1. Packages
  2. Azure Native
  3. API Docs
  4. authorization
  5. RoleDefinition
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.73.0 published on Wednesday, Nov 20, 2024 by Pulumi

azure-native.authorization.RoleDefinition

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.73.0 published on Wednesday, Nov 20, 2024 by Pulumi

    Role definition. Azure REST API version: 2022-05-01-preview. Prior API version in Azure Native 1.x: 2018-01-01-preview.

    Example Usage

    Create role definition

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var roleDefinition = new AzureNative.Authorization.RoleDefinition("roleDefinition", new()
        {
            RoleDefinitionId = "roleDefinitionId",
            Scope = "scope",
        });
    
    });
    
    package main
    
    import (
    	authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := authorization.NewRoleDefinition(ctx, "roleDefinition", &authorization.RoleDefinitionArgs{
    			RoleDefinitionId: pulumi.String("roleDefinitionId"),
    			Scope:            pulumi.String("scope"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.authorization.RoleDefinition;
    import com.pulumi.azurenative.authorization.RoleDefinitionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var roleDefinition = new RoleDefinition("roleDefinition", RoleDefinitionArgs.builder()
                .roleDefinitionId("roleDefinitionId")
                .scope("scope")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    role_definition = azure_native.authorization.RoleDefinition("roleDefinition",
        role_definition_id="roleDefinitionId",
        scope="scope")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const roleDefinition = new azure_native.authorization.RoleDefinition("roleDefinition", {
        roleDefinitionId: "roleDefinitionId",
        scope: "scope",
    });
    
    resources:
      roleDefinition:
        type: azure-native:authorization:RoleDefinition
        properties:
          roleDefinitionId: roleDefinitionId
          scope: scope
    

    Create RoleDefinition Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new RoleDefinition(name: string, args: RoleDefinitionArgs, opts?: CustomResourceOptions);
    @overload
    def RoleDefinition(resource_name: str,
                       args: RoleDefinitionArgs,
                       opts: Optional[ResourceOptions] = None)
    
    @overload
    def RoleDefinition(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       scope: Optional[str] = None,
                       assignable_scopes: Optional[Sequence[str]] = None,
                       description: Optional[str] = None,
                       permissions: Optional[Sequence[PermissionArgs]] = None,
                       role_definition_id: Optional[str] = None,
                       role_name: Optional[str] = None,
                       role_type: Optional[str] = None)
    func NewRoleDefinition(ctx *Context, name string, args RoleDefinitionArgs, opts ...ResourceOption) (*RoleDefinition, error)
    public RoleDefinition(string name, RoleDefinitionArgs args, CustomResourceOptions? opts = null)
    public RoleDefinition(String name, RoleDefinitionArgs args)
    public RoleDefinition(String name, RoleDefinitionArgs args, CustomResourceOptions options)
    
    type: azure-native:authorization:RoleDefinition
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args RoleDefinitionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args RoleDefinitionArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args RoleDefinitionArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args RoleDefinitionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args RoleDefinitionArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var roleDefinitionResource = new AzureNative.Authorization.RoleDefinition("roleDefinitionResource", new()
    {
        Scope = "string",
        AssignableScopes = new[]
        {
            "string",
        },
        Description = "string",
        Permissions = new[]
        {
            new AzureNative.Authorization.Inputs.PermissionArgs
            {
                Actions = new[]
                {
                    "string",
                },
                DataActions = new[]
                {
                    "string",
                },
                NotActions = new[]
                {
                    "string",
                },
                NotDataActions = new[]
                {
                    "string",
                },
            },
        },
        RoleDefinitionId = "string",
        RoleName = "string",
        RoleType = "string",
    });
    
    example, err := authorization.NewRoleDefinition(ctx, "roleDefinitionResource", &authorization.RoleDefinitionArgs{
    	Scope: pulumi.String("string"),
    	AssignableScopes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Description: pulumi.String("string"),
    	Permissions: authorization.PermissionArray{
    		&authorization.PermissionArgs{
    			Actions: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			DataActions: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			NotActions: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			NotDataActions: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	RoleDefinitionId: pulumi.String("string"),
    	RoleName:         pulumi.String("string"),
    	RoleType:         pulumi.String("string"),
    })
    
