Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler
published on Friday, Mar 13, 2026 by Zscaler
Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler
published on Friday, Mar 13, 2026 by Zscaler
The zia_admin_roles resource manages administrator roles in the Zscaler Internet Access (ZIA) cloud service. Admin roles define the permissions and access levels for administrator users.
For more information, see the ZIA Admin Role Management documentation.
Example Usage
Basic Admin Role
Example coming soon!
Example coming soon!
Example coming soon!
import * as zia from "@bdzscaler/pulumi-zia";
const example = new zia.AdminRoles("example", {
name: "Example Role",
rank: 7,
policyAccess: "READ_WRITE",
dashboardAccess: "READ_ONLY",
reportAccess: "READ_ONLY",
alertingAccess: "READ_ONLY",
usernameAccess: "READ_ONLY",
});
import zscaler_pulumi_zia as zia
example = zia.AdminRoles("example",
name="Example Role",
rank=7,
policy_access="READ_WRITE",
dashboard_access="READ_ONLY",
report_access="READ_ONLY",
alerting_access="READ_ONLY",
username_access="READ_ONLY",
)
resources:
example:
type: zia:AdminRoles
properties:
name: Example Role
rank: 7
policyAccess: READ_WRITE
dashboardAccess: READ_ONLY
reportAccess: READ_ONLY
alertingAccess: READ_ONLY
usernameAccess: READ_ONLY
Create AdminRoles Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AdminRoles(name: string, args?: AdminRolesArgs, opts?: CustomResourceOptions);@overload
def AdminRoles(resource_name: str,
args: Optional[AdminRolesArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def AdminRoles(resource_name: str,
opts: Optional[ResourceOptions] = None,
admin_acct_access: Optional[str] = None,
alerting_access: Optional[str] = None,
analysis_access: Optional[str] = None,
dashboard_access: Optional[str] = None,
device_info_access: Optional[str] = None,
ext_feature_permissions: Optional[Mapping[str, str]] = None,
feature_permissions: Optional[Mapping[str, str]] = None,
is_auditor: Optional[bool] = None,
is_non_editable: Optional[bool] = None,
logs_limit: Optional[str] = None,
name: Optional[str] = None,
permissions: Optional[Sequence[str]] = None,
policy_access: Optional[str] = None,
rank: Optional[int] = None,
report_access: Optional[str] = None,
report_time_duration: Optional[int] = None,
role_type: Optional[str] = None,
username_access: Optional[str] = None)func NewAdminRoles(ctx *Context, name string, args *AdminRolesArgs, opts ...ResourceOption) (*AdminRoles, error)public AdminRoles(string name, AdminRolesArgs? args = null, CustomResourceOptions? opts = null)
public AdminRoles(String name, AdminRolesArgs args)
public AdminRoles(String name, AdminRolesArgs args, CustomResourceOptions options)
type: zia:AdminRoles
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AdminRolesArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AdminRolesArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AdminRolesArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AdminRolesArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AdminRolesArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var adminRolesResource = new Zia.AdminRoles("adminRolesResource", new()
{
AdminAcctAccess = "string",
AlertingAccess = "string",
AnalysisAccess = "string",
DashboardAccess = "string",
DeviceInfoAccess = "string",
ExtFeaturePermissions =
{
{ "string", "string" },
},
FeaturePermissions =
{
{ "string", "string" },
},
IsAuditor = false,
IsNonEditable = false,
LogsLimit = "string",
Name = "string",
Permissions = new[]
{
"string",
},
PolicyAccess = "string",
Rank = 0,
ReportAccess = "string",
ReportTimeDuration = 0,
RoleType = "string",
UsernameAccess = "string",
});
example, err := zia.NewAdminRoles(ctx, "adminRolesResource", &zia.AdminRolesArgs{
AdminAcctAccess: pulumi.String("string"),
AlertingAccess: pulumi.String("string"),
AnalysisAccess: pulumi.String("string"),
DashboardAccess: pulumi.String("string"),
DeviceInfoAccess: pulumi.String("string"),
ExtFeaturePermissions: pulumi.StringMap{
"string": pulumi.String("string"),
},
FeaturePermissions: pulumi.StringMap{
"string": pulumi.String("string"),
},
IsAuditor: pulumi.Bool(false),
