role

class pulumi_azure.role.Assignment(resource_name, opts=None, name=None, principal_id=None, role_definition_id=None, role_definition_name=None, scope=None, __name__=None, __opts__=None)

Assigns a given Principal (User or Application) to a given Role.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • name (pulumi.Input[str]) – A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.
  • principal_id (pulumi.Input[str]) – The ID of the Principal (User or Application) to assign the Role Definition to. Changing this forces a new resource to be created. For an application, make sure to use the “object ID” (and not the “Application ID”).
  • role_definition_id (pulumi.Input[str]) – The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with role_definition_name.
  • role_definition_name (pulumi.Input[str]) – The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with role_definition_id.
  • scope (pulumi.Input[str]) – The scope at which the Role Assignment applies too, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM. Changing this forces a new resource to be created.
name = None

A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.

principal_id = None

The ID of the Principal (User or Application) to assign the Role Definition to. Changing this forces a new resource to be created. For an application, make sure to use the “object ID” (and not the “Application ID”).

role_definition_id = None

The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with role_definition_name.

role_definition_name = None

The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with role_definition_id.

scope = None

The scope at which the Role Assignment applies too, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM. Changing this forces a new resource to be created.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_azure.role.Definition(resource_name, opts=None, assignable_scopes=None, description=None, name=None, permissions=None, role_definition_id=None, scope=None, __name__=None, __opts__=None)

Manages a custom Role Definition, used to assign Roles to Users/Principals. See ‘Understand role definitions’ in the Azure documentation for more details.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • assignable_scopes (pulumi.Input[list]) – One or more assignable scopes for this Role Definition, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.
  • description (pulumi.Input[str]) – A description of the Role Definition.
  • name (pulumi.Input[str]) – The name of the Role Definition. Changing this forces a new resource to be created.
  • permissions (pulumi.Input[list]) – A permissions block as defined below.
  • role_definition_id (pulumi.Input[str]) – A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created.
  • scope (pulumi.Input[str]) – The scope at which the Role Definition applies too, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM. Changing this forces a new resource to be created.
assignable_scopes = None

One or more assignable scopes for this Role Definition, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.

description = None

A description of the Role Definition.

name = None

The name of the Role Definition. Changing this forces a new resource to be created.

permissions = None

A permissions block as defined below.

role_definition_id = None

A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created.

scope = None

The scope at which the Role Definition applies too, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM. Changing this forces a new resource to be created.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_azure.role.GetBuiltinRoleDefinitionResult(assignable_scopes=None, description=None, name=None, permissions=None, type=None, id=None)

A collection of values returned by getBuiltinRoleDefinition.

assignable_scopes = None

One or more assignable scopes for this Role Definition, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.

description = None

the Description of the built-in Role.

permissions = None

a permissions block as documented below.

type = None

the Type of the Role.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_azure.role.GetRoleDefinitionResult(assignable_scopes=None, description=None, name=None, permissions=None, role_definition_id=None, scope=None, type=None, id=None)

A collection of values returned by getRoleDefinition.

assignable_scopes = None

One or more assignable scopes for this Role Definition, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.

description = None

the Description of the built-in Role.

permissions = None

a permissions block as documented below.

type = None

the Type of the Role.

id = None

id is the provider-assigned unique ID for this managed resource.

pulumi_azure.role.get_builtin_role_definition(name=None, opts=None)

Use this data source to access information about a built-in Role Definition. To access information about a custom Role Definition, please see the azurerm_role_definition data source instead.

NOTE: The this datasource has been deprecated in favour of azurerm_role_definition that now can look up role definitions by name. As such this data source will be removed in version 2.0 of the AzureRM Provider.
pulumi_azure.role.get_role_definition(name=None, role_definition_id=None, scope=None, opts=None)

Use this data source to access information about an existing Role Definition.