    var roleDefinitionResource = new RoleDefinition("roleDefinitionResource", RoleDefinitionArgs.builder()
        .scope("string")
        .assignableScopes("string")
        .description("string")
        .permissions(PermissionArgs.builder()
            .actions("string")
            .dataActions("string")
            .notActions("string")
            .notDataActions("string")
            .build())
        .roleDefinitionId("string")
        .roleName("string")
        .roleType("string")
        .build());
    
    role_definition_resource = azure_native.authorization.RoleDefinition("roleDefinitionResource",
        scope="string",
        assignable_scopes=["string"],
        description="string",
        permissions=[{
            "actions": ["string"],
            "data_actions": ["string"],
            "not_actions": ["string"],
            "not_data_actions": ["string"],
        }],
        role_definition_id="string",
        role_name="string",
        role_type="string")
    
    const roleDefinitionResource = new azure_native.authorization.RoleDefinition("roleDefinitionResource", {
        scope: "string",
        assignableScopes: ["string"],
        description: "string",
        permissions: [{
            actions: ["string"],
            dataActions: ["string"],
            notActions: ["string"],
            notDataActions: ["string"],
        }],
        roleDefinitionId: "string",
        roleName: "string",
        roleType: "string",
    });
    
    type: azure-native:authorization:RoleDefinition
    properties:
        assignableScopes:
            - string
        description: string
        permissions:
            - actions:
                - string
              dataActions:
                - string
              notActions:
                - string
              notDataActions:
                - string
        roleDefinitionId: string
        roleName: string
        roleType: string
        scope: string
    

    RoleDefinition Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The RoleDefinition resource accepts the following input properties:

    Scope string
    The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    AssignableScopes List<string>
    Role definition assignable scopes.
    Description string
    The role definition description.
    Permissions List<Pulumi.AzureNative.Authorization.Inputs.Permission>
    Role definition permissions.
    RoleDefinitionId string
    The ID of the role definition.
    RoleName string
    The role name.
    RoleType string
    The role type.
    Scope string
    The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    AssignableScopes []string
    Role definition assignable scopes.
    Description string
    The role definition description.
    Permissions []PermissionArgs
    Role definition permissions.
    RoleDefinitionId string
    The ID of the role definition.
    RoleName string
    The role name.
    RoleType string
    The role type.
    scope String
    The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    assignableScopes List<String>
    Role definition assignable scopes.
    description String
    The role definition description.
    permissions List<Permission>
    Role definition permissions.
    roleDefinitionId String
    The ID of the role definition.
    roleName String
    The role name.
    roleType String
    The role type.
    scope string
    The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    assignableScopes string[]
    Role definition assignable scopes.
    description string
    The role definition description.
    permissions Permission[]
    Role definition permissions.
    roleDefinitionId string
    The ID of the role definition.
    roleName string
    The role name.
    roleType string
    The role type.
    scope str
    The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    assignable_scopes Sequence[str]
    Role definition assignable scopes.
    description str
    The role definition description.
    permissions Sequence[PermissionArgs]
    Role definition permissions.
    role_definition_id str
    The ID of the role definition.
    role_name str
    The role name.
    role_type str
    The role type.
    scope String
    The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    assignableScopes List<String>
    Role definition assignable scopes.
    description String
    The role definition description.
    permissions List<Property Map>
    Role definition permissions.
    roleDefinitionId String
    The ID of the role definition.
    roleName String
    The role name.
    roleType String
    The role type.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the RoleDefinition resource produces the following output properties:

