Zscaler Private Access v1.0.2 published on Friday, Jun 20, 2025 by Zscaler
zpa.PolicyAccessRule
The zpa_policy_access_rule resource creates and manages policy access rule in the Zscaler Private Access cloud.
⚠️ WARNING:: The attribute rule_order is now deprecated in favor of the new resource policy_access_rule_reorder
Example Usage
Example coming soon!
Example coming soon!
Example coming soon!
Example coming soon!
Example coming soon!
resources:
#Create Policy Access Rule
this:
type: zpa:PolicyAccessRule
properties:
description: Example
action: ALLOW
operator: AND
conditions:
- operator: OR
operands:
- objectType: APP
lhs: id
rhs: ${zpa_application_segment.this.id}
- operator: OR
operands:
- objectType: SCIM_GROUP
lhs: ${idpName.id}
rhs: ${engineering.id}
- operator: OR
operands:
- objectType: CHROME_ENTERPRISE
entryValues:
- lhs: managed
rhs: 'true'
- lhs: managed
rhs: 'false'
variables:
idpName:
fn::invoke:
function: zpa:getIdPController
arguments:
name: IdP_Name
engineering:
fn::invoke:
function: zpa:getSCIMGroups
arguments:
name: Engineering
idpName: IdP_Name
LHS and RHS Values
| Object Type | LHS | RHS |
|---|---|---|
| APP | "id" | application_segment_id |
| APP_GROUP | "id" | segment_group_id |
| CLIENT_TYPE | "id" | zpn_client_type_zappl, zpn_client_type_exporter, zpn_client_type_browser_isolation, zpn_client_type_ip_anchoring, zpn_client_type_edge_connector, zpn_client_type_branch_connector, zpn_client_type_zapp_partner, zpn_client_type_zapp |
| EDGE_CONNECTOR_GROUP | "id" | <edge_connector_id> |
| IDP | "id" | identity_provider_id |
| SAML | saml_attribute_id | attribute_value_to_match |
| SCIM | scim_attribute_id | attribute_value_to_match |
| SCIM_GROUP | scim_group_attribute_id | attribute_value_to_match |
| PLATFORM | mac, ios, windows, android, linux | "true" / "false" |
| MACHINE_GRP | "id" | machine_group_id |
| POSTURE | posture_udid | "true" / "false" |
| TRUSTED_NETWORK | network_id | "true" |
| COUNTRY_CODE | 2 Letter ISO3166 Alpha2 | "true" / "false" |
| RISK_FACTOR_TYPE | ZIA | "UNKNOWN", "LOW", "MEDIUM", "HIGH", "CRITICAL" |
| CHROME_ENTERPRISE | managed | "true" / "false" |
Create PolicyAccessRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PolicyAccessRule(name: string, args?: PolicyAccessRuleArgs, opts?: CustomResourceOptions);@overload
def PolicyAccessRule(resource_name: str,
args: Optional[PolicyAccessRuleArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def PolicyAccessRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
action_id: Optional[str] = None,
app_connector_groups: Optional[Sequence[PolicyAccessRuleAppConnectorGroupArgs]] = None,
app_server_groups: Optional[Sequence[PolicyAccessRuleAppServerGroupArgs]] = None,
bypass_default_rule: Optional[bool] = None,
conditions: Optional[Sequence[PolicyAccessRuleConditionArgs]] = None,
custom_msg: Optional[str] = None,
default_rule: Optional[bool] = None,
description: Optional[str] = None,
lss_default_rule: Optional[bool] = None,
microtenant_id: Optional[str] = None,
name: Optional[str] = None,
operator: Optional[str] = None,
policy_set_id: Optional[str] = None,
policy_type: Optional[str] = None,
priority: Optional[str] = None,
reauth_default_rule: Optional[bool] = None,
reauth_idle_timeout: Optional[str] = None,
reauth_timeout: Optional[str] = None,
rule_order: Optional[str] = None,
zpn_cbi_profile_id: Optional[str] = None,
zpn_inspection_profile_id: Optional[str] = None,
zpn_isolation_profile_id: Optional[str] = None)func NewPolicyAccessRule(ctx *Context, name string, args *PolicyAccessRuleArgs, opts ...ResourceOption) (*PolicyAccessRule, error)public PolicyAccessRule(string name, PolicyAccessRuleArgs? args = null, CustomResourceOptions? opts = null)
public PolicyAccessRule(String name, PolicyAccessRuleArgs args)
public PolicyAccessRule(String name, PolicyAccessRuleArgs args, CustomResourceOptions options)
