pulumiservice.OrganizationRole

Pulumi Cloud v0.39.0, Apr 28 26

This provider is currently in preview.

Viewing docs for Pulumi Cloud v0.39.0
published on Tuesday, Apr 28, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-pulumiservice

This provider is currently in preview.

Viewing docs for Pulumi Cloud v0.39.0
published on Tuesday, Apr 28, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-pulumiservice

Create OrganizationRole Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new OrganizationRole(name: string, args: OrganizationRoleArgs, opts?: CustomResourceOptions);

@overload
def OrganizationRole(resource_name: str,
                     args: OrganizationRoleArgs,
                     opts: Optional[ResourceOptions] = None)

@overload
def OrganizationRole(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     name: Optional[str] = None,
                     organization_name: Optional[str] = None,
                     permissions: Optional[Mapping[str, Any]] = None,
                     description: Optional[str] = None,
                     resource_type: Optional[str] = None)

func NewOrganizationRole(ctx *Context, name string, args OrganizationRoleArgs, opts ...ResourceOption) (*OrganizationRole, error)

public OrganizationRole(string name, OrganizationRoleArgs args, CustomResourceOptions? opts = null)

public OrganizationRole(String name, OrganizationRoleArgs args)
public OrganizationRole(String name, OrganizationRoleArgs args, CustomResourceOptions options)

type: pulumiservice:OrganizationRole
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args OrganizationRoleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args OrganizationRoleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args OrganizationRoleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args OrganizationRoleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args OrganizationRoleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var organizationRoleResource = new PulumiService.OrganizationRole("organizationRoleResource", new()
{
    Name = "string",
    OrganizationName = "string",
    Permissions = 
    {
        { "string", "any" },
    },
    Description = "string",
    ResourceType = "string",
});

example, err := pulumiservice.NewOrganizationRole(ctx, "organizationRoleResource", &pulumiservice.OrganizationRoleArgs{
	Name:             pulumi.String("string"),
	OrganizationName: pulumi.String("string"),
	Permissions: pulumi.Map{
		"string": pulumi.Any("any"),
	},
	Description:  pulumi.String("string"),
	ResourceType: pulumi.String("string"),
})

var organizationRoleResource = new OrganizationRole("organizationRoleResource", OrganizationRoleArgs.builder()
    .name("string")
    .organizationName("string")
    .permissions(Map.of("string", "any"))
    .description("string")
    .resourceType("string")
    .build());

organization_role_resource = pulumiservice.OrganizationRole("organizationRoleResource",
    name="string",
    organization_name="string",
    permissions={
        "string": "any",
    },
    description="string",
    resource_type="string")

const organizationRoleResource = new pulumiservice.OrganizationRole("organizationRoleResource", {
    name: "string",
    organizationName: "string",
    permissions: {
        string: "any",
    },
    description: "string",
    resourceType: "string",
});

type: pulumiservice:OrganizationRole
properties:
    description: string
    name: string
    organizationName: string
    permissions:
        string: any
    resourceType: string

OrganizationRole Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The OrganizationRole resource accepts the following input properties:

Name string: The role's display name. Must be unique within the organization.
OrganizationName string: The Pulumi Cloud organization name.
Permissions Dictionary<string, object>: The role's permission descriptor tree. Two kinds: {kind: "allow", permissions: ["<scope>", ...]} to grant scopes, or {kind: "group", entries: [...]} to compose multiple grants. Either may carry an optional on: modifier — a single-key map {environment: <uuid>} / {stack: <id>} / {insightsAccount: <id>} — to scope the descriptor to one entity. For per-entity scoping, prefer the buildEnvironmentScopedPermissions, buildStackScopedPermissions, and buildInsightsAccountScopedPermissions helpers, which build the on:-modified Allow for you.
Description string: Human-readable description of what the role grants.
ResourceType string: The resource type the role's permissions apply to. Defaults to global (the org-wide role that can be assigned to members and teams). Other valid values: stack, environment, insights-account.