    CreatedBy string
    Id of the user who created the assignment
    CreatedOn string
    Time it was created
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    The role definition name.
    Type string
    The role definition type.
    UpdatedBy string
    Id of the user who updated the assignment
    UpdatedOn string
    Time it was updated
    CreatedBy string
    Id of the user who created the assignment
    CreatedOn string
    Time it was created
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    The role definition name.
    Type string
    The role definition type.
    UpdatedBy string
    Id of the user who updated the assignment
    UpdatedOn string
    Time it was updated
    createdBy String
    Id of the user who created the assignment
    createdOn String
    Time it was created
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    The role definition name.
    type String
    The role definition type.
    updatedBy String
    Id of the user who updated the assignment
    updatedOn String
    Time it was updated
    createdBy string
    Id of the user who created the assignment
    createdOn string
    Time it was created
    id string
    The provider-assigned unique ID for this managed resource.
    name string
    The role definition name.
    type string
    The role definition type.
    updatedBy string
    Id of the user who updated the assignment
    updatedOn string
    Time it was updated
    created_by str
    Id of the user who created the assignment
    created_on str
    Time it was created
    id str
    The provider-assigned unique ID for this managed resource.
    name str
    The role definition name.
    type str
    The role definition type.
    updated_by str
    Id of the user who updated the assignment
    updated_on str
    Time it was updated
    createdBy String
    Id of the user who created the assignment
    createdOn String
    Time it was created
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    The role definition name.
    type String
    The role definition type.
    updatedBy String
    Id of the user who updated the assignment
    updatedOn String
    Time it was updated

    Supporting Types

    Permission, PermissionArgs

    Actions List<string>
    Allowed actions.
    DataActions List<string>
    Allowed Data actions.
    NotActions List<string>
    Denied actions.
    NotDataActions List<string>
    Denied Data actions.
    Actions []string
    Allowed actions.
    DataActions []string
    Allowed Data actions.
    NotActions []string
    Denied actions.
    NotDataActions []string
    Denied Data actions.
    actions List<String>
    Allowed actions.
    dataActions List<String>
    Allowed Data actions.
    notActions List<String>
    Denied actions.
    notDataActions List<String>
    Denied Data actions.
    actions string[]
    Allowed actions.
    dataActions string[]
    Allowed Data actions.
    notActions string[]
    Denied actions.
    notDataActions string[]
    Denied Data actions.
    actions Sequence[str]
    Allowed actions.
    data_actions Sequence[str]
    Allowed Data actions.
    not_actions Sequence[str]
    Denied actions.
    not_data_actions Sequence[str]
    Denied Data actions.
    actions List<String>
    Allowed actions.
    dataActions List<String>
    Allowed Data actions.
    notActions List<String>
    Denied actions.
    notDataActions List<String>
    Denied Data actions.

    PermissionResponse, PermissionResponseArgs

    Condition string
    The conditions on the role definition. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
    ConditionVersion string
    Version of the condition. Currently the only accepted value is '2.0'
    Actions List<string>
    Allowed actions.
    DataActions List<string>
    Allowed Data actions.
    NotActions List<string>
    Denied actions.
    NotDataActions List<string>
    Denied Data actions.
    Condition string
    The conditions on the role definition. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
    ConditionVersion string
    Version of the condition. Currently the only accepted value is '2.0'
    Actions []string
    Allowed actions.
    DataActions []string
    Allowed Data actions.
    NotActions []string
    Denied actions.
    NotDataActions []string
    Denied Data actions.
    condition String
    The conditions on the role definition. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
    conditionVersion String
    Version of the condition. Currently the only accepted value is '2.0'
    actions List<String>
    Allowed actions.
    dataActions List<String>
    Allowed Data actions.
    notActions List<String>
    Denied actions.
    notDataActions List<String>
    Denied Data actions.
    condition string
    The conditions on the role definition. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
    conditionVersion string
    Version of the condition. Currently the only accepted value is '2.0'
    actions string[]
    Allowed actions.
    dataActions string[]
    Allowed Data actions.
    notActions string[]
    Denied actions.
    notDataActions string[]
    Denied Data actions.
    condition str
    The conditions on the role definition. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
    condition_version str
    Version of the condition. Currently the only accepted value is '2.0'
    actions Sequence[str]
    Allowed actions.
    data_actions Sequence[str]
    Allowed Data actions.
    not_actions Sequence[str]
    Denied actions.
    not_data_actions Sequence[str]
    Denied Data actions.
    condition String
    The conditions on the role definition. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
    conditionVersion String
    Version of the condition. Currently the only accepted value is '2.0'
    actions List<String>
    Allowed actions.
    dataActions List<String>
    Allowed Data actions.
    notActions List<String>
    Denied actions.
    notDataActions List<String>
    Denied Data actions.

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:authorization:RoleDefinition roleDefinitionId /{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionId} 
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.73.0 published on Wednesday, Nov 20, 2024 by Pulumi