type: zpa:PolicyAccessRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PolicyAccessRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyAccessRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyAccessRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyAccessRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyAccessRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var policyAccessRuleResource = new Zpa.PolicyAccessRule("policyAccessRuleResource", new()
{
Action = "string",
ActionId = "string",
AppConnectorGroups = new[]
{
new Zpa.Inputs.PolicyAccessRuleAppConnectorGroupArgs
{
Ids = new[]
{
"string",
},
},
},
AppServerGroups = new[]
{
new Zpa.Inputs.PolicyAccessRuleAppServerGroupArgs
{
Ids = new[]
{
"string",
},
},
},
BypassDefaultRule = false,
Conditions = new[]
{
new Zpa.Inputs.PolicyAccessRuleConditionArgs
{
Operator = "string",
Id = "string",
MicrotenantId = "string",
Operands = new[]
{
new Zpa.Inputs.PolicyAccessRuleConditionOperandArgs
{
Lhs = "string",
ObjectType = "string",
Id = "string",
IdpId = "string",
MicrotenantId = "string",
Name = "string",
Rhs = "string",
RhsLists = new[]
{
"string",
},
},
},
},
},
CustomMsg = "string",
DefaultRule = false,
Description = "string",
LssDefaultRule = false,
MicrotenantId = "string",
Name = "string",
Operator = "string",
PolicySetId = "string",
PolicyType = "string",
Priority = "string",
ReauthDefaultRule = false,
ReauthIdleTimeout = "string",
ReauthTimeout = "string",
ZpnCbiProfileId = "string",
ZpnInspectionProfileId = "string",
ZpnIsolationProfileId = "string",
});
example, err := zpa.NewPolicyAccessRule(ctx, "policyAccessRuleResource", &zpa.PolicyAccessRuleArgs{
Action: pulumi.String("string"),
ActionId: pulumi.String("string"),
AppConnectorGroups: zpa.PolicyAccessRuleAppConnectorGroupArray{
&zpa.PolicyAccessRuleAppConnectorGroupArgs{
Ids: pulumi.StringArray{
pulumi.String("string"),
},
},
},
AppServerGroups: zpa.PolicyAccessRuleAppServerGroupArray{
&zpa.PolicyAccessRuleAppServerGroupArgs{
Ids: pulumi.StringArray{
pulumi.String("string"),
},
},
},
BypassDefaultRule: pulumi.Bool(false),
Conditions: zpa.PolicyAccessRuleConditionArray{
&zpa.PolicyAccessRuleConditionArgs{
Operator: pulumi.String("string"),
Id: pulumi.String("string"),
MicrotenantId: pulumi.String("string"),
Operands: zpa.PolicyAccessRuleConditionOperandArray{
&zpa.PolicyAccessRuleConditionOperandArgs{
Lhs: pulumi.String("string"),
ObjectType: pulumi.String("string"),
Id: pulumi.String("string"),
IdpId: pulumi.String("string"),
MicrotenantId: pulumi.String("string"),
Name: pulumi.String("string"),
Rhs: pulumi.String("string"),
RhsLists: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
},
CustomMsg: pulumi.String("string"),
DefaultRule: pulumi.Bool(false),
Description: pulumi.String("string"),
LssDefaultRule: pulumi.Bool(false),
MicrotenantId: pulumi.String("string"),
Name: pulumi.String("string"),
Operator: pulumi.String("string"),
PolicySetId: pulumi.String("string"),
PolicyType: pulumi.String("string"),
Priority: pulumi.String("string"),
ReauthDefaultRule: pulumi.Bool(false),
ReauthIdleTimeout: pulumi.String("string"),
ReauthTimeout: pulumi.String("string"),
ZpnCbiProfileId: pulumi.String("string"),
ZpnInspectionProfileId: pulumi.String("string"),
ZpnIsolationProfileId: pulumi.String("string"),
})
var policyAccessRuleResource = new PolicyAccessRule("policyAccessRuleResource", PolicyAccessRuleArgs.builder()
.action("string")
.actionId("string")
.appConnectorGroups(PolicyAccessRuleAppConnectorGroupArgs.builder()
.ids("string")
.build())
.appServerGroups(PolicyAccessRuleAppServerGroupArgs.builder()
.ids("string")
.build())
.bypassDefaultRule(false)
.conditions(PolicyAccessRuleConditionArgs.builder()
.operator("string")
.id("string")
.microtenantId("string")
.operands(PolicyAccessRuleConditionOperandArgs.builder()
.lhs("string")
.objectType("string")
.id("string")
.idpId("string")
.microtenantId("string")
.name("string")
.rhs("string")
.rhsLists("string")
.build())
.build())
