azuread.GroupRoleManagementPolicy

Azure Active Directory (Azure AD) v6.9.0, Mar 24 26

Viewing docs for Azure Active Directory (Azure AD) v6.9.0
published on Tuesday, Mar 24, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-azuread

Viewing docs for Azure Active Directory (Azure AD) v6.9.0
published on Tuesday, Mar 24, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-azuread

API Permissions

The following API permissions are required in order to use this resource.

When authenticated with a service principal, this resource requires the RoleManagementPolicy.ReadWrite.AzureADGroup Microsoft Graph API permissions.

When authenticated with a user principal, this resource requires Global Administrator directory role, or the Privileged Role Administrator role in Identity Governance.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const example = new azuread.Group("example", {
    displayName: "group-name",
    securityEnabled: true,
});
const member = new azuread.User("member", {
    userPrincipalName: "jdoe@example.com",
    displayName: "J. Doe",
    mailNickname: "jdoe",
    password: "SecretP@sswd99!",
});
const exampleGroupRoleManagementPolicy = new azuread.GroupRoleManagementPolicy("example", {
    groupId: example.id,
    roleId: "member",
    activeAssignmentRules: {
        expireAfter: "P365D",
    },
    eligibleAssignmentRules: {
        expirationRequired: false,
    },
    notificationRules: {
        eligibleAssignments: {
            approverNotifications: {
                notificationLevel: "Critical",
                defaultRecipients: false,
                additionalRecipients: [
                    "someone@example.com",
                    "someone.else@example.com",
                ],
            },
        },
    },
});

import pulumi
import pulumi_azuread as azuread

example = azuread.Group("example",
    display_name="group-name",
    security_enabled=True)
member = azuread.User("member",
    user_principal_name="jdoe@example.com",
    display_name="J. Doe",
    mail_nickname="jdoe",
    password="SecretP@sswd99!")
example_group_role_management_policy = azuread.GroupRoleManagementPolicy("example",
    group_id=example.id,
    role_id="member",
    active_assignment_rules={
        "expire_after": "P365D",
    },
    eligible_assignment_rules={
        "expiration_required": False,
    },
    notification_rules={
        "eligible_assignments": {
            "approver_notifications": {
                "notification_level": "Critical",
                "default_recipients": False,
                "additional_recipients": [
                    "someone@example.com",
                    "someone.else@example.com",
                ],
            },
        },
    })

package main

import (
	"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := azuread.NewGroup(ctx, "example", &azuread.GroupArgs{
			DisplayName:     pulumi.String("group-name"),
			SecurityEnabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = azuread.NewUser(ctx, "member", &azuread.UserArgs{
			UserPrincipalName: pulumi.String("jdoe@example.com"),
			DisplayName:       pulumi.String("J. Doe"),
			MailNickname:      pulumi.String("jdoe"),
			Password:          pulumi.String("SecretP@sswd99!"),
		})
		if err != nil {
			return err
		}
		_, err = azuread.NewGroupRoleManagementPolicy(ctx, "example", &azuread.GroupRoleManagementPolicyArgs{
			GroupId: example.ID(),
			RoleId:  pulumi.String("member"),
			ActiveAssignmentRules: &azuread.GroupRoleManagementPolicyActiveAssignmentRulesArgs{
				ExpireAfter: pulumi.String("P365D"),
			},
			EligibleAssignmentRules: &azuread.GroupRoleManagementPolicyEligibleAssignmentRulesArgs{
				ExpirationRequired: pulumi.Bool(false),
			},
			NotificationRules: &azuread.GroupRoleManagementPolicyNotificationRulesArgs{
				EligibleAssignments: &azuread.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs{
					ApproverNotifications: &azuread.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs{
						NotificationLevel: pulumi.String("Critical"),
						DefaultRecipients: pulumi.Bool(false),
						AdditionalRecipients: pulumi.StringArray{
							pulumi.String("someone@example.com"),
							pulumi.String("someone.else@example.com"),
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;

return await Deployment.RunAsync(() => 
{
    var example = new AzureAD.Index.Group("example", new()
    {
        DisplayName = "group-name",
        SecurityEnabled = true,
    });

    var member = new AzureAD.Index.User("member", new()
    {
        UserPrincipalName = "jdoe@example.com",
        DisplayName = "J. Doe",
        MailNickname = "jdoe",
        Password = "SecretP@sswd99!",
    });

    var exampleGroupRoleManagementPolicy = new AzureAD.Index.GroupRoleManagementPolicy("example", new()
    {
        GroupId = example.Id,
        RoleId = "member",
        ActiveAssignmentRules = new AzureAD.Inputs.GroupRoleManagementPolicyActiveAssignmentRulesArgs
        {
            ExpireAfter = "P365D",
        },
        EligibleAssignmentRules = new AzureAD.Inputs.GroupRoleManagementPolicyEligibleAssignmentRulesArgs
        {
            ExpirationRequired = false,
        },
        NotificationRules = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesArgs
        {
            EligibleAssignments = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs
            {
                ApproverNotifications = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs
                {
                    NotificationLevel = "Critical",
                    DefaultRecipients = false,
                    AdditionalRecipients = new[]
                    {
                        "someone@example.com",
                        "someone.else@example.com",
                    },
                },
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.Group;
import com.pulumi.azuread.GroupArgs;
import com.pulumi.azuread.User;
import com.pulumi.azuread.UserArgs;
import com.pulumi.azuread.GroupRoleManagementPolicy;
import com.pulumi.azuread.GroupRoleManagementPolicyArgs;
import com.pulumi.azuread.inputs.GroupRoleManagementPolicyActiveAssignmentRulesArgs;
import com.pulumi.azuread.inputs.GroupRoleManagementPolicyEligibleAssignmentRulesArgs;
import com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesArgs;
import com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs;
import com.pulumi.azuread.inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Group("example", GroupArgs.builder()
            .displayName("group-name")
            .securityEnabled(true)
            .build());

        var member = new User("member", UserArgs.builder()
            .userPrincipalName("jdoe@example.com")
            .displayName("J. Doe")
            .mailNickname("jdoe")
            .password("SecretP@sswd99!")
            .build());

        var exampleGroupRoleManagementPolicy = new GroupRoleManagementPolicy("exampleGroupRoleManagementPolicy", GroupRoleManagementPolicyArgs.builder()
            .groupId(example.id())
            .roleId("member")
            .activeAssignmentRules(GroupRoleManagementPolicyActiveAssignmentRulesArgs.builder()
                .expireAfter("P365D")
                .build())
            .eligibleAssignmentRules(GroupRoleManagementPolicyEligibleAssignmentRulesArgs.builder()
                .expirationRequired(false)
                .build())
            .notificationRules(GroupRoleManagementPolicyNotificationRulesArgs.builder()
                .eligibleAssignments(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs.builder()
                    .approverNotifications(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs.builder()
                        .notificationLevel("Critical")
                        .defaultRecipients(false)
                        .additionalRecipients(                        
                            "someone@example.com",
                            "someone.else@example.com")
                        .build())
                    .build())
                .build())
            .build());

    }
}

resources:
  example:
    type: azuread:Group
    properties:
      displayName: group-name
      securityEnabled: true
  member:
    type: azuread:User
    properties:
      userPrincipalName: jdoe@example.com
      displayName: J. Doe
      mailNickname: jdoe
      password: SecretP@sswd99!
  exampleGroupRoleManagementPolicy:
    type: azuread:GroupRoleManagementPolicy
    name: example
    properties:
      groupId: ${example.id}
      roleId: member
      activeAssignmentRules:
        expireAfter: P365D
      eligibleAssignmentRules:
        expirationRequired: false
      notificationRules:
        eligibleAssignments:
          approverNotifications:
            notificationLevel: Critical
            defaultRecipients: false
            additionalRecipients:
              - someone@example.com
              - someone.else@example.com