IsNonEditable: pulumi.Bool(false),
LogsLimit: pulumi.String("string"),
Name: pulumi.String("string"),
Permissions: pulumi.StringArray{
pulumi.String("string"),
},
PolicyAccess: pulumi.String("string"),
Rank: pulumi.Int(0),
ReportAccess: pulumi.String("string"),
ReportTimeDuration: pulumi.Int(0),
RoleType: pulumi.String("string"),
UsernameAccess: pulumi.String("string"),
})
var adminRolesResource = new AdminRoles("adminRolesResource", AdminRolesArgs.builder()
.adminAcctAccess("string")
.alertingAccess("string")
.analysisAccess("string")
.dashboardAccess("string")
.deviceInfoAccess("string")
.extFeaturePermissions(Map.of("string", "string"))
.featurePermissions(Map.of("string", "string"))
.isAuditor(false)
.isNonEditable(false)
.logsLimit("string")
.name("string")
.permissions("string")
.policyAccess("string")
.rank(0)
.reportAccess("string")
.reportTimeDuration(0)
.roleType("string")
.usernameAccess("string")
.build());
admin_roles_resource = zia.AdminRoles("adminRolesResource",
admin_acct_access="string",
alerting_access="string",
analysis_access="string",
dashboard_access="string",
device_info_access="string",
ext_feature_permissions={
"string": "string",
},
feature_permissions={
"string": "string",
},
is_auditor=False,
is_non_editable=False,
logs_limit="string",
name="string",
permissions=["string"],
policy_access="string",
rank=0,
report_access="string",
report_time_duration=0,
role_type="string",
username_access="string")
const adminRolesResource = new zia.AdminRoles("adminRolesResource", {
adminAcctAccess: "string",
alertingAccess: "string",
analysisAccess: "string",
dashboardAccess: "string",
deviceInfoAccess: "string",
extFeaturePermissions: {
string: "string",
},
featurePermissions: {
string: "string",
},
isAuditor: false,
isNonEditable: false,
logsLimit: "string",
name: "string",
permissions: ["string"],
policyAccess: "string",
rank: 0,
reportAccess: "string",
reportTimeDuration: 0,
roleType: "string",
usernameAccess: "string",
});
type: zia:AdminRoles
properties:
adminAcctAccess: string
alertingAccess: string
analysisAccess: string
dashboardAccess: string
deviceInfoAccess: string
extFeaturePermissions:
string: string
featurePermissions:
string: string
isAuditor: false
isNonEditable: false
logsLimit: string
name: string
permissions:
- string
policyAccess: string
rank: 0
reportAccess: string
reportTimeDuration: 0
roleType: string
usernameAccess: string
AdminRoles Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AdminRoles resource accepts the following input properties:
- Admin
Acct stringAccess - Admin and role management access permission. Valid values:
NONE,READ_ONLY,READ_WRITE. - Alerting
Access string - Alerting access permission. Valid values:
NONE,READ_ONLY,READ_WRITE. - Analysis
Access string - Insights logs access permission. Valid values:
NONE,READ_ONLY,READ_WRITE. - Dashboard
Access string - Dashboard access permission. Valid values:
NONE,READ_ONLY. - Device
Info stringAccess - Device info access permission. Valid values:
NONE,READ_ONLY. - Ext
Feature Dictionary<string, string>Permissions - Map of extended feature permissions to their access levels.
- Feature
Permissions Dictionary<string, string> - Map of feature permissions to their access levels.
- Is
Auditor bool - Indicates whether this is an auditor role.
- Is
Non boolEditable - Indicates whether the role is non-editable (built-in system role).
- Logs
Limit string - Log range limit. Valid values:
UNRESTRICTED,LAST_1_HR,LAST_2_HRS,LAST_6_HRS,LAST_24_HRS,LAST_1_MONTH. - Name string
- The name of the admin role.
- Permissions List<string>
- List of functional areas to which this role has access (e.g.,
POLICY,DASHBOARD). - Policy
Access string - Policy access permission. Valid values:
NONE,READ_ONLY,READ_WRITE. - Rank int
- Admin rank of the role. Default: 7. Valid values: 0-7.
- Report
Access string - Report access permission. Valid values:
NONE,READ_ONLY. - Report
Time intDuration - Report time duration in days.
- Role
Type string - The admin role type. Valid values:
EXEC_INSIGHT_AND_ORG_ADMIN,ORG_ADMIN. - Username
Access string - Username access permission. Valid values:
NONE,READ_ONLY.