.customMsg("string")
.defaultRule(false)
.description("string")
.lssDefaultRule(false)
.microtenantId("string")
.name("string")
.operator("string")
.policySetId("string")
.policyType("string")
.priority("string")
.reauthDefaultRule(false)
.reauthIdleTimeout("string")
.reauthTimeout("string")
.zpnCbiProfileId("string")
.zpnInspectionProfileId("string")
.zpnIsolationProfileId("string")
.build());
policy_access_rule_resource = zpa.PolicyAccessRule("policyAccessRuleResource",
action="string",
action_id="string",
app_connector_groups=[{
"ids": ["string"],
}],
app_server_groups=[{
"ids": ["string"],
}],
bypass_default_rule=False,
conditions=[{
"operator": "string",
"id": "string",
"microtenant_id": "string",
"operands": [{
"lhs": "string",
"object_type": "string",
"id": "string",
"idp_id": "string",
"microtenant_id": "string",
"name": "string",
"rhs": "string",
"rhs_lists": ["string"],
}],
}],
custom_msg="string",
default_rule=False,
description="string",
lss_default_rule=False,
microtenant_id="string",
name="string",
operator="string",
policy_set_id="string",
policy_type="string",
priority="string",
reauth_default_rule=False,
reauth_idle_timeout="string",
reauth_timeout="string",
zpn_cbi_profile_id="string",
zpn_inspection_profile_id="string",
zpn_isolation_profile_id="string")
const policyAccessRuleResource = new zpa.PolicyAccessRule("policyAccessRuleResource", {
action: "string",
actionId: "string",
appConnectorGroups: [{
ids: ["string"],
}],
appServerGroups: [{
ids: ["string"],
}],
bypassDefaultRule: false,
conditions: [{
operator: "string",
id: "string",
microtenantId: "string",
operands: [{
lhs: "string",
objectType: "string",
id: "string",
idpId: "string",
microtenantId: "string",
name: "string",
rhs: "string",
rhsLists: ["string"],
}],
}],
customMsg: "string",
defaultRule: false,
description: "string",
lssDefaultRule: false,
microtenantId: "string",
name: "string",
operator: "string",
policySetId: "string",
policyType: "string",
priority: "string",
reauthDefaultRule: false,
reauthIdleTimeout: "string",
reauthTimeout: "string",
zpnCbiProfileId: "string",
zpnInspectionProfileId: "string",
zpnIsolationProfileId: "string",
});
type: zpa:PolicyAccessRule
properties:
action: string
actionId: string
appConnectorGroups:
- ids:
- string
appServerGroups:
- ids:
- string
bypassDefaultRule: false
conditions:
- id: string
microtenantId: string
operands:
- id: string
idpId: string
lhs: string
microtenantId: string
name: string
objectType: string
rhs: string
rhsLists:
- string
operator: string
customMsg: string
defaultRule: false
description: string
lssDefaultRule: false
microtenantId: string
name: string
operator: string
policySetId: string
policyType: string
priority: string
reauthDefaultRule: false
reauthIdleTimeout: string
reauthTimeout: string
zpnCbiProfileId: string
zpnInspectionProfileId: string
zpnIsolationProfileId: string
PolicyAccessRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The PolicyAccessRule resource accepts the following input properties:
- Action string
- This is for providing the rule action. Supported values:
ALLOW,DENY, andREQUIRE_APPROVAL - Action
Id string - This field defines the description of the server.
- App
Connector List<zscaler.Groups Pulumi Package. Zpa. Inputs. Policy Access Rule App Connector Group> - App
Server List<zscaler.Groups Pulumi Package. Zpa. Inputs. Policy Access Rule App Server Group> - List of the server group IDs.
- Bypass
Default boolRule - Conditions
List<zscaler.
Pulumi Package. Zpa. Inputs. Policy Access Rule Condition> - This is for proviidng the set of conditions for the policy.
- Custom
Msg string - This is for providing a customer message for the user.
- Default
Rule bool - This is for providing a customer message for the user.
- Description string
- This is the description of the access policy rule.
- Lss
Default boolRule - Microtenant
Id string - Name string
- This is the name of the policy rule.