Create GroupRoleManagementPolicy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new GroupRoleManagementPolicy(name: string, args: GroupRoleManagementPolicyArgs, opts?: CustomResourceOptions);

@overload
def GroupRoleManagementPolicy(resource_name: str,
                              args: GroupRoleManagementPolicyArgs,
                              opts: Optional[ResourceOptions] = None)

@overload
def GroupRoleManagementPolicy(resource_name: str,
                              opts: Optional[ResourceOptions] = None,
                              group_id: Optional[str] = None,
                              role_id: Optional[str] = None,
                              activation_rules: Optional[GroupRoleManagementPolicyActivationRulesArgs] = None,
                              active_assignment_rules: Optional[GroupRoleManagementPolicyActiveAssignmentRulesArgs] = None,
                              eligible_assignment_rules: Optional[GroupRoleManagementPolicyEligibleAssignmentRulesArgs] = None,
                              notification_rules: Optional[GroupRoleManagementPolicyNotificationRulesArgs] = None)

func NewGroupRoleManagementPolicy(ctx *Context, name string, args GroupRoleManagementPolicyArgs, opts ...ResourceOption) (*GroupRoleManagementPolicy, error)

public GroupRoleManagementPolicy(string name, GroupRoleManagementPolicyArgs args, CustomResourceOptions? opts = null)

public GroupRoleManagementPolicy(String name, GroupRoleManagementPolicyArgs args)
public GroupRoleManagementPolicy(String name, GroupRoleManagementPolicyArgs args, CustomResourceOptions options)

type: azuread:GroupRoleManagementPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args GroupRoleManagementPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args GroupRoleManagementPolicyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args GroupRoleManagementPolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args GroupRoleManagementPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args GroupRoleManagementPolicyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var groupRoleManagementPolicyResource = new AzureAD.Index.GroupRoleManagementPolicy("groupRoleManagementPolicyResource", new()
{
    GroupId = "string",
    RoleId = "string",
    ActivationRules = new AzureAD.Inputs.GroupRoleManagementPolicyActivationRulesArgs
    {
        ApprovalStage = new AzureAD.Inputs.GroupRoleManagementPolicyActivationRulesApprovalStageArgs
        {
            PrimaryApprovers = new[]
            {
                new AzureAD.Inputs.GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs
                {
                    ObjectId = "string",
                    Type = "string",
                },
            },
        },
        MaximumDuration = "string",
        RequireApproval = false,
        RequireJustification = false,
        RequireMultifactorAuthentication = false,
        RequireTicketInfo = false,
        RequiredConditionalAccessAuthenticationContext = "string",
    },
    ActiveAssignmentRules = new AzureAD.Inputs.GroupRoleManagementPolicyActiveAssignmentRulesArgs
    {
        ExpirationRequired = false,
        ExpireAfter = "string",
        RequireJustification = false,
        RequireMultifactorAuthentication = false,
        RequireTicketInfo = false,
    },
    EligibleAssignmentRules = new AzureAD.Inputs.GroupRoleManagementPolicyEligibleAssignmentRulesArgs
    {
        ExpirationRequired = false,
        ExpireAfter = "string",
    },
    NotificationRules = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesArgs
    {
        ActiveAssignments = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs
        {
            AdminNotifications = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs
            {
                DefaultRecipients = false,
                NotificationLevel = "string",
                AdditionalRecipients = new[]
                {
                    "string",
                },
            },
            ApproverNotifications = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs
            {
                DefaultRecipients = false,
                NotificationLevel = "string",
                AdditionalRecipients = new[]
                {
                    "string",
                },
            },
            AssigneeNotifications = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs
            {
                DefaultRecipients = false,
                NotificationLevel = "string",
                AdditionalRecipients = new[]
                {
                    "string",
                },
            },
        },
        EligibleActivations = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs
        {
            AdminNotifications = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs
            {
                DefaultRecipients = false,
                NotificationLevel = "string",
                AdditionalRecipients = new[]
                {
                    "string",
                },
            },
            ApproverNotifications = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs
            {
                DefaultRecipients = false,
                NotificationLevel = "string",
                AdditionalRecipients = new[]
                {
                    "string",
                },
            },
            AssigneeNotifications = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs
            {
                DefaultRecipients = false,
                NotificationLevel = "string",
                AdditionalRecipients = new[]
                {
                    "string",
                },
            },
        },
        EligibleAssignments = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs
        {
            AdminNotifications = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs
            {
                DefaultRecipients = false,
                NotificationLevel = "string",
                AdditionalRecipients = new[]
                {
                    "string",
                },
            },
            ApproverNotifications = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs
            {
                DefaultRecipients = false,
                NotificationLevel = "string",
                AdditionalRecipients = new[]
                {
                    "string",
                },
            },
            AssigneeNotifications = new AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs
            {
                DefaultRecipients = false,
                NotificationLevel = "string",
                AdditionalRecipients = new[]
                {
                    "string",
                },
            },
        },
    },
});

example, err := azuread.NewGroupRoleManagementPolicy(ctx, "groupRoleManagementPolicyResource", &azuread.GroupRoleManagementPolicyArgs{
	GroupId: pulumi.String("string"),
	RoleId:  pulumi.String("string"),
	ActivationRules: &azuread.GroupRoleManagementPolicyActivationRulesArgs{
		ApprovalStage: &azuread.GroupRoleManagementPolicyActivationRulesApprovalStageArgs{
			PrimaryApprovers: azuread.GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArray{
				&azuread.GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs{
					ObjectId: pulumi.String("string"),
					Type:     pulumi.String("string"),
				},
			},
		},
		MaximumDuration:                                pulumi.String("string"),
		RequireApproval:                                pulumi.Bool(false),
		RequireJustification:                           pulumi.Bool(false),
		RequireMultifactorAuthentication:               pulumi.Bool(false),
		RequireTicketInfo:                              pulumi.Bool(false),
		RequiredConditionalAccessAuthenticationContext: pulumi.String("string"),
	},
	ActiveAssignmentRules: &azuread.GroupRoleManagementPolicyActiveAssignmentRulesArgs{
		ExpirationRequired:               pulumi.Bool(false),
		ExpireAfter:                      pulumi.String("string"),
		RequireJustification:             pulumi.Bool(false),
		RequireMultifactorAuthentication: pulumi.Bool(false),
		RequireTicketInfo:                pulumi.Bool(false),
	},
	EligibleAssignmentRules: &azuread.GroupRoleManagementPolicyEligibleAssignmentRulesArgs{
		ExpirationRequired: pulumi.Bool(false),
		ExpireAfter:        pulumi.String("string"),
	},
	NotificationRules: &azuread.GroupRoleManagementPolicyNotificationRulesArgs{
		ActiveAssignments: &azuread.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs{
			AdminNotifications: &azuread.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs{
				DefaultRecipients: pulumi.Bool(false),
				NotificationLevel: pulumi.String("string"),
				AdditionalRecipients: pulumi.StringArray{
					pulumi.String("string"),
				},
			},
			ApproverNotifications: &azuread.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs{
				DefaultRecipients: pulumi.Bool(false),
				NotificationLevel: pulumi.String("string"),
				AdditionalRecipients: pulumi.StringArray{
					pulumi.String("string"),
				},
			},
			AssigneeNotifications: &azuread.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs{
				DefaultRecipients: pulumi.Bool(false),
				NotificationLevel: pulumi.String("string"),
				AdditionalRecipients: pulumi.StringArray{
					pulumi.String("string"),
				},
			},
		},
		EligibleActivations: &azuread.GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs{
			AdminNotifications: &azuread.GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs{
				DefaultRecipients: pulumi.Bool(false),
				NotificationLevel: pulumi.String("string"),
				AdditionalRecipients: pulumi.StringArray{
					pulumi.String("string"),
				},
			},
			ApproverNotifications: &azuread.GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs{
				DefaultRecipients: pulumi.Bool(false),
				NotificationLevel: pulumi.String("string"),
				AdditionalRecipients: pulumi.StringArray{
					pulumi.String("string"),
				},
			},
			AssigneeNotifications: &azuread.GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs{
				DefaultRecipients: pulumi.Bool(false),
				NotificationLevel: pulumi.String("string"),
				AdditionalRecipients: pulumi.StringArray{
					pulumi.String("string"),
				},
			},
		},
		EligibleAssignments: &azuread.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs{
			AdminNotifications: &azuread.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs{
				DefaultRecipients: pulumi.Bool(false),
				NotificationLevel: pulumi.String("string"),
				AdditionalRecipients: pulumi.StringArray{
					pulumi.String("string"),
				},
			},
			ApproverNotifications: &azuread.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs{
				DefaultRecipients: pulumi.Bool(false),
				NotificationLevel: pulumi.String("string"),
				AdditionalRecipients: pulumi.StringArray{
					pulumi.String("string"),
				},
			},
			AssigneeNotifications: &azuread.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs{
				DefaultRecipients: pulumi.Bool(false),
				NotificationLevel: pulumi.String("string"),
				AdditionalRecipients: pulumi.StringArray{
					pulumi.String("string"),
				},
			},
		},
	},
})

