Azure DevOps v3.11.0 published on Saturday, Dec 20, 2025 by Pulumi
Azure DevOps v3.11.0 published on Saturday, Dec 20, 2025 by Pulumi
Manages assignment of security roles to various resources within Azure DevOps organization.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azuredevops from "@pulumi/azuredevops";
import * as std from "@pulumi/std";
const example = new azuredevops.Project("example", {
name: "Example Project",
visibility: "private",
versionControl: "Git",
workItemTemplate: "Agile",
description: "Managed by Pulumi",
});
const exampleEnvironment = new azuredevops.Environment("example", {
projectId: example.id,
name: "Example Environment",
description: "Example pipeline deployment environment",
});
const exampleGroup = new azuredevops.Group("example", {
scope: example.id,
displayName: "Example group",
description: "Description of example group",
});
const exampleSecurityroleAssignment = new azuredevops.SecurityroleAssignment("example", {
scope: "distributedtask.environmentreferencerole",
resourceId: std.index.format({
input: "%s_%s",
args: [
example.id,
exampleEnvironment.id,
],
}).result,
identityId: exampleGroup.groupId,
roleName: "Administrator",
});
import pulumi
import pulumi_azuredevops as azuredevops
import pulumi_std as std
example = azuredevops.Project("example",
name="Example Project",
visibility="private",
version_control="Git",
work_item_template="Agile",
description="Managed by Pulumi")
example_environment = azuredevops.Environment("example",
project_id=example.id,
name="Example Environment",
description="Example pipeline deployment environment")
example_group = azuredevops.Group("example",
scope=example.id,
display_name="Example group",
description="Description of example group")
example_securityrole_assignment = azuredevops.SecurityroleAssignment("example",
scope="distributedtask.environmentreferencerole",
resource_id=std.index.format(input="%s_%s",
args=[
example.id,
example_environment.id,
])["result"],
identity_id=example_group.group_id,
role_name="Administrator")
package main
import (
"github.com/pulumi/pulumi-azuredevops/sdk/v3/go/azuredevops"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := azuredevops.NewProject(ctx, "example", &azuredevops.ProjectArgs{
Name: pulumi.String("Example Project"),
Visibility: pulumi.String("private"),
VersionControl: pulumi.String("Git"),
WorkItemTemplate: pulumi.String("Agile"),
Description: pulumi.String("Managed by Pulumi"),
})
if err != nil {
return err
}
exampleEnvironment, err := azuredevops.NewEnvironment(ctx, "example", &azuredevops.EnvironmentArgs{
ProjectId: example.ID(),
Name: pulumi.String("Example Environment"),
Description: pulumi.String("Example pipeline deployment environment"),
})
if err != nil {
return err
}
exampleGroup, err := azuredevops.NewGroup(ctx, "example", &azuredevops.GroupArgs{
Scope: example.ID(),
DisplayName: pulumi.String("Example group"),
Description: pulumi.String("Description of example group"),
})
if err != nil {
return err
}
invokeFormat, err := std.Format(ctx, map[string]interface{}{
"input": "%s_%s",
"args": pulumi.StringArray{
example.ID(),
exampleEnvironment.ID(),
},
}, nil)
if err != nil {
return err
}
_, err = azuredevops.NewSecurityroleAssignment(ctx, "example", &azuredevops.SecurityroleAssignmentArgs{
Scope: pulumi.String("distributedtask.environmentreferencerole"),
ResourceId: invokeFormat.Result,
IdentityId: exampleGroup.GroupId,
RoleName: pulumi.String("Administrator"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureDevOps = Pulumi.AzureDevOps;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var example = new AzureDevOps.Project("example", new()
{
Name = "Example Project",
Visibility = "private",
VersionControl = "Git",
WorkItemTemplate = "Agile",
Description = "Managed by Pulumi",
});
var exampleEnvironment = new AzureDevOps.Environment("example", new()
{
ProjectId = example.Id,
Name = "Example Environment",
Description = "Example pipeline deployment environment",
});
var exampleGroup = new AzureDevOps.Group("example", new()
{
Scope = example.Id,
DisplayName = "Example group",
Description = "Description of example group",
});
var exampleSecurityroleAssignment = new AzureDevOps.SecurityroleAssignment("example", new()
{
Scope = "distributedtask.environmentreferencerole",
ResourceId = Std.Index.Format.Invoke(new()
{
Input = "%s_%s",
Args = new[]
{
example.Id,
exampleEnvironment.Id,
},
}).Result,
IdentityId = exampleGroup.GroupId,
RoleName = "Administrator",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuredevops.Project;
import com.pulumi.azuredevops.ProjectArgs;
import com.pulumi.azuredevops.Environment;
import com.pulumi.azuredevops.EnvironmentArgs;
import com.pulumi.azuredevops.Group;
import com.pulumi.azuredevops.GroupArgs;
import com.pulumi.azuredevops.SecurityroleAssignment;