- Operator string
- Supported values:
AND,OR - Policy
Set stringId - (String) Use zpapolicytype data source to retrieve the necessary policy Set ID
policy_set_id
NOTE As of v3.2.0 the
policy_set_idattribute is now optional, and will be automatically determined based on the policy type being configured. The attribute is being kept for backwards compatibility, but can be safely removed from existing configurations.- (String) Use zpapolicytype data source to retrieve the necessary policy Set ID
- Policy
Type string - Priority string
- Reauth
Default boolRule - Reauth
Idle stringTimeout - Reauth
Timeout string - Rule
Order string - Zpn
Cbi stringProfile Id - Zpn
Inspection stringProfile Id - Zpn
Isolation stringProfile Id
- Action string
- This is for providing the rule action. Supported values:
ALLOW,DENY, andREQUIRE_APPROVAL - Action
Id string - This field defines the description of the server.
- App
Connector []PolicyGroups Access Rule App Connector Group Args - App
Server []PolicyGroups Access Rule App Server Group Args - List of the server group IDs.
- Bypass
Default boolRule - Conditions
[]Policy
Access Rule Condition Args - This is for proviidng the set of conditions for the policy.
- Custom
Msg string - This is for providing a customer message for the user.
- Default
Rule bool - This is for providing a customer message for the user.
- Description string
- This is the description of the access policy rule.
- Lss
Default boolRule - Microtenant
Id string - Name string
- This is the name of the policy rule.
- Operator string
- Supported values:
AND,OR - Policy
Set stringId - (String) Use zpapolicytype data source to retrieve the necessary policy Set ID
policy_set_id
NOTE As of v3.2.0 the
policy_set_idattribute is now optional, and will be automatically determined based on the policy type being configured. The attribute is being kept for backwards compatibility, but can be safely removed from existing configurations.- (String) Use zpapolicytype data source to retrieve the necessary policy Set ID
- Policy
Type string - Priority string
- Reauth
Default boolRule - Reauth
Idle stringTimeout - Reauth
Timeout string - Rule
Order string - Zpn
Cbi stringProfile Id - Zpn
Inspection stringProfile Id - Zpn
Isolation stringProfile Id
- action String
- This is for providing the rule action. Supported values:
ALLOW,DENY, andREQUIRE_APPROVAL - action
Id String - This field defines the description of the server.
- app
Connector List<PolicyGroups Access Rule App Connector Group> - app
Server List<PolicyGroups Access Rule App Server Group> - List of the server group IDs.
- bypass
Default BooleanRule - conditions
List<Policy
Access Rule Condition> - This is for proviidng the set of conditions for the policy.
- custom
Msg String - This is for providing a customer message for the user.
- default
Rule Boolean - This is for providing a customer message for the user.
- description String
- This is the description of the access policy rule.
- lss
Default BooleanRule - microtenant
Id String - name String
- This is the name of the policy rule.
- operator String
- Supported values:
AND,OR - policy
Set StringId - (String) Use zpapolicytype data source to retrieve the necessary policy Set ID
policy_set_id
NOTE As of v3.2.0 the
policy_set_idattribute is now optional, and will be automatically determined based on the policy type being configured. The attribute is being kept for backwards compatibility, but can be safely removed from existing configurations.- (String) Use zpapolicytype data source to retrieve the necessary policy Set ID
- policy
Type String - priority String
- reauth
Default BooleanRule - reauth
Idle StringTimeout - reauth
Timeout String - rule
Order String - zpn
Cbi StringProfile Id - zpn
Inspection StringProfile Id - zpn
Isolation StringProfile Id
- action string
- This is for providing the rule action. Supported values:
ALLOW,DENY, andREQUIRE_APPROVAL - action
Id string - This field defines the description of the server.
- app
Connector PolicyGroups Access Rule App Connector Group[] - app
Server PolicyGroups Access Rule App Server Group[] - List of the server group IDs.
- bypass
Default booleanRule - conditions
Policy
Access Rule Condition[] - This is for proviidng the set of conditions for the policy.
- custom
Msg string - This is for providing a customer message for the user.
- default
Rule boolean - This is for providing a customer message for the user.
- description string
- This is the description of the access policy rule.
- lss
Default booleanRule - microtenant
Id string - name string
- This is the name of the policy rule.
- operator string
- Supported values:
AND,OR - policy
Set stringId - (String) Use zpapolicytype data source to retrieve the necessary policy Set ID
policy_set_id
NOTE As of v3.2.0 the
policy_set_idattribute is now optional, and will be automatically determined based on the policy type being configured. The attribute is being kept for backwards compatibility, but can be safely removed from existing configurations.- (String) Use zpapolicytype data source to retrieve the necessary policy Set ID
- policy
Type string - priority string
- reauth
Default booleanRule - reauth
Idle stringTimeout - reauth
Timeout string - rule
Order string - zpn
Cbi stringProfile Id - zpn
Inspection stringProfile Id - zpn
Isolation stringProfile Id
- action str
- This is for providing the rule action. Supported values:
ALLOW,DENY, andREQUIRE_APPROVAL - action_
id str - This field defines the description of the server.