var groupRoleManagementPolicyResource = new GroupRoleManagementPolicy("groupRoleManagementPolicyResource", GroupRoleManagementPolicyArgs.builder()
    .groupId("string")
    .roleId("string")
    .activationRules(GroupRoleManagementPolicyActivationRulesArgs.builder()
        .approvalStage(GroupRoleManagementPolicyActivationRulesApprovalStageArgs.builder()
            .primaryApprovers(GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs.builder()
                .objectId("string")
                .type("string")
                .build())
            .build())
        .maximumDuration("string")
        .requireApproval(false)
        .requireJustification(false)
        .requireMultifactorAuthentication(false)
        .requireTicketInfo(false)
        .requiredConditionalAccessAuthenticationContext("string")
        .build())
    .activeAssignmentRules(GroupRoleManagementPolicyActiveAssignmentRulesArgs.builder()
        .expirationRequired(false)
        .expireAfter("string")
        .requireJustification(false)
        .requireMultifactorAuthentication(false)
        .requireTicketInfo(false)
        .build())
    .eligibleAssignmentRules(GroupRoleManagementPolicyEligibleAssignmentRulesArgs.builder()
        .expirationRequired(false)
        .expireAfter("string")
        .build())
    .notificationRules(GroupRoleManagementPolicyNotificationRulesArgs.builder()
        .activeAssignments(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs.builder()
            .adminNotifications(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs.builder()
                .defaultRecipients(false)
                .notificationLevel("string")
                .additionalRecipients("string")
                .build())
            .approverNotifications(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs.builder()
                .defaultRecipients(false)
                .notificationLevel("string")
                .additionalRecipients("string")
                .build())
            .assigneeNotifications(GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs.builder()
                .defaultRecipients(false)
                .notificationLevel("string")
                .additionalRecipients("string")
                .build())
            .build())
        .eligibleActivations(GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs.builder()
            .adminNotifications(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs.builder()
                .defaultRecipients(false)
                .notificationLevel("string")
                .additionalRecipients("string")
                .build())
            .approverNotifications(GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs.builder()
                .defaultRecipients(false)
                .notificationLevel("string")
                .additionalRecipients("string")
                .build())
            .assigneeNotifications(GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs.builder()
                .defaultRecipients(false)
                .notificationLevel("string")
                .additionalRecipients("string")
                .build())
            .build())
        .eligibleAssignments(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs.builder()
            .adminNotifications(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs.builder()
                .defaultRecipients(false)
                .notificationLevel("string")
                .additionalRecipients("string")
                .build())
            .approverNotifications(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs.builder()
                .defaultRecipients(false)
                .notificationLevel("string")
                .additionalRecipients("string")
                .build())
            .assigneeNotifications(GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs.builder()
                .defaultRecipients(false)
                .notificationLevel("string")
                .additionalRecipients("string")
                .build())
            .build())
        .build())
    .build());

group_role_management_policy_resource = azuread.GroupRoleManagementPolicy("groupRoleManagementPolicyResource",
    group_id="string",
    role_id="string",
    activation_rules={
        "approval_stage": {
            "primary_approvers": [{
                "object_id": "string",
                "type": "string",
            }],
        },
        "maximum_duration": "string",
        "require_approval": False,
        "require_justification": False,
        "require_multifactor_authentication": False,
        "require_ticket_info": False,
        "required_conditional_access_authentication_context": "string",
    },
    active_assignment_rules={
        "expiration_required": False,
        "expire_after": "string",
        "require_justification": False,
        "require_multifactor_authentication": False,
        "require_ticket_info": False,
    },
    eligible_assignment_rules={
        "expiration_required": False,
        "expire_after": "string",
    },
    notification_rules={
        "active_assignments": {
            "admin_notifications": {
                "default_recipients": False,
                "notification_level": "string",
                "additional_recipients": ["string"],
            },
            "approver_notifications": {
                "default_recipients": False,
                "notification_level": "string",
                "additional_recipients": ["string"],
            },
            "assignee_notifications": {
                "default_recipients": False,
                "notification_level": "string",
                "additional_recipients": ["string"],
            },
        },
        "eligible_activations": {
            "admin_notifications": {
                "default_recipients": False,
                "notification_level": "string",
                "additional_recipients": ["string"],
            },
            "approver_notifications": {
                "default_recipients": False,
                "notification_level": "string",
                "additional_recipients": ["string"],
            },
            "assignee_notifications": {
                "default_recipients": False,
                "notification_level": "string",
                "additional_recipients": ["string"],
            },
        },
        "eligible_assignments": {
            "admin_notifications": {
                "default_recipients": False,
                "notification_level": "string",
                "additional_recipients": ["string"],
            },
            "approver_notifications": {
                "default_recipients": False,
                "notification_level": "string",
                "additional_recipients": ["string"],
            },
            "assignee_notifications": {
                "default_recipients": False,
                "notification_level": "string",
                "additional_recipients": ["string"],
            },
        },
    })

const groupRoleManagementPolicyResource = new azuread.GroupRoleManagementPolicy("groupRoleManagementPolicyResource", {
    groupId: "string",
    roleId: "string",
    activationRules: {
        approvalStage: {
            primaryApprovers: [{
                objectId: "string",
                type: "string",
            }],
        },
        maximumDuration: "string",
        requireApproval: false,
        requireJustification: false,
        requireMultifactorAuthentication: false,
        requireTicketInfo: false,
        requiredConditionalAccessAuthenticationContext: "string",
    },
    activeAssignmentRules: {
        expirationRequired: false,
        expireAfter: "string",
        requireJustification: false,
        requireMultifactorAuthentication: false,
        requireTicketInfo: false,
    },
    eligibleAssignmentRules: {
        expirationRequired: false,
        expireAfter: "string",
    },
    notificationRules: {
        activeAssignments: {
            adminNotifications: {
                defaultRecipients: false,
                notificationLevel: "string",
                additionalRecipients: ["string"],
            },
            approverNotifications: {
                defaultRecipients: false,
                notificationLevel: "string",
                additionalRecipients: ["string"],
            },
            assigneeNotifications: {
                defaultRecipients: false,
                notificationLevel: "string",
                additionalRecipients: ["string"],
            },
        },
        eligibleActivations: {
            adminNotifications: {
                defaultRecipients: false,
                notificationLevel: "string",
                additionalRecipients: ["string"],
            },
            approverNotifications: {
                defaultRecipients: false,
                notificationLevel: "string",
                additionalRecipients: ["string"],
            },
            assigneeNotifications: {
                defaultRecipients: false,
                notificationLevel: "string",
                additionalRecipients: ["string"],
            },
        },
        eligibleAssignments: {
            adminNotifications: {
                defaultRecipients: false,
                notificationLevel: "string",
                additionalRecipients: ["string"],
            },
            approverNotifications: {
                defaultRecipients: false,
                notificationLevel: "string",
                additionalRecipients: ["string"],
            },
            assigneeNotifications: {
                defaultRecipients: false,
                notificationLevel: "string",
                additionalRecipients: ["string"],
            },
        },
    },
});