- Admin
Acct stringAccess - Admin and role management access permission. Valid values:
NONE,READ_ONLY,READ_WRITE. - Alerting
Access string - Alerting access permission. Valid values:
NONE,READ_ONLY,READ_WRITE. - Analysis
Access string - Insights logs access permission. Valid values:
NONE,READ_ONLY,READ_WRITE. - Dashboard
Access string - Dashboard access permission. Valid values:
NONE,READ_ONLY. - Device
Info stringAccess - Device info access permission. Valid values:
NONE,READ_ONLY. - Ext
Feature map[string]stringPermissions - Map of extended feature permissions to their access levels.
- Feature
Permissions map[string]string - Map of feature permissions to their access levels.
- Is
Auditor bool - Indicates whether this is an auditor role.
- Is
Non boolEditable - Indicates whether the role is non-editable (built-in system role).
- Logs
Limit string - Log range limit. Valid values:
UNRESTRICTED,LAST_1_HR,LAST_2_HRS,LAST_6_HRS,LAST_24_HRS,LAST_1_MONTH. - Name string
- The name of the admin role.
- Permissions []string
- List of functional areas to which this role has access (e.g.,
POLICY,DASHBOARD). - Policy
Access string - Policy access permission. Valid values:
NONE,READ_ONLY,READ_WRITE. - Rank int
- Admin rank of the role. Default: 7. Valid values: 0-7.
- Report
Access string - Report access permission. Valid values:
NONE,READ_ONLY. - Report
Time intDuration - Report time duration in days.
- Role
Type string - The admin role type. Valid values:
EXEC_INSIGHT_AND_ORG_ADMIN,ORG_ADMIN. - Username
Access string - Username access permission. Valid values:
NONE,READ_ONLY.
- admin
Acct StringAccess - Admin and role management access permission. Valid values:
NONE,READ_ONLY,READ_WRITE. - alerting
Access String - Alerting access permission. Valid values:
NONE,READ_ONLY,READ_WRITE. - analysis
Access String - Insights logs access permission. Valid values:
NONE,READ_ONLY,READ_WRITE. - dashboard
Access String - Dashboard access permission. Valid values:
NONE,READ_ONLY. - device
Info StringAccess - Device info access permission. Valid values:
NONE,READ_ONLY. - ext
Feature Map<String,String>Permissions - Map of extended feature permissions to their access levels.
- feature
Permissions Map<String,String> - Map of feature permissions to their access levels.
- is
Auditor Boolean - Indicates whether this is an auditor role.
- is
Non BooleanEditable - Indicates whether the role is non-editable (built-in system role).
- logs
Limit String - Log range limit. Valid values:
UNRESTRICTED,LAST_1_HR,LAST_2_HRS,LAST_6_HRS,LAST_24_HRS,LAST_1_MONTH. - name String
- The name of the admin role.
- permissions List<String>
- List of functional areas to which this role has access (e.g.,
POLICY,DASHBOARD). - policy
Access String - Policy access permission. Valid values:
NONE,READ_ONLY,READ_WRITE. - rank Integer
- Admin rank of the role. Default: 7. Valid values: 0-7.
- report
Access String - Report access permission. Valid values:
NONE,READ_ONLY. - report
Time IntegerDuration - Report time duration in days.
- role
Type String - The admin role type. Valid values:
EXEC_INSIGHT_AND_ORG_ADMIN,ORG_ADMIN. - username
Access String - Username access permission. Valid values:
NONE,READ_ONLY.
- admin
Acct stringAccess - Admin and role management access permission. Valid values:
NONE,READ_ONLY,READ_WRITE. - alerting
Access string - Alerting access permission. Valid values:
NONE,READ_ONLY,READ_WRITE. - analysis
Access string - Insights logs access permission. Valid values:
NONE,READ_ONLY,READ_WRITE. - dashboard
Access string - Dashboard access permission. Valid values:
NONE,READ_ONLY. - device
Info stringAccess - Device info access permission. Valid values:
NONE,READ_ONLY. - ext
Feature {[key: string]: string}Permissions - Map of extended feature permissions to their access levels.
- feature
Permissions {[key: string]: string} - Map of feature permissions to their access levels.
- is
Auditor boolean - Indicates whether this is an auditor role.
- is
Non booleanEditable - Indicates whether the role is non-editable (built-in system role).
- logs
Limit string - Log range limit. Valid values:
UNRESTRICTED,LAST_1_HR,LAST_2_HRS,LAST_6_HRS,LAST_24_HRS,LAST_1_MONTH. - name string
- The name of the admin role.
