1. Packages
  2. Azure Classic
  3. API Docs
  4. pim
  5. getRoleManagementPolicy

We recommend using Azure Native.

Azure v6.10.0 published on Tuesday, Nov 19, 2024 by Pulumi

azure.pim.getRoleManagementPolicy

Explore with Pulumi AI

azure logo

We recommend using Azure Native.

Azure v6.10.0 published on Tuesday, Nov 19, 2024 by Pulumi

    Use this data source to get information on a role policy for an Azure Management Group, Subscription, Resource Group or resource.

    Example Usage

    Resource Group

    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    
    const example = azure.core.getResourceGroup({
        name: "example-rg",
    });
    const rgContributor = example.then(example => azure.authorization.getRoleDefinition({
        name: "Contributor",
        scope: example.id,
    }));
    const exampleGetRoleManagementPolicy = azure.pim.getRoleManagementPolicy({
        scope: test.id,
        roleDefinitionId: contributor.id,
    });
    
    import pulumi
    import pulumi_azure as azure
    
    example = azure.core.get_resource_group(name="example-rg")
    rg_contributor = azure.authorization.get_role_definition(name="Contributor",
        scope=example.id)
    example_get_role_management_policy = azure.pim.get_role_management_policy(scope=test["id"],
        role_definition_id=contributor["id"])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
    	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
    	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/pim"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := core.LookupResourceGroup(ctx, &core.LookupResourceGroupArgs{
    			Name: "example-rg",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = authorization.LookupRoleDefinition(ctx, &authorization.LookupRoleDefinitionArgs{
    			Name:  pulumi.StringRef("Contributor"),
    			Scope: pulumi.StringRef(example.Id),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = pim.LookupRoleManagementPolicy(ctx, &pim.LookupRoleManagementPolicyArgs{
    			Scope:            test.Id,
    			RoleDefinitionId: contributor.Id,
    		}, nil)
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    
    return await Deployment.RunAsync(() => 
    {
        var example = Azure.Core.GetResourceGroup.Invoke(new()
        {
            Name = "example-rg",
        });
    
        var rgContributor = Azure.Authorization.GetRoleDefinition.Invoke(new()
        {
            Name = "Contributor",
            Scope = example.Apply(getResourceGroupResult => getResourceGroupResult.Id),
        });
    
        var exampleGetRoleManagementPolicy = Azure.Pim.GetRoleManagementPolicy.Invoke(new()
        {
            Scope = test.Id,
            RoleDefinitionId = contributor.Id,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.core.CoreFunctions;
    import com.pulumi.azure.core.inputs.GetResourceGroupArgs;
    import com.pulumi.azure.authorization.AuthorizationFunctions;
    import com.pulumi.azure.authorization.inputs.GetRoleDefinitionArgs;
    import com.pulumi.azure.pim.PimFunctions;
    import com.pulumi.azure.pim.inputs.GetRoleManagementPolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var example = CoreFunctions.getResourceGroup(GetResourceGroupArgs.builder()
                .name("example-rg")
                .build());
    
            final var rgContributor = AuthorizationFunctions.getRoleDefinition(GetRoleDefinitionArgs.builder()
                .name("Contributor")
                .scope(example.applyValue(getResourceGroupResult -> getResourceGroupResult.id()))
                .build());
    
            final var exampleGetRoleManagementPolicy = PimFunctions.getRoleManagementPolicy(GetRoleManagementPolicyArgs.builder()
                .scope(test.id())
                .roleDefinitionId(contributor.id())
                .build());
    
        }
    }
    
    variables:
      example:
        fn::invoke:
          Function: azure:core:getResourceGroup
          Arguments:
            name: example-rg
      rgContributor:
        fn::invoke:
          Function: azure:authorization:getRoleDefinition
          Arguments:
            name: Contributor
            scope: ${example.id}
      exampleGetRoleManagementPolicy:
        fn::invoke:
          Function: azure:pim:getRoleManagementPolicy
          Arguments:
            scope: ${test.id}
            roleDefinitionId: ${contributor.id}
    

    Management Group

    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    
    const example = azure.management.getGroup({
        name: "example-group",
    });
    const mgContributor = azure.authorization.getRoleDefinition({
        name: "Contributor",
        scope: exampleAzurermManagementGroup.id,
    });
    const exampleGetRoleManagementPolicy = Promise.all([example, mgContributor]).then(([example, mgContributor]) => azure.pim.getRoleManagementPolicy({
        scope: example.id,
        roleDefinitionId: mgContributor.id,
    }));
    