type: azuread:GroupRoleManagementPolicy
properties:
    activationRules:
        approvalStage:
            primaryApprovers:
                - objectId: string
                  type: string
        maximumDuration: string
        requireApproval: false
        requireJustification: false
        requireMultifactorAuthentication: false
        requireTicketInfo: false
        requiredConditionalAccessAuthenticationContext: string
    activeAssignmentRules:
        expirationRequired: false
        expireAfter: string
        requireJustification: false
        requireMultifactorAuthentication: false
        requireTicketInfo: false
    eligibleAssignmentRules:
        expirationRequired: false
        expireAfter: string
    groupId: string
    notificationRules:
        activeAssignments:
            adminNotifications:
                additionalRecipients:
                    - string
                defaultRecipients: false
                notificationLevel: string
            approverNotifications:
                additionalRecipients:
                    - string
                defaultRecipients: false
                notificationLevel: string
            assigneeNotifications:
                additionalRecipients:
                    - string
                defaultRecipients: false
                notificationLevel: string
        eligibleActivations:
            adminNotifications:
                additionalRecipients:
                    - string
                defaultRecipients: false
                notificationLevel: string
            approverNotifications:
                additionalRecipients:
                    - string
                defaultRecipients: false
                notificationLevel: string
            assigneeNotifications:
                additionalRecipients:
                    - string
                defaultRecipients: false
                notificationLevel: string
        eligibleAssignments:
            adminNotifications:
                additionalRecipients:
                    - string
                defaultRecipients: false
                notificationLevel: string
            approverNotifications:
                additionalRecipients:
                    - string
                defaultRecipients: false
                notificationLevel: string
            assigneeNotifications:
                additionalRecipients:
                    - string
                defaultRecipients: false
                notificationLevel: string
    roleId: string

GroupRoleManagementPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The GroupRoleManagementPolicy resource accepts the following input properties:

GroupId string: The ID of the Azure AD group for which the policy applies.
RoleId string: The type of assignment this policy coveres. Can be either member or owner.
ActivationRules Pulumi.AzureAD.Inputs.GroupRoleManagementPolicyActivationRules: An activationRules block as defined below.
ActiveAssignmentRules Pulumi.AzureAD.Inputs.GroupRoleManagementPolicyActiveAssignmentRules: An activeAssignmentRules block as defined below.
EligibleAssignmentRules Pulumi.AzureAD.Inputs.GroupRoleManagementPolicyEligibleAssignmentRules: An eligibleAssignmentRules block as defined below.
NotificationRules Pulumi.AzureAD.Inputs.GroupRoleManagementPolicyNotificationRules: A notificationRules block as defined below.

GroupId string: The ID of the Azure AD group for which the policy applies.
RoleId string: The type of assignment this policy coveres. Can be either member or owner.
ActivationRules GroupRoleManagementPolicyActivationRulesArgs: An activationRules block as defined below.
ActiveAssignmentRules GroupRoleManagementPolicyActiveAssignmentRulesArgs: An activeAssignmentRules block as defined below.
EligibleAssignmentRules GroupRoleManagementPolicyEligibleAssignmentRulesArgs: An eligibleAssignmentRules block as defined below.
NotificationRules GroupRoleManagementPolicyNotificationRulesArgs: A notificationRules block as defined below.

groupId String: The ID of the Azure AD group for which the policy applies.
roleId String: The type of assignment this policy coveres. Can be either member or owner.
activationRules GroupRoleManagementPolicyActivationRules: An activationRules block as defined below.
activeAssignmentRules GroupRoleManagementPolicyActiveAssignmentRules: An activeAssignmentRules block as defined below.
eligibleAssignmentRules GroupRoleManagementPolicyEligibleAssignmentRules: An eligibleAssignmentRules block as defined below.
notificationRules GroupRoleManagementPolicyNotificationRules: A notificationRules block as defined below.

groupId string: The ID of the Azure AD group for which the policy applies.
roleId string: The type of assignment this policy coveres. Can be either member or owner.
activationRules GroupRoleManagementPolicyActivationRules: An activationRules block as defined below.
activeAssignmentRules GroupRoleManagementPolicyActiveAssignmentRules: An activeAssignmentRules block as defined below.
eligibleAssignmentRules GroupRoleManagementPolicyEligibleAssignmentRules: An eligibleAssignmentRules block as defined below.
notificationRules GroupRoleManagementPolicyNotificationRules: A notificationRules block as defined below.

group_id str: The ID of the Azure AD group for which the policy applies.
role_id str: The type of assignment this policy coveres. Can be either member or owner.
activation_rules GroupRoleManagementPolicyActivationRulesArgs: An activationRules block as defined below.
active_assignment_rules GroupRoleManagementPolicyActiveAssignmentRulesArgs: An activeAssignmentRules block as defined below.
eligible_assignment_rules GroupRoleManagementPolicyEligibleAssignmentRulesArgs: An eligibleAssignmentRules block as defined below.
notification_rules GroupRoleManagementPolicyNotificationRulesArgs: A notificationRules block as defined below.

groupId String: The ID of the Azure AD group for which the policy applies.
roleId String: The type of assignment this policy coveres. Can be either member or owner.
activationRules Property Map: An activationRules block as defined below.
activeAssignmentRules Property Map: An activeAssignmentRules block as defined below.
eligibleAssignmentRules Property Map: An eligibleAssignmentRules block as defined below.
notificationRules Property Map: A notificationRules block as defined below.

Outputs

All input properties are implicitly available as output properties. Additionally, the GroupRoleManagementPolicy resource produces the following output properties:

Description string: (String) The description of this policy.
DisplayName string: (String) The display name of this policy.
Id string: The provider-assigned unique ID for this managed resource.

Description string: (String) The description of this policy.
DisplayName string: (String) The display name of this policy.
Id string: The provider-assigned unique ID for this managed resource.

description String: (String) The description of this policy.
displayName String: (String) The display name of this policy.
id String: The provider-assigned unique ID for this managed resource.

description string: (String) The description of this policy.
displayName string: (String) The display name of this policy.
id string: The provider-assigned unique ID for this managed resource.

description str: (String) The description of this policy.
display_name str: (String) The display name of this policy.
id str: The provider-assigned unique ID for this managed resource.

description String: (String) The description of this policy.
displayName String: (String) The display name of this policy.
id String: The provider-assigned unique ID for this managed resource.