- app_
connector_ Sequence[Policygroups Access Rule App Connector Group Args] - app_
server_ Sequence[Policygroups Access Rule App Server Group Args] - List of the server group IDs.
- bypass_
default_ boolrule - conditions
Sequence[Policy
Access Rule Condition Args] - This is for proviidng the set of conditions for the policy.
- custom_
msg str - This is for providing a customer message for the user.
- default_
rule bool - This is for providing a customer message for the user.
- description str
- This is the description of the access policy rule.
- lss_
default_ boolrule - microtenant_
id str - name str
- This is the name of the policy rule.
- operator str
- Supported values:
AND,OR - policy_
set_ strid - (String) Use zpapolicytype data source to retrieve the necessary policy Set ID
policy_set_id
NOTE As of v3.2.0 the
policy_set_idattribute is now optional, and will be automatically determined based on the policy type being configured. The attribute is being kept for backwards compatibility, but can be safely removed from existing configurations.- (String) Use zpapolicytype data source to retrieve the necessary policy Set ID
- policy_
type str - priority str
- reauth_
default_ boolrule - reauth_
idle_ strtimeout - reauth_
timeout str - rule_
order str - zpn_
cbi_ strprofile_ id - zpn_
inspection_ strprofile_ id - zpn_
isolation_ strprofile_ id
- action String
- This is for providing the rule action. Supported values:
ALLOW,DENY, andREQUIRE_APPROVAL - action
Id String - This field defines the description of the server.
- app
Connector List<Property Map>Groups - app
Server List<Property Map>Groups - List of the server group IDs.
- bypass
Default BooleanRule - conditions List<Property Map>
- This is for proviidng the set of conditions for the policy.
- custom
Msg String - This is for providing a customer message for the user.
- default
Rule Boolean - This is for providing a customer message for the user.
- description String
- This is the description of the access policy rule.
- lss
Default BooleanRule - microtenant
Id String - name String
- This is the name of the policy rule.
- operator String
- Supported values:
AND,OR - policy
Set StringId - (String) Use zpapolicytype data source to retrieve the necessary policy Set ID
policy_set_id
NOTE As of v3.2.0 the
policy_set_idattribute is now optional, and will be automatically determined based on the policy type being configured. The attribute is being kept for backwards compatibility, but can be safely removed from existing configurations.- (String) Use zpapolicytype data source to retrieve the necessary policy Set ID
- policy
Type String - priority String
- reauth
Default BooleanRule - reauth
Idle StringTimeout - reauth
Timeout String - rule
Order String - zpn
Cbi StringProfile Id - zpn
Inspection StringProfile Id - zpn
Isolation StringProfile Id
Outputs
All input properties are implicitly available as output properties. Additionally, the PolicyAccessRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing PolicyAccessRule Resource
Get an existing PolicyAccessRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PolicyAccessRuleState, opts?: CustomResourceOptions): PolicyAccessRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
action_id: Optional[str] = None,
app_connector_groups: Optional[Sequence[PolicyAccessRuleAppConnectorGroupArgs]] = None,
app_server_groups: Optional[Sequence[PolicyAccessRuleAppServerGroupArgs]] = None,
bypass_default_rule: Optional[bool] = None,
conditions: Optional[Sequence[PolicyAccessRuleConditionArgs]] = None,
custom_msg: Optional[str] = None,
default_rule: Optional[bool] = None,
description: Optional[str] = None,
lss_default_rule: Optional[bool] = None,
microtenant_id: Optional[str] = None,
name: Optional[str] = None,
operator: Optional[str] = None,
policy_set_id: Optional[str] = None,
policy_type: Optional[str] = None,
priority: Optional[str] = None,
reauth_default_rule: Optional[bool] = None,
reauth_idle_timeout: Optional[str] = None,
reauth_timeout: Optional[str] = None,
rule_order: Optional[str] = None,
zpn_cbi_profile_id: Optional[str] = None,
zpn_inspection_profile_id: Optional[str] = None,
zpn_isolation_profile_id: Optional[str] = None) -> PolicyAccessRulefunc GetPolicyAccessRule(ctx *Context, name string, id IDInput, state *PolicyAccessRuleState, opts ...ResourceOption) (*PolicyAccessRule, error)public static PolicyAccessRule Get(string name, Input<string> id, PolicyAccessRuleState? state, CustomResourceOptions? opts = null)public static PolicyAccessRule get(String name, Output<String> id, PolicyAccessRuleState state, CustomResourceOptions options)resources: _: type: zpa:PolicyAccessRule get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- This is for providing the rule action. Supported values:
ALLOW,DENY, andREQUIRE_APPROVAL - Action
Id string - This field defines the description of the server.