import com.pulumi.azuredevops.SecurityroleAssignmentArgs;
import com.pulumi.std.StdFunctions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Project("example", ProjectArgs.builder()
.name("Example Project")
.visibility("private")
.versionControl("Git")
.workItemTemplate("Agile")
.description("Managed by Pulumi")
.build());
var exampleEnvironment = new Environment("exampleEnvironment", EnvironmentArgs.builder()
.projectId(example.id())
.name("Example Environment")
.description("Example pipeline deployment environment")
.build());
var exampleGroup = new Group("exampleGroup", GroupArgs.builder()
.scope(example.id())
.displayName("Example group")
.description("Description of example group")
.build());
var exampleSecurityroleAssignment = new SecurityroleAssignment("exampleSecurityroleAssignment", SecurityroleAssignmentArgs.builder()
.scope("distributedtask.environmentreferencerole")
.resourceId(StdFunctions.format(Map.ofEntries(
Map.entry("input", "%s_%s"),
Map.entry("args",
example.id(),
exampleEnvironment.id())
)).result())
.identityId(exampleGroup.groupId())
.roleName("Administrator")
.build());
}
}
resources:
example:
type: azuredevops:Project
properties:
name: Example Project
visibility: private
versionControl: Git
workItemTemplate: Agile
description: Managed by Pulumi
exampleEnvironment:
type: azuredevops:Environment
name: example
properties:
projectId: ${example.id}
name: Example Environment
description: Example pipeline deployment environment
exampleGroup:
type: azuredevops:Group
name: example
properties:
scope: ${example.id}
displayName: Example group
description: Description of example group
exampleSecurityroleAssignment:
type: azuredevops:SecurityroleAssignment
name: example
properties:
scope: distributedtask.environmentreferencerole
resourceId:
fn::invoke:
function: std:format
arguments:
input: '%s_%s'
args:
- ${example.id}
- ${exampleEnvironment.id}
return: result
identityId: ${exampleGroup.groupId}
roleName: Administrator
Relevant Links
Create SecurityroleAssignment Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecurityroleAssignment(name: string, args: SecurityroleAssignmentArgs, opts?: CustomResourceOptions);@overload
def SecurityroleAssignment(resource_name: str,
args: SecurityroleAssignmentArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SecurityroleAssignment(resource_name: str,
opts: Optional[ResourceOptions] = None,
identity_id: Optional[str] = None,
resource_id: Optional[str] = None,
role_name: Optional[str] = None,
scope: Optional[str] = None)func NewSecurityroleAssignment(ctx *Context, name string, args SecurityroleAssignmentArgs, opts ...ResourceOption) (*SecurityroleAssignment, error)public SecurityroleAssignment(string name, SecurityroleAssignmentArgs args, CustomResourceOptions? opts = null)
public SecurityroleAssignment(String name, SecurityroleAssignmentArgs args)
public SecurityroleAssignment(String name, SecurityroleAssignmentArgs args, CustomResourceOptions options)
type: azuredevops:SecurityroleAssignment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecurityroleAssignmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecurityroleAssignmentArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecurityroleAssignmentArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecurityroleAssignmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecurityroleAssignmentArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var securityroleAssignmentResource = new AzureDevOps.SecurityroleAssignment("securityroleAssignmentResource", new()
{
IdentityId = "string",
ResourceId = "string",
RoleName = "string",
Scope = "string",
});
example, err := azuredevops.NewSecurityroleAssignment(ctx, "securityroleAssignmentResource", &azuredevops.SecurityroleAssignmentArgs{
IdentityId: pulumi.String("string"),
ResourceId: pulumi.String("string"),
RoleName: pulumi.String("string"),
Scope: pulumi.String("string"),
})
var securityroleAssignmentResource = new SecurityroleAssignment("securityroleAssignmentResource", SecurityroleAssignmentArgs.builder()
.identityId("string")
.resourceId("string")
.roleName("string")
.scope("string")
.build());
securityrole_assignment_resource = azuredevops.SecurityroleAssignment("securityroleAssignmentResource",
identity_id="string",
resource_id="string",
role_name="string",
scope="string")
const securityroleAssignmentResource = new azuredevops.SecurityroleAssignment("securityroleAssignmentResource", {
identityId: "string",
resourceId: "string",
roleName: "string",
scope: "string",
});
type: azuredevops:SecurityroleAssignment
properties:
identityId: string
resourceId: string
roleName: string
scope: string
SecurityroleAssignment Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SecurityroleAssignment resource accepts the following input properties:
- Identity
Id string - The ID of the identity to authorize.