Look up Existing GroupRoleManagementPolicy Resource

Get an existing GroupRoleManagementPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: GroupRoleManagementPolicyState, opts?: CustomResourceOptions): GroupRoleManagementPolicy

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        activation_rules: Optional[GroupRoleManagementPolicyActivationRulesArgs] = None,
        active_assignment_rules: Optional[GroupRoleManagementPolicyActiveAssignmentRulesArgs] = None,
        description: Optional[str] = None,
        display_name: Optional[str] = None,
        eligible_assignment_rules: Optional[GroupRoleManagementPolicyEligibleAssignmentRulesArgs] = None,
        group_id: Optional[str] = None,
        notification_rules: Optional[GroupRoleManagementPolicyNotificationRulesArgs] = None,
        role_id: Optional[str] = None) -> GroupRoleManagementPolicy

func GetGroupRoleManagementPolicy(ctx *Context, name string, id IDInput, state *GroupRoleManagementPolicyState, opts ...ResourceOption) (*GroupRoleManagementPolicy, error)

public static GroupRoleManagementPolicy Get(string name, Input<string> id, GroupRoleManagementPolicyState? state, CustomResourceOptions? opts = null)

public static GroupRoleManagementPolicy get(String name, Output<String> id, GroupRoleManagementPolicyState state, CustomResourceOptions options)

resources:  _:    type: azuread:GroupRoleManagementPolicy    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

ActivationRules Pulumi.AzureAD.Inputs.GroupRoleManagementPolicyActivationRules: An activationRules block as defined below.
ActiveAssignmentRules Pulumi.AzureAD.Inputs.GroupRoleManagementPolicyActiveAssignmentRules: An activeAssignmentRules block as defined below.
Description string: (String) The description of this policy.
DisplayName string: (String) The display name of this policy.
EligibleAssignmentRules Pulumi.AzureAD.Inputs.GroupRoleManagementPolicyEligibleAssignmentRules: An eligibleAssignmentRules block as defined below.
GroupId string: The ID of the Azure AD group for which the policy applies.
NotificationRules Pulumi.AzureAD.Inputs.GroupRoleManagementPolicyNotificationRules: A notificationRules block as defined below.
RoleId string: The type of assignment this policy coveres. Can be either member or owner.

ActivationRules GroupRoleManagementPolicyActivationRulesArgs: An activationRules block as defined below.
ActiveAssignmentRules GroupRoleManagementPolicyActiveAssignmentRulesArgs: An activeAssignmentRules block as defined below.
Description string: (String) The description of this policy.
DisplayName string: (String) The display name of this policy.
EligibleAssignmentRules GroupRoleManagementPolicyEligibleAssignmentRulesArgs: An eligibleAssignmentRules block as defined below.
GroupId string: The ID of the Azure AD group for which the policy applies.
NotificationRules GroupRoleManagementPolicyNotificationRulesArgs: A notificationRules block as defined below.
RoleId string: The type of assignment this policy coveres. Can be either member or owner.

activationRules GroupRoleManagementPolicyActivationRules: An activationRules block as defined below.
activeAssignmentRules GroupRoleManagementPolicyActiveAssignmentRules: An activeAssignmentRules block as defined below.
description String: (String) The description of this policy.
displayName String: (String) The display name of this policy.
eligibleAssignmentRules GroupRoleManagementPolicyEligibleAssignmentRules: An eligibleAssignmentRules block as defined below.
groupId String: The ID of the Azure AD group for which the policy applies.
notificationRules GroupRoleManagementPolicyNotificationRules: A notificationRules block as defined below.
roleId String: The type of assignment this policy coveres. Can be either member or owner.

activationRules GroupRoleManagementPolicyActivationRules: An activationRules block as defined below.
activeAssignmentRules GroupRoleManagementPolicyActiveAssignmentRules: An activeAssignmentRules block as defined below.
description string: (String) The description of this policy.
displayName string: (String) The display name of this policy.
eligibleAssignmentRules GroupRoleManagementPolicyEligibleAssignmentRules: An eligibleAssignmentRules block as defined below.
groupId string: The ID of the Azure AD group for which the policy applies.
notificationRules GroupRoleManagementPolicyNotificationRules: A notificationRules block as defined below.
roleId string: The type of assignment this policy coveres. Can be either member or owner.

activation_rules GroupRoleManagementPolicyActivationRulesArgs: An activationRules block as defined below.
active_assignment_rules GroupRoleManagementPolicyActiveAssignmentRulesArgs: An activeAssignmentRules block as defined below.
description str: (String) The description of this policy.
display_name str: (String) The display name of this policy.
eligible_assignment_rules GroupRoleManagementPolicyEligibleAssignmentRulesArgs: An eligibleAssignmentRules block as defined below.
group_id str: The ID of the Azure AD group for which the policy applies.
notification_rules GroupRoleManagementPolicyNotificationRulesArgs: A notificationRules block as defined below.
role_id str: The type of assignment this policy coveres. Can be either member or owner.

activationRules Property Map: An activationRules block as defined below.
activeAssignmentRules Property Map: An activeAssignmentRules block as defined below.
description String: (String) The description of this policy.
displayName String: (String) The display name of this policy.
eligibleAssignmentRules Property Map: An eligibleAssignmentRules block as defined below.
groupId String: The ID of the Azure AD group for which the policy applies.
notificationRules Property Map: A notificationRules block as defined below.
roleId String: The type of assignment this policy coveres. Can be either member or owner.

Supporting Types

GroupRoleManagementPolicyActivationRules, GroupRoleManagementPolicyActivationRulesArgs

ApprovalStage Pulumi.AzureAD.Inputs.GroupRoleManagementPolicyActivationRulesApprovalStage: An approvalStage block as defined below.
MaximumDuration string: The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. PT8H). Valid range is PT30M to PT23H30M, in 30 minute increments, or PT1D.
RequireApproval bool: Is approval required for activation. If true an approvalStage block must be provided.
RequireJustification bool: Is a justification required during activation of the role.
RequireMultifactorAuthentication bool: Is multi-factor authentication required to activate the role. Conflicts with requiredConditionalAccessAuthenticationContext.
RequireTicketInfo bool: Is ticket information requrired during activation of the role.
RequiredConditionalAccessAuthenticationContext string: The Entra ID Conditional Access context that must be present for activation (e.g c1). Conflicts with requireMultifactorAuthentication.

ApprovalStage GroupRoleManagementPolicyActivationRulesApprovalStage: An approvalStage block as defined below.
MaximumDuration string: The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. PT8H). Valid range is PT30M to PT23H30M, in 30 minute increments, or PT1D.
RequireApproval bool: Is approval required for activation. If true an approvalStage block must be provided.
RequireJustification bool: Is a justification required during activation of the role.
RequireMultifactorAuthentication bool: Is multi-factor authentication required to activate the role. Conflicts with requiredConditionalAccessAuthenticationContext.
RequireTicketInfo bool: Is ticket information requrired during activation of the role.
RequiredConditionalAccessAuthenticationContext string: The Entra ID Conditional Access context that must be present for activation (e.g c1). Conflicts with requireMultifactorAuthentication.

approvalStage GroupRoleManagementPolicyActivationRulesApprovalStage: An approvalStage block as defined below.
maximumDuration String: The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. PT8H). Valid range is PT30M to PT23H30M, in 30 minute increments, or PT1D.
requireApproval Boolean: Is approval required for activation. If true an approvalStage block must be provided.
requireJustification Boolean: Is a justification required during activation of the role.
requireMultifactorAuthentication Boolean: Is multi-factor authentication required to activate the role. Conflicts with requiredConditionalAccessAuthenticationContext.
requireTicketInfo Boolean: Is ticket information requrired during activation of the role.
requiredConditionalAccessAuthenticationContext String: The Entra ID Conditional Access context that must be present for activation (e.g c1). Conflicts with requireMultifactorAuthentication.

approvalStage GroupRoleManagementPolicyActivationRulesApprovalStage: An approvalStage block as defined below.
maximumDuration string: The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. PT8H). Valid range is PT30M to PT23H30M, in 30 minute increments, or PT1D.
requireApproval boolean: Is approval required for activation. If true an approvalStage block must be provided.
requireJustification boolean: Is a justification required during activation of the role.
requireMultifactorAuthentication boolean: Is multi-factor authentication required to activate the role. Conflicts with requiredConditionalAccessAuthenticationContext.
requireTicketInfo boolean: Is ticket information requrired during activation of the role.
requiredConditionalAccessAuthenticationContext string: The Entra ID Conditional Access context that must be present for activation (e.g c1). Conflicts with requireMultifactorAuthentication.