- App
Connector List<zscaler.Groups Pulumi Package. Zpa. Inputs. Policy Access Rule App Connector Group> - App
Server List<zscaler.Groups Pulumi Package. Zpa. Inputs. Policy Access Rule App Server Group> - List of the server group IDs.
- Bypass
Default boolRule - Conditions
List<zscaler.
Pulumi Package. Zpa. Inputs. Policy Access Rule Condition> - This is for proviidng the set of conditions for the policy.
- Custom
Msg string - This is for providing a customer message for the user.
- Default
Rule bool - This is for providing a customer message for the user.
- Description string
- This is the description of the access policy rule.
- Lss
Default boolRule - Microtenant
Id string - Name string
- This is the name of the policy rule.
- Operator string
- Supported values:
AND,OR - Policy
Set stringId - (String) Use zpapolicytype data source to retrieve the necessary policy Set ID
policy_set_id
NOTE As of v3.2.0 the
policy_set_idattribute is now optional, and will be automatically determined based on the policy type being configured. The attribute is being kept for backwards compatibility, but can be safely removed from existing configurations.- (String) Use zpapolicytype data source to retrieve the necessary policy Set ID
- Policy
Type string - Priority string
- Reauth
Default boolRule - Reauth
Idle stringTimeout - Reauth
Timeout string - Rule
Order string - Zpn
Cbi stringProfile Id - Zpn
Inspection stringProfile Id - Zpn
Isolation stringProfile Id
- Action string
- This is for providing the rule action. Supported values:
ALLOW,DENY, andREQUIRE_APPROVAL - Action
Id string - This field defines the description of the server.
- App
Connector []PolicyGroups Access Rule App Connector Group Args - App
Server []PolicyGroups Access Rule App Server Group Args - List of the server group IDs.
- Bypass
Default boolRule - Conditions
[]Policy
Access Rule Condition Args - This is for proviidng the set of conditions for the policy.
- Custom
Msg string - This is for providing a customer message for the user.
- Default
Rule bool - This is for providing a customer message for the user.
- Description string
- This is the description of the access policy rule.
- Lss
Default boolRule - Microtenant
Id string - Name string
- This is the name of the policy rule.
- Operator string
- Supported values:
AND,OR - Policy
Set stringId - (String) Use zpapolicytype data source to retrieve the necessary policy Set ID
policy_set_id
NOTE As of v3.2.0 the
policy_set_idattribute is now optional, and will be automatically determined based on the policy type being configured. The attribute is being kept for backwards compatibility, but can be safely removed from existing configurations.- (String) Use zpapolicytype data source to retrieve the necessary policy Set ID
- Policy
Type string - Priority string
- Reauth
Default boolRule - Reauth
Idle stringTimeout - Reauth
Timeout string - Rule
Order string - Zpn
Cbi stringProfile Id - Zpn
Inspection stringProfile Id - Zpn
Isolation stringProfile Id
- action String
- This is for providing the rule action. Supported values:
ALLOW,DENY, andREQUIRE_APPROVAL - action
Id String - This field defines the description of the server.
- app
Connector List<PolicyGroups Access Rule App Connector Group> - app
Server List<PolicyGroups Access Rule App Server Group> - List of the server group IDs.
- bypass
Default BooleanRule - conditions
List<Policy
Access Rule Condition> - This is for proviidng the set of conditions for the policy.
- custom
Msg String - This is for providing a customer message for the user.
- default
Rule Boolean - This is for providing a customer message for the user.
- description String
- This is the description of the access policy rule.
- lss
Default BooleanRule - microtenant
Id String - name String
- This is the name of the policy rule.