Name string: The role's display name. Must be unique within the organization.
OrganizationName string: The Pulumi Cloud organization name.
Permissions map[string]interface{}: The role's permission descriptor tree. Two kinds: {kind: "allow", permissions: ["<scope>", ...]} to grant scopes, or {kind: "group", entries: [...]} to compose multiple grants. Either may carry an optional on: modifier — a single-key map {environment: <uuid>} / {stack: <id>} / {insightsAccount: <id>} — to scope the descriptor to one entity. For per-entity scoping, prefer the buildEnvironmentScopedPermissions, buildStackScopedPermissions, and buildInsightsAccountScopedPermissions helpers, which build the on:-modified Allow for you.
Description string: Human-readable description of what the role grants.
ResourceType string: The resource type the role's permissions apply to. Defaults to global (the org-wide role that can be assigned to members and teams). Other valid values: stack, environment, insights-account.

name String: The role's display name. Must be unique within the organization.
organizationName String: The Pulumi Cloud organization name.
permissions Map<String,Object>: The role's permission descriptor tree. Two kinds: {kind: "allow", permissions: ["<scope>", ...]} to grant scopes, or {kind: "group", entries: [...]} to compose multiple grants. Either may carry an optional on: modifier — a single-key map {environment: <uuid>} / {stack: <id>} / {insightsAccount: <id>} — to scope the descriptor to one entity. For per-entity scoping, prefer the buildEnvironmentScopedPermissions, buildStackScopedPermissions, and buildInsightsAccountScopedPermissions helpers, which build the on:-modified Allow for you.
description String: Human-readable description of what the role grants.
resourceType String: The resource type the role's permissions apply to. Defaults to global (the org-wide role that can be assigned to members and teams). Other valid values: stack, environment, insights-account.

name string: The role's display name. Must be unique within the organization.
organizationName string: The Pulumi Cloud organization name.
permissions {[key: string]: any}: The role's permission descriptor tree. Two kinds: {kind: "allow", permissions: ["<scope>", ...]} to grant scopes, or {kind: "group", entries: [...]} to compose multiple grants. Either may carry an optional on: modifier — a single-key map {environment: <uuid>} / {stack: <id>} / {insightsAccount: <id>} — to scope the descriptor to one entity. For per-entity scoping, prefer the buildEnvironmentScopedPermissions, buildStackScopedPermissions, and buildInsightsAccountScopedPermissions helpers, which build the on:-modified Allow for you.
description string: Human-readable description of what the role grants.
resourceType string: The resource type the role's permissions apply to. Defaults to global (the org-wide role that can be assigned to members and teams). Other valid values: stack, environment, insights-account.

name str: The role's display name. Must be unique within the organization.
organization_name str: The Pulumi Cloud organization name.
permissions Mapping[str, Any]: The role's permission descriptor tree. Two kinds: {kind: "allow", permissions: ["<scope>", ...]} to grant scopes, or {kind: "group", entries: [...]} to compose multiple grants. Either may carry an optional on: modifier — a single-key map {environment: <uuid>} / {stack: <id>} / {insightsAccount: <id>} — to scope the descriptor to one entity. For per-entity scoping, prefer the buildEnvironmentScopedPermissions, buildStackScopedPermissions, and buildInsightsAccountScopedPermissions helpers, which build the on:-modified Allow for you.
description str: Human-readable description of what the role grants.
resource_type str: The resource type the role's permissions apply to. Defaults to global (the org-wide role that can be assigned to members and teams). Other valid values: stack, environment, insights-account.

name String: The role's display name. Must be unique within the organization.
organizationName String: The Pulumi Cloud organization name.
permissions Map<Any>: The role's permission descriptor tree. Two kinds: {kind: "allow", permissions: ["<scope>", ...]} to grant scopes, or {kind: "group", entries: [...]} to compose multiple grants. Either may carry an optional on: modifier — a single-key map {environment: <uuid>} / {stack: <id>} / {insightsAccount: <id>} — to scope the descriptor to one entity. For per-entity scoping, prefer the buildEnvironmentScopedPermissions, buildStackScopedPermissions, and buildInsightsAccountScopedPermissions helpers, which build the on:-modified Allow for you.
description String: Human-readable description of what the role grants.
resourceType String: The resource type the role's permissions apply to. Defaults to global (the org-wide role that can be assigned to members and teams). Other valid values: stack, environment, insights-account.

Outputs

All input properties are implicitly available as output properties. Additionally, the OrganizationRole resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
RoleId string: The unique identifier of the custom role.
Version int: The service-maintained version number that increments on every update.

Id string: The provider-assigned unique ID for this managed resource.
RoleId string: The unique identifier of the custom role.
Version int: The service-maintained version number that increments on every update.

id String: The provider-assigned unique ID for this managed resource.
roleId String: The unique identifier of the custom role.
version Integer: The service-maintained version number that increments on every update.

id string: The provider-assigned unique ID for this managed resource.
roleId string: The unique identifier of the custom role.
version number: The service-maintained version number that increments on every update.

id str: The provider-assigned unique ID for this managed resource.
role_id str: The unique identifier of the custom role.
version int: The service-maintained version number that increments on every update.

id String: The provider-assigned unique ID for this managed resource.
roleId String: The unique identifier of the custom role.
version Number: The service-maintained version number that increments on every update.