pulumiservice.api.Role

Pulumi Cloud v1.1.0, May 21 26

This provider is currently in preview.

Viewing docs for Pulumi Cloud v1.1.0
published on Thursday, May 21, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-pulumiservice

This provider is currently in preview.

Viewing docs for Pulumi Cloud v1.1.0
published on Thursday, May 21, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-pulumiservice

Creates a new custom role for an organization. Custom roles define fine-grained permission sets that can be assigned to organization members and teams, enabling precise access control beyond the built-in admin and member roles. Optionally, an associated policy and role binding can be created alongside the role. Role definitions are subject to two limits: a permission descriptor group may contain at most 500 entries (each directly-specified entity counts as one entry), and the total serialized size of the role definition may not exceed 1 MB. Exceeding either limit returns a 400 error. If you need to grant access to more than 500 individually listed resources, use tag-based (ABAC) rules instead.

Create Role Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Role(name: string, args: RoleArgs, opts?: CustomResourceOptions);

@overload
def Role(resource_name: str,
         args: RoleArgs,
         opts: Optional[ResourceOptions] = None)

@overload
def Role(resource_name: str,
         opts: Optional[ResourceOptions] = None,
         org_name: Optional[str] = None,
         create_policy_and_role: Optional[bool] = None,
         description: Optional[str] = None,
         details: Optional[Any] = None,
         name: Optional[str] = None,
         resource_type: Optional[str] = None,
         role_id: Optional[str] = None,
         ux_purpose: Optional[str] = None)

func NewRole(ctx *Context, name string, args RoleArgs, opts ...ResourceOption) (*Role, error)

public Role(string name, RoleArgs args, CustomResourceOptions? opts = null)

public Role(String name, RoleArgs args)
public Role(String name, RoleArgs args, CustomResourceOptions options)

type: pulumiservice:api:Role
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

resource "pulumiservice_api_role" "name" {
    # resource properties
}

Parameters

name string: The unique name of the resource.
args RoleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args RoleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args RoleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args RoleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args RoleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var pulumiserviceRoleResource = new PulumiService.Api.Role("pulumiserviceRoleResource", new()
{
    OrgName = "string",
    CreatePolicyAndRole = false,
    Description = "string",
    Details = "any",
    Name = "string",
    ResourceType = "string",
    RoleID = "string",
    UxPurpose = "string",
});

example, err := api.NewRole(ctx, "pulumiserviceRoleResource", &api.RoleArgs{
	OrgName:             pulumi.String("string"),
	CreatePolicyAndRole: pulumi.Bool(false),
	Description:         pulumi.String("string"),
	Details:             pulumi.Any("any"),
	Name:                pulumi.String("string"),
	ResourceType:        pulumi.String("string"),
	RoleID:              pulumi.String("string"),
	UxPurpose:           pulumi.String("string"),
})

resource "pulumiservice_api_role" "pulumiserviceRoleResource" {
  org_name               = "string"
  create_policy_and_role = false
  description            = "string"
  details                = "any"
  name                   = "string"
  resource_type          = "string"
  role_id                = "string"
  ux_purpose             = "string"
}

var pulumiserviceRoleResource = new Role("pulumiserviceRoleResource", RoleArgs.builder()
    .orgName("string")
    .createPolicyAndRole(false)
    .description("string")
    .details("any")
    .name("string")
    .resourceType("string")
    .roleID("string")
    .uxPurpose("string")
    .build());

pulumiservice_role_resource = pulumiservice.api.Role("pulumiserviceRoleResource",
    org_name="string",
    create_policy_and_role=False,
    description="string",
    details="any",
    name="string",
    resource_type="string",
    role_id="string",
    ux_purpose="string")

const pulumiserviceRoleResource = new pulumiservice.api.Role("pulumiserviceRoleResource", {
    orgName: "string",
    createPolicyAndRole: false,
    description: "string",
    details: "any",
    name: "string",
    resourceType: "string",
    roleID: "string",
    uxPurpose: "string",
});

type: pulumiservice:api:Role
properties:
    createPolicyAndRole: false
    description: string
    details: any
    name: string
    orgName: string
    resourceType: string
    roleID: string
    uxPurpose: string

Role Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Role resource accepts the following input properties:

OrgName string: The organization name
CreatePolicyAndRole bool: Also create an associated policy and role binding alongside the role
Description string: A human-readable description of the permission descriptor.
Details object: The detailed permission descriptor tree.
Name string: The name of the permission descriptor.
ResourceType string: The resource type this permission descriptor applies to.
RoleID string: The role identifier
UxPurpose string: The UX purpose of this permission descriptor (e.g. role, policy, set).