- permissions string[]
- List of functional areas to which this role has access (e.g.,
POLICY,DASHBOARD). - policy
Access string - Policy access permission. Valid values:
NONE,READ_ONLY,READ_WRITE. - rank number
- Admin rank of the role. Default: 7. Valid values: 0-7.
- report
Access string - Report access permission. Valid values:
NONE,READ_ONLY. - report
Time numberDuration - Report time duration in days.
- role
Type string - The admin role type. Valid values:
EXEC_INSIGHT_AND_ORG_ADMIN,ORG_ADMIN. - username
Access string - Username access permission. Valid values:
NONE,READ_ONLY.
- admin_
acct_ straccess - Admin and role management access permission. Valid values:
NONE,READ_ONLY,READ_WRITE. - alerting_
access str - Alerting access permission. Valid values:
NONE,READ_ONLY,READ_WRITE. - analysis_
access str - Insights logs access permission. Valid values:
NONE,READ_ONLY,READ_WRITE. - dashboard_
access str - Dashboard access permission. Valid values:
NONE,READ_ONLY. - device_
info_ straccess - Device info access permission. Valid values:
NONE,READ_ONLY. - ext_
feature_ Mapping[str, str]permissions - Map of extended feature permissions to their access levels.
- feature_
permissions Mapping[str, str] - Map of feature permissions to their access levels.
- is_
auditor bool - Indicates whether this is an auditor role.
- is_
non_ booleditable - Indicates whether the role is non-editable (built-in system role).
- logs_
limit str - Log range limit. Valid values:
UNRESTRICTED,LAST_1_HR,LAST_2_HRS,LAST_6_HRS,LAST_24_HRS,LAST_1_MONTH. - name str
- The name of the admin role.
- permissions Sequence[str]
- List of functional areas to which this role has access (e.g.,
POLICY,DASHBOARD). - policy_
access str - Policy access permission. Valid values:
NONE,READ_ONLY,READ_WRITE. - rank int
- Admin rank of the role. Default: 7. Valid values: 0-7.
- report_
access str - Report access permission. Valid values:
NONE,READ_ONLY. - report_
time_ intduration - Report time duration in days.
- role_
type str - The admin role type. Valid values:
EXEC_INSIGHT_AND_ORG_ADMIN,ORG_ADMIN. - username_
access str - Username access permission. Valid values:
NONE,READ_ONLY.
- admin
Acct StringAccess - Admin and role management access permission. Valid values:
NONE,READ_ONLY,READ_WRITE. - alerting
Access String - Alerting access permission. Valid values:
NONE,READ_ONLY,READ_WRITE. - analysis
Access String - Insights logs access permission. Valid values:
NONE,READ_ONLY,READ_WRITE. - dashboard
Access String - Dashboard access permission. Valid values:
NONE,READ_ONLY. - device
Info StringAccess - Device info access permission. Valid values:
NONE,READ_ONLY. - ext
Feature Map<String>Permissions - Map of extended feature permissions to their access levels.
- feature
Permissions Map<String> - Map of feature permissions to their access levels.
- is
Auditor Boolean - Indicates whether this is an auditor role.
- is
Non BooleanEditable - Indicates whether the role is non-editable (built-in system role).
- logs
Limit String - Log range limit. Valid values:
UNRESTRICTED,LAST_1_HR,LAST_2_HRS,LAST_6_HRS,LAST_24_HRS,LAST_1_MONTH. - name String
- The name of the admin role.
- permissions List<String>
- List of functional areas to which this role has access (e.g.,
POLICY,DASHBOARD). - policy
Access String - Policy access permission. Valid values:
NONE,READ_ONLY,READ_WRITE. - rank Number
- Admin rank of the role. Default: 7. Valid values: 0-7.
- report
Access String - Report access permission. Valid values:
NONE,READ_ONLY. - report
Time NumberDuration - Report time duration in days.
- role
Type String - The admin role type. Valid values:
EXEC_INSIGHT_AND_ORG_ADMIN,ORG_ADMIN. - username
Access String - Username access permission. Valid values:
NONE,READ_ONLY.
Outputs
All input properties are implicitly available as output properties. Additionally, the AdminRoles resource produces the following output properties:
Import
An existing admin role can be imported using its resource ID, e.g.
$ pulumi import zia:index:AdminRoles example 12345
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- zia zscaler/pulumi-zia
- License
Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler
published on Friday, Mar 13, 2026 by Zscaler