- operator String
- Supported values:
AND,OR - policy
Set StringId - (String) Use zpapolicytype data source to retrieve the necessary policy Set ID
policy_set_id
NOTE As of v3.2.0 the
policy_set_idattribute is now optional, and will be automatically determined based on the policy type being configured. The attribute is being kept for backwards compatibility, but can be safely removed from existing configurations.- (String) Use zpapolicytype data source to retrieve the necessary policy Set ID
- policy
Type String - priority String
- reauth
Default BooleanRule - reauth
Idle StringTimeout - reauth
Timeout String - rule
Order String - zpn
Cbi StringProfile Id - zpn
Inspection StringProfile Id - zpn
Isolation StringProfile Id
- action string
- This is for providing the rule action. Supported values:
ALLOW,DENY, andREQUIRE_APPROVAL - action
Id string - This field defines the description of the server.
- app
Connector PolicyGroups Access Rule App Connector Group[] - app
Server PolicyGroups Access Rule App Server Group[] - List of the server group IDs.
- bypass
Default booleanRule - conditions
Policy
Access Rule Condition[] - This is for proviidng the set of conditions for the policy.
- custom
Msg string - This is for providing a customer message for the user.
- default
Rule boolean - This is for providing a customer message for the user.
- description string
- This is the description of the access policy rule.
- lss
Default booleanRule - microtenant
Id string - name string
- This is the name of the policy rule.
- operator string
- Supported values:
AND,OR - policy
Set stringId - (String) Use zpapolicytype data source to retrieve the necessary policy Set ID
policy_set_id
NOTE As of v3.2.0 the
policy_set_idattribute is now optional, and will be automatically determined based on the policy type being configured. The attribute is being kept for backwards compatibility, but can be safely removed from existing configurations.- (String) Use zpapolicytype data source to retrieve the necessary policy Set ID
- policy
Type string - priority string
- reauth
Default booleanRule - reauth
Idle stringTimeout - reauth
Timeout string - rule
Order string - zpn
Cbi stringProfile Id - zpn
Inspection stringProfile Id - zpn
Isolation stringProfile Id
- action str
- This is for providing the rule action. Supported values:
ALLOW,DENY, andREQUIRE_APPROVAL - action_
id str - This field defines the description of the server.
- app_
connector_ Sequence[Policygroups Access Rule App Connector Group Args] - app_
server_ Sequence[Policygroups Access Rule App Server Group Args] - List of the server group IDs.
- bypass_
default_ boolrule - conditions
Sequence[Policy
Access Rule Condition Args] - This is for proviidng the set of conditions for the policy.
- custom_
msg str - This is for providing a customer message for the user.
- default_
rule bool - This is for providing a customer message for the user.
- description str
- This is the description of the access policy rule.
- lss_
default_ boolrule - microtenant_
id str - name str
- This is the name of the policy rule.
- operator str
- Supported values:
AND,OR - policy_
set_ strid - (String) Use zpapolicytype data source to retrieve the necessary policy Set ID
policy_set_id
NOTE As of v3.2.0 the
policy_set_idattribute is now optional, and will be automatically determined based on the policy type being configured. The attribute is being kept for backwards compatibility, but can be safely removed from existing configurations.- (String) Use zpapolicytype data source to retrieve the necessary policy Set ID
- policy_
type str - priority str
- reauth_
default_ boolrule - reauth_
idle_ strtimeout - reauth_
timeout str - rule_
order str - zpn_
cbi_ strprofile_ id - zpn_
inspection_ strprofile_ id - zpn_
isolation_ strprofile_ id
- action String
- This is for providing the rule action. Supported values:
ALLOW,DENY, andREQUIRE_APPROVAL - action
Id String - This field defines the description of the server.
- app
Connector List<Property Map>Groups - app
Server List<Property Map>Groups - List of the server group IDs.
- bypass
Default BooleanRule - conditions List<Property Map>
- This is for proviidng the set of conditions for the policy.
- custom
Msg String - This is for providing a customer message for the user.
- default
Rule Boolean - This is for providing a customer message for the user.
- description String
- This is the description of the access policy rule.
- lss
Default BooleanRule - microtenant
Id String - name String
- This is the name of the policy rule.
- operator String
- Supported values:
AND,OR - policy
Set StringId - (String) Use zpapolicytype data source to retrieve the necessary policy Set ID
policy_set_id
NOTE As of v3.2.0 the
policy_set_idattribute is now optional, and will be automatically determined based on the policy type being configured. The attribute is being kept for backwards compatibility, but can be safely removed from existing configurations.- (String) Use zpapolicytype data source to retrieve the necessary policy Set ID
- policy
Type String - priority String
- reauth
Default BooleanRule - reauth
Idle StringTimeout - reauth
Timeout String - rule
Order String - zpn
Cbi StringProfile Id - zpn
Inspection StringProfile Id - zpn
Isolation StringProfile Id
Supporting Types
PolicyAccessRuleAppConnectorGroup, PolicyAccessRuleAppConnectorGroupArgs
- Ids List<string>
- Ids []string
- ids List<String>
- ids string[]
- ids Sequence[str]
- ids List<String>
PolicyAccessRuleAppServerGroup, PolicyAccessRuleAppServerGroupArgs
- Ids List<string>
- Ids []string
- ids List<String>
- ids string[]
- ids Sequence[str]
- ids List<String>
PolicyAccessRuleCondition, PolicyAccessRuleConditionArgs
- Operator string
- Supported values:
AND,OR - Id string
- Microtenant
Id string - Operands
List<zscaler.