approval_stage GroupRoleManagementPolicyActivationRulesApprovalStage: An approvalStage block as defined below.
maximum_duration str: The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. PT8H). Valid range is PT30M to PT23H30M, in 30 minute increments, or PT1D.
require_approval bool: Is approval required for activation. If true an approvalStage block must be provided.
require_justification bool: Is a justification required during activation of the role.
require_multifactor_authentication bool: Is multi-factor authentication required to activate the role. Conflicts with requiredConditionalAccessAuthenticationContext.
require_ticket_info bool: Is ticket information requrired during activation of the role.
required_conditional_access_authentication_context str: The Entra ID Conditional Access context that must be present for activation (e.g c1). Conflicts with requireMultifactorAuthentication.

approvalStage Property Map: An approvalStage block as defined below.
maximumDuration String: The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g. PT8H). Valid range is PT30M to PT23H30M, in 30 minute increments, or PT1D.
requireApproval Boolean: Is approval required for activation. If true an approvalStage block must be provided.
requireJustification Boolean: Is a justification required during activation of the role.
requireMultifactorAuthentication Boolean: Is multi-factor authentication required to activate the role. Conflicts with requiredConditionalAccessAuthenticationContext.
requireTicketInfo Boolean: Is ticket information requrired during activation of the role.
requiredConditionalAccessAuthenticationContext String: The Entra ID Conditional Access context that must be present for activation (e.g c1). Conflicts with requireMultifactorAuthentication.

GroupRoleManagementPolicyActivationRulesApprovalStage, GroupRoleManagementPolicyActivationRulesApprovalStageArgs

PrimaryApprovers List<Pulumi.AzureAD.Inputs.GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover>: The IDs of the users or groups who can approve the activation

PrimaryApprovers []GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover: The IDs of the users or groups who can approve the activation

primaryApprovers List<GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover>: The IDs of the users or groups who can approve the activation

primaryApprovers GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover[]: The IDs of the users or groups who can approve the activation

primary_approvers Sequence[GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover]: The IDs of the users or groups who can approve the activation

primaryApprovers List<Property Map>: The IDs of the users or groups who can approve the activation

GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover, GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs

ObjectId string: The ID of the object which will act as an approver.
Type string: The type of object acting as an approver. Possible options are singleUser and groupMembers.

ObjectId string: The ID of the object which will act as an approver.
Type string: The type of object acting as an approver. Possible options are singleUser and groupMembers.

objectId String: The ID of the object which will act as an approver.
type String: The type of object acting as an approver. Possible options are singleUser and groupMembers.

objectId string: The ID of the object which will act as an approver.
type string: The type of object acting as an approver. Possible options are singleUser and groupMembers.

object_id str: The ID of the object which will act as an approver.
type str: The type of object acting as an approver. Possible options are singleUser and groupMembers.

objectId String: The ID of the object which will act as an approver.
type String: The type of object acting as an approver. Possible options are singleUser and groupMembers.

GroupRoleManagementPolicyActiveAssignmentRules, GroupRoleManagementPolicyActiveAssignmentRulesArgs

ExpirationRequired bool

Must an assignment have an expiry date. false allows permanent assignment.

ExpireAfter string

The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: P15D, P30D, P90D, P180D, or P365D.

RequireJustification bool

Is a justification required to create new assignments.

RequireMultifactorAuthentication bool

Is multi-factor authentication required to create new assignments.

RequireTicketInfo bool

Is ticket information required to create new assignments.

One of expirationRequired or expireAfter must be provided.

ExpirationRequired bool

Must an assignment have an expiry date. false allows permanent assignment.

ExpireAfter string

The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: P15D, P30D, P90D, P180D, or P365D.

RequireJustification bool

Is a justification required to create new assignments.

RequireMultifactorAuthentication bool

Is multi-factor authentication required to create new assignments.

RequireTicketInfo bool

Is ticket information required to create new assignments.

One of expirationRequired or expireAfter must be provided.

expirationRequired Boolean

Must an assignment have an expiry date. false allows permanent assignment.

expireAfter String

The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: P15D, P30D, P90D, P180D, or P365D.

requireJustification Boolean

Is a justification required to create new assignments.

requireMultifactorAuthentication Boolean

Is multi-factor authentication required to create new assignments.

requireTicketInfo Boolean

Is ticket information required to create new assignments.

One of expirationRequired or expireAfter must be provided.

expirationRequired boolean

Must an assignment have an expiry date. false allows permanent assignment.

expireAfter string

The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: P15D, P30D, P90D, P180D, or P365D.

requireJustification boolean

Is a justification required to create new assignments.

requireMultifactorAuthentication boolean

Is multi-factor authentication required to create new assignments.

requireTicketInfo boolean

Is ticket information required to create new assignments.

One of expirationRequired or expireAfter must be provided.

expiration_required bool

Must an assignment have an expiry date. false allows permanent assignment.

expire_after str

The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: P15D, P30D, P90D, P180D, or P365D.

require_justification bool

Is a justification required to create new assignments.

require_multifactor_authentication bool

Is multi-factor authentication required to create new assignments.

require_ticket_info bool

Is ticket information required to create new assignments.

One of expirationRequired or expireAfter must be provided.

expirationRequired Boolean

Must an assignment have an expiry date. false allows permanent assignment.

expireAfter String

The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: P15D, P30D, P90D, P180D, or P365D.

requireJustification Boolean

Is a justification required to create new assignments.

requireMultifactorAuthentication Boolean

Is multi-factor authentication required to create new assignments.

requireTicketInfo Boolean

Is ticket information required to create new assignments.

One of expirationRequired or expireAfter must be provided.

GroupRoleManagementPolicyEligibleAssignmentRules, GroupRoleManagementPolicyEligibleAssignmentRulesArgs

ExpirationRequired bool

Must an assignment have an expiry date. false allows permanent assignment.

ExpireAfter string

The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: P15D, P30D, P90D, P180D, or P365D.

One of expirationRequired or expireAfter must be provided.

ExpirationRequired bool

Must an assignment have an expiry date. false allows permanent assignment.

ExpireAfter string

The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: P15D, P30D, P90D, P180D, or P365D.

One of expirationRequired or expireAfter must be provided.

expirationRequired Boolean

Must an assignment have an expiry date. false allows permanent assignment.

expireAfter String

The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: P15D, P30D, P90D, P180D, or P365D.

One of expirationRequired or expireAfter must be provided.

expirationRequired boolean

Must an assignment have an expiry date. false allows permanent assignment.

expireAfter string

The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: P15D, P30D, P90D, P180D, or P365D.

One of expirationRequired or expireAfter must be provided.

expiration_required bool

Must an assignment have an expiry date. false allows permanent assignment.

expire_after str

The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: P15D, P30D, P90D, P180D, or P365D.

One of expirationRequired or expireAfter must be provided.

expirationRequired Boolean

Must an assignment have an expiry date. false allows permanent assignment.

expireAfter String

The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values: P15D, P30D, P90D, P180D, or P365D.

One of expirationRequired or expireAfter must be provided.

GroupRoleManagementPolicyNotificationRules, GroupRoleManagementPolicyNotificationRulesArgs

ActiveAssignments Pulumi.AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesActiveAssignments

A notificationTarget block as defined below to configure notfications on active role assignments.

EligibleActivations Pulumi.AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesEligibleActivations

A notificationTarget block as defined below for configuring notifications on activation of eligible role.

EligibleAssignments Pulumi.AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignments

A notificationTarget block as defined below to configure notification on eligible role assignments.

At least one notificationTarget block must be provided.

ActiveAssignments GroupRoleManagementPolicyNotificationRulesActiveAssignments

A notificationTarget block as defined below to configure notfications on active role assignments.

EligibleActivations GroupRoleManagementPolicyNotificationRulesEligibleActivations

A notificationTarget block as defined below for configuring notifications on activation of eligible role.

EligibleAssignments GroupRoleManagementPolicyNotificationRulesEligibleAssignments

A notificationTarget block as defined below to configure notification on eligible role assignments.