    import pulumi
    import pulumi_azure as azure
    
    example = azure.management.get_group(name="example-group")
    mg_contributor = azure.authorization.get_role_definition(name="Contributor",
        scope=example_azurerm_management_group["id"])
    example_get_role_management_policy = azure.pim.get_role_management_policy(scope=example.id,
        role_definition_id=mg_contributor.id)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
    	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/management"
    	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/pim"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := management.LookupGroup(ctx, &management.LookupGroupArgs{
    			Name: pulumi.StringRef("example-group"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		mgContributor, err := authorization.LookupRoleDefinition(ctx, &authorization.LookupRoleDefinitionArgs{
    			Name:  pulumi.StringRef("Contributor"),
    			Scope: pulumi.StringRef(exampleAzurermManagementGroup.Id),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = pim.LookupRoleManagementPolicy(ctx, &pim.LookupRoleManagementPolicyArgs{
    			Scope:            example.Id,
    			RoleDefinitionId: mgContributor.Id,
    		}, nil)
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    
    return await Deployment.RunAsync(() => 
    {
        var example = Azure.Management.GetGroup.Invoke(new()
        {
            Name = "example-group",
        });
    
        var mgContributor = Azure.Authorization.GetRoleDefinition.Invoke(new()
        {
            Name = "Contributor",
            Scope = exampleAzurermManagementGroup.Id,
        });
    
        var exampleGetRoleManagementPolicy = Azure.Pim.GetRoleManagementPolicy.Invoke(new()
        {
            Scope = example.Apply(getGroupResult => getGroupResult.Id),
            RoleDefinitionId = mgContributor.Apply(getRoleDefinitionResult => getRoleDefinitionResult.Id),
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.management.ManagementFunctions;
    import com.pulumi.azure.management.inputs.GetGroupArgs;
    import com.pulumi.azure.authorization.AuthorizationFunctions;
    import com.pulumi.azure.authorization.inputs.GetRoleDefinitionArgs;
    import com.pulumi.azure.pim.PimFunctions;
    import com.pulumi.azure.pim.inputs.GetRoleManagementPolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var example = ManagementFunctions.getGroup(GetGroupArgs.builder()
                .name("example-group")
                .build());
    
            final var mgContributor = AuthorizationFunctions.getRoleDefinition(GetRoleDefinitionArgs.builder()
                .name("Contributor")
                .scope(exampleAzurermManagementGroup.id())
                .build());
    
            final var exampleGetRoleManagementPolicy = PimFunctions.getRoleManagementPolicy(GetRoleManagementPolicyArgs.builder()
                .scope(example.applyValue(getGroupResult -> getGroupResult.id()))
                .roleDefinitionId(mgContributor.applyValue(getRoleDefinitionResult -> getRoleDefinitionResult.id()))
                .build());
    
        }
    }
    
    variables:
      example:
        fn::invoke:
          Function: azure:management:getGroup
          Arguments:
            name: example-group
      mgContributor:
        fn::invoke:
          Function: azure:authorization:getRoleDefinition
          Arguments:
            name: Contributor
            scope: ${exampleAzurermManagementGroup.id}
      exampleGetRoleManagementPolicy:
        fn::invoke:
          Function: azure:pim:getRoleManagementPolicy
          Arguments:
            scope: ${example.id}
            roleDefinitionId: ${mgContributor.id}
    

    Using getRoleManagementPolicy

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getRoleManagementPolicy(args: GetRoleManagementPolicyArgs, opts?: InvokeOptions): Promise<GetRoleManagementPolicyResult>
    function getRoleManagementPolicyOutput(args: GetRoleManagementPolicyOutputArgs, opts?: InvokeOptions): Output<GetRoleManagementPolicyResult>
    def get_role_management_policy(role_definition_id: Optional[str] = None,
                                   scope: Optional[str] = None,
                                   opts: Optional[InvokeOptions] = None) -> GetRoleManagementPolicyResult
    def get_role_management_policy_output(role_definition_id: Optional[pulumi.Input[str]] = None,
                                   scope: Optional[pulumi.Input[str]] = None,
                                   opts: Optional[InvokeOptions] = None) -> Output[GetRoleManagementPolicyResult]
    func LookupRoleManagementPolicy(ctx *Context, args *LookupRoleManagementPolicyArgs, opts ...InvokeOption) (*LookupRoleManagementPolicyResult, error)
    func LookupRoleManagementPolicyOutput(ctx *Context, args *LookupRoleManagementPolicyOutputArgs, opts ...InvokeOption) LookupRoleManagementPolicyResultOutput

    > Note: This function is named LookupRoleManagementPolicy in the Go SDK.

    public static class GetRoleManagementPolicy 
    {
        public static Task<GetRoleManagementPolicyResult> InvokeAsync(GetRoleManagementPolicyArgs args, InvokeOptions? opts = null)
        public static Output<GetRoleManagementPolicyResult> Invoke(GetRoleManagementPolicyInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetRoleManagementPolicyResult> getRoleManagementPolicy(GetRoleManagementPolicyArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: azure:pim/getRoleManagementPolicy:getRoleManagementPolicy
      arguments:
        # arguments dictionary

    The following arguments are supported:

