssignmentPolicyRequestorSettingsArgs
- Requestors
List<Pulumi.
Azure AD. Inputs. Access Package Assignment Policy Requestor Settings Requestor> A block specifying the users who are allowed to request on this policy, as documented below.
- Requests
Accepted bool Whether to accept requests using this policy. When
false
, no new requests can be made using this policy.- Scope
Type string Specifies the scopes of the requestors. Valid values are
AllConfiguredConnectedOrganizationSubjects
,AllExistingConnectedOrganizationSubjects
,AllExistingDirectoryMemberUsers
,AllExistingDirectorySubjects
,AllExternalSubjects
,NoSubjects
,SpecificConnectedOrganizationSubjects
, orSpecificDirectorySubjects
.
- Requestors
[]Access
Package Assignment Policy Requestor Settings Requestor A block specifying the users who are allowed to request on this policy, as documented below.
- Requests
Accepted bool Whether to accept requests using this policy. When
false
, no new requests can be made using this policy.- Scope
Type string Specifies the scopes of the requestors. Valid values are
AllConfiguredConnectedOrganizationSubjects
,AllExistingConnectedOrganizationSubjects
,AllExistingDirectoryMemberUsers
,AllExistingDirectorySubjects
,AllExternalSubjects
,NoSubjects
,SpecificConnectedOrganizationSubjects
, orSpecificDirectorySubjects
.
- requestors
List<Access
Package Assignment Policy Requestor Settings Requestor> A block specifying the users who are allowed to request on this policy, as documented below.
- requests
Accepted Boolean Whether to accept requests using this policy. When
false
, no new requests can be made using this policy.- scope
Type String Specifies the scopes of the requestors. Valid values are
AllConfiguredConnectedOrganizationSubjects
,AllExistingConnectedOrganizationSubjects
,AllExistingDirectoryMemberUsers
,AllExistingDirectorySubjects
,AllExternalSubjects
,NoSubjects
,SpecificConnectedOrganizationSubjects
, orSpecificDirectorySubjects
.
- requestors
Access
Package Assignment Policy Requestor Settings Requestor[] A block specifying the users who are allowed to request on this policy, as documented below.
- requests
Accepted boolean Whether to accept requests using this policy. When
false
, no new requests can be made using this policy.- scope
Type string Specifies the scopes of the requestors. Valid values are
AllConfiguredConnectedOrganizationSubjects
,AllExistingConnectedOrganizationSubjects
,AllExistingDirectoryMemberUsers
,AllExistingDirectorySubjects
,AllExternalSubjects
,NoSubjects
,SpecificConnectedOrganizationSubjects
, orSpecificDirectorySubjects
.
- requestors
Sequence[Access
Package Assignment Policy Requestor Settings Requestor] A block specifying the users who are allowed to request on this policy, as documented below.
- requests_
accepted bool Whether to accept requests using this policy. When
false
, no new requests can be made using this policy.- scope_
type str Specifies the scopes of the requestors. Valid values are
AllConfiguredConnectedOrganizationSubjects
,AllExistingConnectedOrganizationSubjects
,AllExistingDirectoryMemberUsers
,AllExistingDirectorySubjects
,AllExternalSubjects
,NoSubjects
,SpecificConnectedOrganizationSubjects
, orSpecificDirectorySubjects
.
- requestors List<Property Map>
A block specifying the users who are allowed to request on this policy, as documented below.
- requests
Accepted Boolean Whether to accept requests using this policy. When
false
, no new requests can be made using this policy.- scope
Type String Specifies the scopes of the requestors. Valid values are
AllConfiguredConnectedOrganizationSubjects
,AllExistingConnectedOrganizationSubjects
,AllExistingDirectoryMemberUsers
,AllExistingDirectorySubjects
,AllExternalSubjects
,NoSubjects
,SpecificConnectedOrganizationSubjects
, orSpecificDirectorySubjects
.
AccessPackageAssignmentPolicyRequestorSettingsRequestor, AccessPackageAssignmentPolicyRequestorSettingsRequestorArgs
- Subject
Type string Specifies the type of users. Valid values are
singleUser
,groupMembers
,connectedOrganizationMembers
,requestorManager
,internalSponsors
, orexternalSponsors
.- Backup bool
For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
- Object
Id string The ID of the subject.
- Subject
Type string Specifies the type of users. Valid values are
singleUser
,groupMembers
,connectedOrganizationMembers
,requestorManager
,internalSponsors
, orexternalSponsors
.- Backup bool
For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
- Object
Id string The ID of the subject.
- subject
Type String Specifies the type of users. Valid values are
singleUser
,groupMembers
,connectedOrganizationMembers
,requestorManager
,internalSponsors
, orexternalSponsors
.- backup Boolean
For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
- object
Id String The ID of the subject.
- subject
Type string Specifies the type of users. Valid values are
singleUser
,groupMembers
,connectedOrganizationMembers
,requestorManager
,internalSponsors
, orexternalSponsors
.- backup boolean
For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
- object
Id string The ID of the subject.
- subject_
type str Specifies the type of users. Valid values are
singleUser
,groupMembers
,connectedOrganizationMembers
,requestorManager
,internalSponsors
, orexternalSponsors
.- backup bool
For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
- object_
id str The ID of the subject.
- subject
Type String Specifies the type of users. Valid values are
singleUser
,groupMembers
,connectedOrganizationMembers
,requestorManager
,internalSponsors
, orexternalSponsors
.- backup Boolean
For a user in an approval stage, this property indicates whether the user is a backup fallback approver.
- object
Id String The ID of the subject.
Import
An access package assignment policy can be imported using the ID, e.g.
$ pulumi import azuread:index/accessPackageAssignmentPolicy:AccessPackageAssignmentPolicy example 00000000-0000-0000-0000-000000000000
Package Details
- Repository
- Azure Active Directory (Azure AD) pulumi/pulumi-azuread
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
azuread
Terraform Provider.