At least one notificationTarget block must be provided.

activeAssignments GroupRoleManagementPolicyNotificationRulesActiveAssignments

A notificationTarget block as defined below to configure notfications on active role assignments.

eligibleActivations GroupRoleManagementPolicyNotificationRulesEligibleActivations

A notificationTarget block as defined below for configuring notifications on activation of eligible role.

eligibleAssignments GroupRoleManagementPolicyNotificationRulesEligibleAssignments

A notificationTarget block as defined below to configure notification on eligible role assignments.

At least one notificationTarget block must be provided.

activeAssignments GroupRoleManagementPolicyNotificationRulesActiveAssignments

A notificationTarget block as defined below to configure notfications on active role assignments.

eligibleActivations GroupRoleManagementPolicyNotificationRulesEligibleActivations

A notificationTarget block as defined below for configuring notifications on activation of eligible role.

eligibleAssignments GroupRoleManagementPolicyNotificationRulesEligibleAssignments

A notificationTarget block as defined below to configure notification on eligible role assignments.

At least one notificationTarget block must be provided.

active_assignments GroupRoleManagementPolicyNotificationRulesActiveAssignments

A notificationTarget block as defined below to configure notfications on active role assignments.

eligible_activations GroupRoleManagementPolicyNotificationRulesEligibleActivations

A notificationTarget block as defined below for configuring notifications on activation of eligible role.

eligible_assignments GroupRoleManagementPolicyNotificationRulesEligibleAssignments

A notificationTarget block as defined below to configure notification on eligible role assignments.

At least one notificationTarget block must be provided.

activeAssignments Property Map

A notificationTarget block as defined below to configure notfications on active role assignments.

eligibleActivations Property Map

A notificationTarget block as defined below for configuring notifications on activation of eligible role.

eligibleAssignments Property Map

A notificationTarget block as defined below to configure notification on eligible role assignments.

At least one notificationTarget block must be provided.

GroupRoleManagementPolicyNotificationRulesActiveAssignments, GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs

AdminNotifications Pulumi.AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications: Admin notification settings
ApproverNotifications Pulumi.AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications: Approver notification settings
AssigneeNotifications Pulumi.AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications: Assignee notification settings

AdminNotifications GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications: Admin notification settings
ApproverNotifications GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications: Approver notification settings
AssigneeNotifications GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications: Assignee notification settings

adminNotifications GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications: Admin notification settings
approverNotifications GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications: Approver notification settings
assigneeNotifications GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications: Assignee notification settings

adminNotifications GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications: Admin notification settings
approverNotifications GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications: Approver notification settings
assigneeNotifications GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications: Assignee notification settings

admin_notifications GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications: Admin notification settings
approver_notifications GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications: Approver notification settings
assignee_notifications GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications: Assignee notification settings

adminNotifications Property Map: Admin notification settings
approverNotifications Property Map: Approver notification settings
assigneeNotifications Property Map: Assignee notification settings

GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications, GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs

DefaultRecipients bool: Whether the default recipients are notified
NotificationLevel string: What level of notifications are sent
AdditionalRecipients List<string>: The additional recipients to notify

DefaultRecipients bool: Whether the default recipients are notified
NotificationLevel string: What level of notifications are sent
AdditionalRecipients []string: The additional recipients to notify

defaultRecipients Boolean: Whether the default recipients are notified
notificationLevel String: What level of notifications are sent
additionalRecipients List<String>: The additional recipients to notify

defaultRecipients boolean: Whether the default recipients are notified
notificationLevel string: What level of notifications are sent
additionalRecipients string[]: The additional recipients to notify

default_recipients bool: Whether the default recipients are notified
notification_level str: What level of notifications are sent
additional_recipients Sequence[str]: The additional recipients to notify

defaultRecipients Boolean: Whether the default recipients are notified
notificationLevel String: What level of notifications are sent
additionalRecipients List<String>: The additional recipients to notify

GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications, GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs

DefaultRecipients bool: Whether the default recipients are notified
NotificationLevel string: What level of notifications are sent
AdditionalRecipients List<string>: The additional recipients to notify

DefaultRecipients bool: Whether the default recipients are notified
NotificationLevel string: What level of notifications are sent
AdditionalRecipients []string: The additional recipients to notify

defaultRecipients Boolean: Whether the default recipients are notified
notificationLevel String: What level of notifications are sent
additionalRecipients List<String>: The additional recipients to notify

defaultRecipients boolean: Whether the default recipients are notified
notificationLevel string: What level of notifications are sent
additionalRecipients string[]: The additional recipients to notify

default_recipients bool: Whether the default recipients are notified
notification_level str: What level of notifications are sent
additional_recipients Sequence[str]: The additional recipients to notify

defaultRecipients Boolean: Whether the default recipients are notified
notificationLevel String: What level of notifications are sent
additionalRecipients List<String>: The additional recipients to notify

GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications, GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs

DefaultRecipients bool: Whether the default recipients are notified
NotificationLevel string: What level of notifications are sent
AdditionalRecipients List<string>: The additional recipients to notify

DefaultRecipients bool: Whether the default recipients are notified
NotificationLevel string: What level of notifications are sent
AdditionalRecipients []string: The additional recipients to notify

defaultRecipients Boolean: Whether the default recipients are notified
notificationLevel String: What level of notifications are sent
additionalRecipients List<String>: The additional recipients to notify

defaultRecipients boolean: Whether the default recipients are notified
notificationLevel string: What level of notifications are sent
additionalRecipients string[]: The additional recipients to notify

default_recipients bool: Whether the default recipients are notified
notification_level str: What level of notifications are sent
additional_recipients Sequence[str]: The additional recipients to notify

defaultRecipients Boolean: Whether the default recipients are notified
notificationLevel String: What level of notifications are sent
additionalRecipients List<String>: The additional recipients to notify

GroupRoleManagementPolicyNotificationRulesEligibleActivations, GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs

AdminNotifications Pulumi.AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications: Admin notification settings
ApproverNotifications Pulumi.AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications: Approver notification settings
AssigneeNotifications Pulumi.AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications: Assignee notification settings

AdminNotifications GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications: Admin notification settings
ApproverNotifications GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications: Approver notification settings
AssigneeNotifications GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications: Assignee notification settings

adminNotifications GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications: Admin notification settings
approverNotifications GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications: Approver notification settings
assigneeNotifications GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications: Assignee notification settings

adminNotifications GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications: Admin notification settings
approverNotifications GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications: Approver notification settings
assigneeNotifications GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications: Assignee notification settings

admin_notifications GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications: Admin notification settings
approver_notifications GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications: Approver notification settings
assignee_notifications GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications: Assignee notification settings

adminNotifications Property Map: Admin notification settings
approverNotifications Property Map: Approver notification settings
assigneeNotifications Property Map: Assignee notification settings

GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications, GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs

DefaultRecipients bool: Whether the default recipients are notified
NotificationLevel string: What level of notifications are sent
AdditionalRecipients List<string>: The additional recipients to notify

DefaultRecipients bool: Whether the default recipients are notified
NotificationLevel string: What level of notifications are sent
AdditionalRecipients []string: The additional recipients to notify

defaultRecipients Boolean: Whether the default recipients are notified
notificationLevel String: What level of notifications are sent
additionalRecipients List<String>: The additional recipients to notify

defaultRecipients boolean: Whether the default recipients are notified
notificationLevel string: What level of notifications are sent
additionalRecipients string[]: The additional recipients to notify

default_recipients bool: Whether the default recipients are notified
notification_level str: What level of notifications are sent
additional_recipients Sequence[str]: The additional recipients to notify

defaultRecipients Boolean: Whether the default recipients are notified
notificationLevel String: What level of notifications are sent
additionalRecipients List<String>: The additional recipients to notify

GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications, GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs

DefaultRecipients bool: Whether the default recipients are notified
NotificationLevel string: What level of notifications are sent
AdditionalRecipients List<string>: The additional recipients to notify

DefaultRecipients bool: Whether the default recipients are notified
NotificationLevel string: What level of notifications are sent
AdditionalRecipients []string: The additional recipients to notify

defaultRecipients Boolean: Whether the default recipients are notified
notificationLevel String: What level of notifications are sent
additionalRecipients List<String>: The additional recipients to notify

defaultRecipients boolean: Whether the default recipients are notified
notificationLevel string: What level of notifications are sent
additionalRecipients string[]: The additional recipients to notify

default_recipients bool: Whether the default recipients are notified
notification_level str: What level of notifications are sent
additional_recipients Sequence[str]: The additional recipients to notify

defaultRecipients Boolean: Whether the default recipients are notified
notificationLevel String: What level of notifications are sent
additionalRecipients List<String>: The additional recipients to notify

GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications, GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs

DefaultRecipients bool: Whether the default recipients are notified
NotificationLevel string: What level of notifications are sent
AdditionalRecipients List<string>: The additional recipients to notify

DefaultRecipients bool: Whether the default recipients are notified
NotificationLevel string: What level of notifications are sent
AdditionalRecipients []string: The additional recipients to notify

defaultRecipients Boolean: Whether the default recipients are notified
notificationLevel String: What level of notifications are sent
additionalRecipients List<String>: The additional recipients to notify

defaultRecipients boolean: Whether the default recipients are notified
notificationLevel string: What level of notifications are sent
additionalRecipients string[]: The additional recipients to notify

default_recipients bool: Whether the default recipients are notified
notification_level str: What level of notifications are sent
additional_recipients Sequence[str]: The additional recipients to notify

defaultRecipients Boolean: Whether the default recipients are notified
notificationLevel String: What level of notifications are sent
additionalRecipients List<String>: The additional recipients to notify

GroupRoleManagementPolicyNotificationRulesEligibleAssignments, GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs

AdminNotifications Pulumi.AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications: Admin notification settings
ApproverNotifications Pulumi.AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications: Approver notification settings
AssigneeNotifications Pulumi.AzureAD.Inputs.GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications: Assignee notification settings

AdminNotifications GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications: Admin notification settings
ApproverNotifications GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications: Approver notification settings
AssigneeNotifications GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications: Assignee notification settings

adminNotifications GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications: Admin notification settings
approverNotifications GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications: Approver notification settings
assigneeNotifications GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications: Assignee notification settings

adminNotifications GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications: Admin notification settings
approverNotifications GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications: Approver notification settings
assigneeNotifications GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications: Assignee notification settings

admin_notifications GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications: Admin notification settings
approver_notifications GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications: Approver notification settings
assignee_notifications GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications: Assignee notification settings

adminNotifications Property Map: Admin notification settings
approverNotifications Property Map: Approver notification settings
assigneeNotifications Property Map: Assignee notification settings

GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications, GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs

DefaultRecipients bool: Whether the default recipients are notified
NotificationLevel string: What level of notifications are sent
AdditionalRecipients List<string>: The additional recipients to notify

DefaultRecipients bool: Whether the default recipients are notified
NotificationLevel string: What level of notifications are sent
AdditionalRecipients []string: The additional recipients to notify

defaultRecipients Boolean: Whether the default recipients are notified
notificationLevel String: What level of notifications are sent
additionalRecipients List<String>: The additional recipients to notify

defaultRecipients boolean: Whether the default recipients are notified
notificationLevel string: What level of notifications are sent
additionalRecipients string[]: The additional recipients to notify

default_recipients bool: Whether the default recipients are notified
notification_level str: What level of notifications are sent
additional_recipients Sequence[str]: The additional recipients to notify

defaultRecipients Boolean: Whether the default recipients are notified
notificationLevel String: What level of notifications are sent
additionalRecipients List<String>: The additional recipients to notify

GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications, GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs

DefaultRecipients bool: Whether the default recipients are notified
NotificationLevel string: What level of notifications are sent
AdditionalRecipients List<string>: The additional recipients to notify

DefaultRecipients bool: Whether the default recipients are notified
NotificationLevel string: What level of notifications are sent
AdditionalRecipients []string: The additional recipients to notify

defaultRecipients Boolean: Whether the default recipients are notified
notificationLevel String: What level of notifications are sent
additionalRecipients List<String>: The additional recipients to notify

defaultRecipients boolean: Whether the default recipients are notified
notificationLevel string: What level of notifications are sent
additionalRecipients string[]: The additional recipients to notify

default_recipients bool: Whether the default recipients are notified
notification_level str: What level of notifications are sent
additional_recipients Sequence[str]: The additional recipients to notify

defaultRecipients Boolean: Whether the default recipients are notified
notificationLevel String: What level of notifications are sent
additionalRecipients List<String>: The additional recipients to notify

GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications, GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs

DefaultRecipients bool: Whether the default recipients are notified
NotificationLevel string: What level of notifications are sent
AdditionalRecipients List<string>: The additional recipients to notify

DefaultRecipients bool: Whether the default recipients are notified
NotificationLevel string: What level of notifications are sent
AdditionalRecipients []string: The additional recipients to notify

defaultRecipients Boolean: Whether the default recipients are notified
notificationLevel String: What level of notifications are sent
additionalRecipients List<String>: The additional recipients to notify

defaultRecipients boolean: Whether the default recipients are notified
notificationLevel string: What level of notifications are sent
additionalRecipients string[]: The additional recipients to notify

default_recipients bool: Whether the default recipients are notified
notification_level str: What level of notifications are sent
additional_recipients Sequence[str]: The additional recipients to notify

defaultRecipients Boolean: Whether the default recipients are notified
notificationLevel String: What level of notifications are sent
additionalRecipients List<String>: The additional recipients to notify

Import

Because these policies are created automatically by Entra ID, they will auto-import on first use.

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Azure Active Directory (Azure AD) pulumi/pulumi-azuread
License: Apache-2.0
Notes: This Pulumi package is based on the azuread Terraform Provider.

Viewing docs for Azure Active Directory (Azure AD) v6.9.0
published on Tuesday, Mar 24, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-azuread

azuread.GroupRoleManagementPolicy

On this page

On this page

API Permissions

Example Usage

Create GroupRoleManagementPolicy Resource

Constructor syntax

Parameters

Constructor example

GroupRoleManagementPolicy Resource Properties

Inputs

Outputs

Look up Existing GroupRoleManagementPolicy Resource

Supporting Types

GroupRoleManagementPolicyActivationRules, GroupRoleManagementPolicyActivationRulesArgs

GroupRoleManagementPolicyActivationRulesApprovalStage, GroupRoleManagementPolicyActivationRulesApprovalStageArgs

GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApprover, GroupRoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs

GroupRoleManagementPolicyActiveAssignmentRules, GroupRoleManagementPolicyActiveAssignmentRulesArgs

GroupRoleManagementPolicyEligibleAssignmentRules, GroupRoleManagementPolicyEligibleAssignmentRulesArgs

GroupRoleManagementPolicyNotificationRules, GroupRoleManagementPolicyNotificationRulesArgs

GroupRoleManagementPolicyNotificationRulesActiveAssignments, GroupRoleManagementPolicyNotificationRulesActiveAssignmentsArgs

GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications, GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs

GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications, GroupRoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs

GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications, GroupRoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs

GroupRoleManagementPolicyNotificationRulesEligibleActivations, GroupRoleManagementPolicyNotificationRulesEligibleActivationsArgs

GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications, GroupRoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs

GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications, GroupRoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs

GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications, GroupRoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs

GroupRoleManagementPolicyNotificationRulesEligibleAssignments, GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsArgs

GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications, GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs

GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications, GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs

GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications, GroupRoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs

Import

Package Details

On this page

On this page