Module role

@pulumi/azure > role

Index

role/assignment.ts role/definition.ts role/getBuiltinRoleDefinition.ts role/getRoleDefinition.ts

class Assignment

Assigns a given Principal (User or Application) to a given Role.

constructor

new Assignment(name: string, args: AssignmentArgs, opts?: pulumi.CustomResourceOptions)

Create a Assignment resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AssignmentState): Assignment

Get an existing Assignment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.

property principalId

public principalId: pulumi.Output<string>;

The ID of the Principal (User or Application) to assign the Role Definition to. Changing this forces a new resource to be created.

property roleDefinitionId

public roleDefinitionId: pulumi.Output<string>;

The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with role_definition_name.

property roleDefinitionName

public roleDefinitionName: pulumi.Output<string | undefined>;

The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with role_definition_id.

property scope

public scope: pulumi.Output<string>;

The scope at which the Role Assignment applies too, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM. Changing this forces a new resource to be created.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class Definition

Manages a custom Role Definition, used to assign Roles to Users/Principals. See ‘Understand role definitions’ in the Azure documentation for more details.

constructor

new Definition(name: string, args: DefinitionArgs, opts?: pulumi.CustomResourceOptions)

Create a Definition resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DefinitionState): Definition

Get an existing Definition resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property assignableScopes

public assignableScopes: pulumi.Output<string[]>;

One or more assignable scopes for this Role Definition, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.

property description

public description: pulumi.Output<string | undefined>;

A description of the Role Definition.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the Role Definition. Changing this forces a new resource to be created.

property permissions

public permissions: pulumi.Output<{ ... }[]>;

A permissions block as defined below.

property roleDefinitionId

public roleDefinitionId: pulumi.Output<string>;

A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created.

property scope

public scope: pulumi.Output<string>;

The scope at which the Role Definition applies too, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM. Changing this forces a new resource to be created.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

function getBuiltinRoleDefinition

getBuiltinRoleDefinition(args: GetBuiltinRoleDefinitionArgs, opts?: pulumi.InvokeOptions): Promise<GetBuiltinRoleDefinitionResult>

Use this data source to access information about a built-in Role Definition. To access information about a custom Role Definition, please see the azurerm_role_definition data source instead.

function getRoleDefinition

getRoleDefinition(args: GetRoleDefinitionArgs, opts?: pulumi.InvokeOptions): Promise<GetRoleDefinitionResult>

Use this data source to access information about an existing Custom Role Definition. To access information about a built-in Role Definition, please see the azurerm_builtin_role_definition data source instead.

interface AssignmentArgs

The set of arguments for constructing a Assignment resource.

property name

name?: pulumi.Input<string>;

A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.

property principalId

principalId: pulumi.Input<string>;

The ID of the Principal (User or Application) to assign the Role Definition to. Changing this forces a new resource to be created.

property roleDefinitionId

roleDefinitionId?: pulumi.Input<string>;

The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with role_definition_name.

property roleDefinitionName

roleDefinitionName?: pulumi.Input<string>;

The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with role_definition_id.

property scope

scope: pulumi.Input<string>;

The scope at which the Role Assignment applies too, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM. Changing this forces a new resource to be created.

interface AssignmentState

Input properties used for looking up and filtering Assignment resources.

property name

name?: pulumi.Input<string>;

A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.

property principalId

principalId?: pulumi.Input<string>;

The ID of the Principal (User or Application) to assign the Role Definition to. Changing this forces a new resource to be created.

property roleDefinitionId

roleDefinitionId?: pulumi.Input<string>;

The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with role_definition_name.

property roleDefinitionName

roleDefinitionName?: pulumi.Input<string>;

The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with role_definition_id.

property scope

scope?: pulumi.Input<string>;

The scope at which the Role Assignment applies too, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM. Changing this forces a new resource to be created.

interface DefinitionArgs

The set of arguments for constructing a Definition resource.

property assignableScopes

assignableScopes: pulumi.Input<pulumi.Input<string>[]>;

One or more assignable scopes for this Role Definition, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.

property description

description?: pulumi.Input<string>;

A description of the Role Definition.

property name

name?: pulumi.Input<string>;

The name of the Role Definition. Changing this forces a new resource to be created.

property permissions

permissions: pulumi.Input<pulumi.Input<{ ... }>[]>;

A permissions block as defined below.

property roleDefinitionId

roleDefinitionId?: pulumi.Input<string>;

A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created.

property scope

scope: pulumi.Input<string>;

The scope at which the Role Definition applies too, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM. Changing this forces a new resource to be created.

interface DefinitionState

Input properties used for looking up and filtering Definition resources.

property assignableScopes

assignableScopes?: pulumi.Input<pulumi.Input<string>[]>;

One or more assignable scopes for this Role Definition, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.

property description

description?: pulumi.Input<string>;

A description of the Role Definition.

property name

name?: pulumi.Input<string>;

The name of the Role Definition. Changing this forces a new resource to be created.

property permissions

permissions?: pulumi.Input<pulumi.Input<{ ... }>[]>;

A permissions block as defined below.

property roleDefinitionId

roleDefinitionId?: pulumi.Input<string>;

A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created.

property scope

scope?: pulumi.Input<string>;

The scope at which the Role Definition applies too, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM. Changing this forces a new resource to be created.

interface GetBuiltinRoleDefinitionArgs

A collection of arguments for invoking getBuiltinRoleDefinition.

property name

name: string;

Specifies the name of the built-in Role Definition. Possible values are: Contributor, Owner, Reader and VirtualMachineContributor.

interface GetBuiltinRoleDefinitionResult

A collection of values returned by getBuiltinRoleDefinition.

property assignableScopes

assignableScopes: string[];

One or more assignable scopes for this Role Definition, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.

property description

description: string;

the Description of the built-in Role.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property permissions

permissions: { ... }[];

a permissions block as documented below.

property type

type: string;

the Type of the Role.

interface GetRoleDefinitionArgs

A collection of arguments for invoking getRoleDefinition.

property roleDefinitionId

roleDefinitionId: string;

Specifies the ID of the Role Definition as a UUID/GUID.

property scope

scope: string;

Specifies the Scope at which the Custom Role Definition exists.

interface GetRoleDefinitionResult

A collection of values returned by getRoleDefinition.

property assignableScopes

assignableScopes: string[];

One or more assignable scopes for this Role Definition, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.

property description

description: string;

the Description of the built-in Role.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property name

name: string;

property permissions

permissions: { ... }[];

a permissions block as documented below.

property type

type: string;

the Type of the Role.