OrgName string: The organization name
CreatePolicyAndRole bool: Also create an associated policy and role binding alongside the role
Description string: A human-readable description of the permission descriptor.
Details interface{}: The detailed permission descriptor tree.
Name string: The name of the permission descriptor.
ResourceType string: The resource type this permission descriptor applies to.
RoleID string: The role identifier
UxPurpose string: The UX purpose of this permission descriptor (e.g. role, policy, set).

org_name string: The organization name
create_policy_and_role bool: Also create an associated policy and role binding alongside the role
description string: A human-readable description of the permission descriptor.
details any: The detailed permission descriptor tree.
name string: The name of the permission descriptor.
resource_type string: The resource type this permission descriptor applies to.
role_id string: The role identifier
ux_purpose string: The UX purpose of this permission descriptor (e.g. role, policy, set).

orgName String: The organization name
createPolicyAndRole Boolean: Also create an associated policy and role binding alongside the role
description String: A human-readable description of the permission descriptor.
details Object: The detailed permission descriptor tree.
name String: The name of the permission descriptor.
resourceType String: The resource type this permission descriptor applies to.
roleID String: The role identifier
uxPurpose String: The UX purpose of this permission descriptor (e.g. role, policy, set).

orgName string: The organization name
createPolicyAndRole boolean: Also create an associated policy and role binding alongside the role
description string: A human-readable description of the permission descriptor.
details any: The detailed permission descriptor tree.
name string: The name of the permission descriptor.
resourceType string: The resource type this permission descriptor applies to.
roleID string: The role identifier
uxPurpose string: The UX purpose of this permission descriptor (e.g. role, policy, set).

org_name str: The organization name
create_policy_and_role bool: Also create an associated policy and role binding alongside the role
description str: A human-readable description of the permission descriptor.
details Any: The detailed permission descriptor tree.
name str: The name of the permission descriptor.
resource_type str: The resource type this permission descriptor applies to.
role_id str: The role identifier
ux_purpose str: The UX purpose of this permission descriptor (e.g. role, policy, set).

orgName String: The organization name
createPolicyAndRole Boolean: Also create an associated policy and role binding alongside the role
description String: A human-readable description of the permission descriptor.
details Any: The detailed permission descriptor tree.
name String: The name of the permission descriptor.
resourceType String: The resource type this permission descriptor applies to.
roleID String: The role identifier
uxPurpose String: The UX purpose of this permission descriptor (e.g. role, policy, set).

Outputs

All input properties are implicitly available as output properties. Additionally, the Role resource produces the following output properties:

Created string: When the role was created.
Id string: The provider-assigned unique ID for this managed resource.
IsOrgDefault bool: Whether this role is the organization default.
Modified string: When the role was last modified.
OrgId string: The ID of the organization this role belongs to.
Version int: The version of this role.
DefaultIdentifier string: The identifier for default roles. Empty for custom roles.

Created string: When the role was created.
Id string: The provider-assigned unique ID for this managed resource.
IsOrgDefault bool: Whether this role is the organization default.
Modified string: When the role was last modified.
OrgId string: The ID of the organization this role belongs to.
Version int: The version of this role.
DefaultIdentifier string: The identifier for default roles. Empty for custom roles.

created string: When the role was created.
id string: The provider-assigned unique ID for this managed resource.
is_org_default bool: Whether this role is the organization default.
modified string: When the role was last modified.
org_id string: The ID of the organization this role belongs to.
version number: The version of this role.
default_identifier string: The identifier for default roles. Empty for custom roles.

created String: When the role was created.
id String: The provider-assigned unique ID for this managed resource.
isOrgDefault Boolean: Whether this role is the organization default.
modified String: When the role was last modified.
orgId String: The ID of the organization this role belongs to.
version Integer: The version of this role.
defaultIdentifier String: The identifier for default roles. Empty for custom roles.

created string: When the role was created.
id string: The provider-assigned unique ID for this managed resource.
isOrgDefault boolean: Whether this role is the organization default.
modified string: When the role was last modified.
orgId string: The ID of the organization this role belongs to.
version number: The version of this role.
defaultIdentifier string: The identifier for default roles. Empty for custom roles.

created str: When the role was created.
id str: The provider-assigned unique ID for this managed resource.
is_org_default bool: Whether this role is the organization default.
modified str: When the role was last modified.
org_id str: The ID of the organization this role belongs to.
version int: The version of this role.
default_identifier str: The identifier for default roles. Empty for custom roles.

created String: When the role was created.
id String: The provider-assigned unique ID for this managed resource.
isOrgDefault Boolean: Whether this role is the organization default.
modified String: When the role was last modified.
orgId String: The ID of the organization this role belongs to.
version Number: The version of this role.
defaultIdentifier String: The identifier for default roles. Empty for custom roles.

Package Details

Repository: pulumiservice pulumi/pulumi-pulumiservice
License: Apache-2.0

This provider is currently in preview.

Viewing docs for Pulumi Cloud v1.1.0
published on Thursday, May 21, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-pulumiservice

On this page

On this page

Create Role Resource

Constructor syntax

Parameters

Constructor example

Role Resource Properties

Inputs

Outputs

Package Details

On this page

On this page

Try Pulumi Cloud free.
Your team will thank you.

pulumiservice.api.Role

On this page

On this page

Create Role Resource

Constructor syntax

Parameters

Constructor example

Role Resource Properties

Inputs

Outputs

Package Details

On this page

On this page

Try Pulumi Cloud free.Your team will thank you.

Try Pulumi Cloud free.
Your team will thank you.