Pulumi Package. Zpa. Inputs. Policy Access Rule Condition Operand> - This signifies the various policy criteria.
- Operator string
- Supported values:
AND,OR - Id string
- Microtenant
Id string - Operands
[]Policy
Access Rule Condition Operand - This signifies the various policy criteria.
- operator String
- Supported values:
AND,OR - id String
- microtenant
Id String - operands
List<Policy
Access Rule Condition Operand> - This signifies the various policy criteria.
- operator string
- Supported values:
AND,OR - id string
- microtenant
Id string - operands
Policy
Access Rule Condition Operand[] - This signifies the various policy criteria.
- operator str
- Supported values:
AND,OR - id str
- microtenant_
id str - operands
Sequence[Policy
Access Rule Condition Operand] - This signifies the various policy criteria.
- operator String
- Supported values:
AND,OR - id String
- microtenant
Id String - operands List<Property Map>
- This signifies the various policy criteria.
PolicyAccessRuleConditionOperand, PolicyAccessRuleConditionOperandArgs
- Lhs string
- This signifies the key for the object type. String ID example: id
- Object
Type string - This is for specifying the policy critiera.
- Id string
- Idp
Id string - Microtenant
Id string - This denotes the value for the given object type. Its value depends upon the key.
- Name string
- This is the name of the policy rule.
- Rhs string
- This denotes the value for the given object type. Its value depends upon the key.
- Rhs
Lists List<string> - This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored
- Lhs string
- This signifies the key for the object type. String ID example: id
- Object
Type string - This is for specifying the policy critiera.
- Id string
- Idp
Id string - Microtenant
Id string - This denotes the value for the given object type. Its value depends upon the key.
- Name string
- This is the name of the policy rule.
- Rhs string
- This denotes the value for the given object type. Its value depends upon the key.
- Rhs
Lists []string - This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored
- lhs String
- This signifies the key for the object type. String ID example: id
- object
Type String - This is for specifying the policy critiera.
- id String
- idp
Id String - microtenant
Id String - This denotes the value for the given object type. Its value depends upon the key.
- name String
- This is the name of the policy rule.
- rhs String
- This denotes the value for the given object type. Its value depends upon the key.
- rhs
Lists List<String> - This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored
- lhs string
- This signifies the key for the object type. String ID example: id
- object
Type string - This is for specifying the policy critiera.
- id string
- idp
Id string - microtenant
Id string - This denotes the value for the given object type. Its value depends upon the key.
- name string
- This is the name of the policy rule.
- rhs string
- This denotes the value for the given object type. Its value depends upon the key.
- rhs
Lists string[] - This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored
- lhs str
- This signifies the key for the object type. String ID example: id
- object_
type str - This is for specifying the policy critiera.
- id str
- idp_
id str - microtenant_
id str - This denotes the value for the given object type. Its value depends upon the key.
- name str
- This is the name of the policy rule.
- rhs str
- This denotes the value for the given object type. Its value depends upon the key.
- rhs_
lists Sequence[str] - This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored
- lhs String
- This signifies the key for the object type. String ID example: id
- object
Type String - This is for specifying the policy critiera.
- id String
- idp
Id String - microtenant
Id String - This denotes the value for the given object type. Its value depends upon the key.
- name String
- This is the name of the policy rule.
- rhs String
- This denotes the value for the given object type. Its value depends upon the key.
- rhs
Lists List<String> - This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored
Import
Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZPA configurations into Terraform-compliant HashiCorp Configuration Language.
Visit
Policy access rule can be imported by using <POLICY ACCESS RULE ID> as the import ID.
For example:
$ pulumi import zpa:index/policyAccessRule:PolicyAccessRule example <policy_access_rule_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- zpa zscaler/pulumi-zpa
- License
- MIT
- Notes
- This Pulumi package is based on the
zpaTerraform Provider.