- Resource
Id string - The ID of the resource on which the role is to be assigned. Changing this forces a new resource to be created.
- Role
Name string - Name of the role to assign.
- Scope string
- The scope in which this assignment should exist.
- Identity
Id string - The ID of the identity to authorize.
- Resource
Id string - The ID of the resource on which the role is to be assigned. Changing this forces a new resource to be created.
- Role
Name string - Name of the role to assign.
- Scope string
- The scope in which this assignment should exist.
- identity
Id String - The ID of the identity to authorize.
- resource
Id String - The ID of the resource on which the role is to be assigned. Changing this forces a new resource to be created.
- role
Name String - Name of the role to assign.
- scope String
- The scope in which this assignment should exist.
- identity
Id string - The ID of the identity to authorize.
- resource
Id string - The ID of the resource on which the role is to be assigned. Changing this forces a new resource to be created.
- role
Name string - Name of the role to assign.
- scope string
- The scope in which this assignment should exist.
- identity_
id str - The ID of the identity to authorize.
- resource_
id str - The ID of the resource on which the role is to be assigned. Changing this forces a new resource to be created.
- role_
name str - Name of the role to assign.
- scope str
- The scope in which this assignment should exist.
- identity
Id String - The ID of the identity to authorize.
- resource
Id String - The ID of the resource on which the role is to be assigned. Changing this forces a new resource to be created.
- role
Name String - Name of the role to assign.
- scope String
- The scope in which this assignment should exist.
Outputs
All input properties are implicitly available as output properties. Additionally, the SecurityroleAssignment resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing SecurityroleAssignment Resource
Get an existing SecurityroleAssignment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecurityroleAssignmentState, opts?: CustomResourceOptions): SecurityroleAssignment@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
identity_id: Optional[str] = None,
resource_id: Optional[str] = None,
role_name: Optional[str] = None,
scope: Optional[str] = None) -> SecurityroleAssignmentfunc GetSecurityroleAssignment(ctx *Context, name string, id IDInput, state *SecurityroleAssignmentState, opts ...ResourceOption) (*SecurityroleAssignment, error)public static SecurityroleAssignment Get(string name, Input<string> id, SecurityroleAssignmentState? state, CustomResourceOptions? opts = null)public static SecurityroleAssignment get(String name, Output<String> id, SecurityroleAssignmentState state, CustomResourceOptions options)resources: _: type: azuredevops:SecurityroleAssignment get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Identity
Id string - The ID of the identity to authorize.
- Resource
Id string - The ID of the resource on which the role is to be assigned. Changing this forces a new resource to be created.
- Role
Name string - Name of the role to assign.
- Scope string
- The scope in which this assignment should exist.
- Identity
Id string - The ID of the identity to authorize.
- Resource
Id string - The ID of the resource on which the role is to be assigned. Changing this forces a new resource to be created.
- Role
Name string - Name of the role to assign.
- Scope string
- The scope in which this assignment should exist.
- identity
Id String - The ID of the identity to authorize.
- resource
Id String - The ID of the resource on which the role is to be assigned. Changing this forces a new resource to be created.
- role
Name String - Name of the role to assign.
- scope String
- The scope in which this assignment should exist.
- identity
Id string - The ID of the identity to authorize.
- resource
Id string - The ID of the resource on which the role is to be assigned. Changing this forces a new resource to be created.
- role
Name string - Name of the role to assign.
- scope string
- The scope in which this assignment should exist.
- identity_
id str - The ID of the identity to authorize.
- resource_
id str - The ID of the resource on which the role is to be assigned. Changing this forces a new resource to be created.
- role_
name str - Name of the role to assign.
- scope str
- The scope in which this assignment should exist.
- identity
Id String - The ID of the identity to authorize.
- resource
Id String - The ID of the resource on which the role is to be assigned. Changing this forces a new resource to be created.
- role
Name String - Name of the role to assign.
- scope String
- The scope in which this assignment should exist.
Package Details
- Repository
- Azure DevOps pulumi/pulumi-azuredevops
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azuredevopsTerraform Provider.
Azure DevOps v3.11.0 published on Saturday, Dec 20, 2025 by Pulumi