    RoleDefinitionId string
    The scoped Role Definition ID of the role for which this policy applies.
    Scope string
    The scope to which this Role Management Policy applies. Can refer to a management group, a subscription, a resource group or a resource.
    RoleDefinitionId string
    The scoped Role Definition ID of the role for which this policy applies.
    Scope string
    The scope to which this Role Management Policy applies. Can refer to a management group, a subscription, a resource group or a resource.
    roleDefinitionId String
    The scoped Role Definition ID of the role for which this policy applies.
    scope String
    The scope to which this Role Management Policy applies. Can refer to a management group, a subscription, a resource group or a resource.
    roleDefinitionId string
    The scoped Role Definition ID of the role for which this policy applies.
    scope string
    The scope to which this Role Management Policy applies. Can refer to a management group, a subscription, a resource group or a resource.
    role_definition_id str
    The scoped Role Definition ID of the role for which this policy applies.
    scope str
    The scope to which this Role Management Policy applies. Can refer to a management group, a subscription, a resource group or a resource.
    roleDefinitionId String
    The scoped Role Definition ID of the role for which this policy applies.
    scope String
    The scope to which this Role Management Policy applies. Can refer to a management group, a subscription, a resource group or a resource.

    getRoleManagementPolicy Result

    The following output properties are available:

    ActivationRules List<GetRoleManagementPolicyActivationRule>
    An activation_rules block as defined below.
    ActiveAssignmentRules List<GetRoleManagementPolicyActiveAssignmentRule>
    An active_assignment_rules block as defined below.
    Description string
    (String) The description of this policy.
    EligibleAssignmentRules List<GetRoleManagementPolicyEligibleAssignmentRule>
    An eligible_assignment_rules block as defined below.
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    (String) The name of this policy, which is typically a UUID and may change over time.
    NotificationRules List<GetRoleManagementPolicyNotificationRule>
    A notification_rules block as defined below.
    RoleDefinitionId string
    Scope string
    ActivationRules []GetRoleManagementPolicyActivationRule
    An activation_rules block as defined below.
    ActiveAssignmentRules []GetRoleManagementPolicyActiveAssignmentRule
    An active_assignment_rules block as defined below.
    Description string
    (String) The description of this policy.
    EligibleAssignmentRules []GetRoleManagementPolicyEligibleAssignmentRule
    An eligible_assignment_rules block as defined below.
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    (String) The name of this policy, which is typically a UUID and may change over time.
    NotificationRules []GetRoleManagementPolicyNotificationRule
    A notification_rules block as defined below.
    RoleDefinitionId string
    Scope string
    activationRules List<GetRoleManagementPolicyActivationRule>
    An activation_rules block as defined below.
    activeAssignmentRules List<GetRoleManagementPolicyActiveAssignmentRule>
    An active_assignment_rules block as defined below.
    description String
    (String) The description of this policy.
    eligibleAssignmentRules List<GetRoleManagementPolicyEligibleAssignmentRule>
    An eligible_assignment_rules block as defined below.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    (String) The name of this policy, which is typically a UUID and may change over time.
    notificationRules List<GetRoleManagementPolicyNotificationRule>
    A notification_rules block as defined below.
    roleDefinitionId String
    scope String
    activationRules GetRoleManagementPolicyActivationRule[]
    An activation_rules block as defined below.
    activeAssignmentRules GetRoleManagementPolicyActiveAssignmentRule[]
    An active_assignment_rules block as defined below.
    description string
    (String) The description of this policy.
    eligibleAssignmentRules GetRoleManagementPolicyEligibleAssignmentRule[]
    An eligible_assignment_rules block as defined below.
    id string
    The provider-assigned unique ID for this managed resource.
    name string
    (String) The name of this policy, which is typically a UUID and may change over time.
    notificationRules GetRoleManagementPolicyNotificationRule[]
    A notification_rules block as defined below.
    roleDefinitionId string
    scope string
    activation_rules Sequence[GetRoleManagementPolicyActivationRule]
    An activation_rules block as defined below.
    active_assignment_rules Sequence[GetRoleManagementPolicyActiveAssignmentRule]
    An active_assignment_rules block as defined below.
    description str
    (String) The description of this policy.
    eligible_assignment_rules Sequence[GetRoleManagementPolicyEligibleAssignmentRule]
    An eligible_assignment_rules block as defined below.
    id str
    The provider-assigned unique ID for this managed resource.
    name str
    (String) The name of this policy, which is typically a UUID and may change over time.
    notification_rules Sequence[GetRoleManagementPolicyNotificationRule]
    A notification_rules block as defined below.
    role_definition_id str
    scope str
    activationRules List<Property Map>
    An activation_rules block as defined below.
    activeAssignmentRules List<Property Map>
    An active_assignment_rules block as defined below.
    description String
    (String) The description of this policy.
    eligibleAssignmentRules List<Property Map>
    An eligible_assignment_rules block as defined below.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    (String) The name of this policy, which is typically a UUID and may change over time.
    notificationRules List<Property Map>
    A notification_rules block as defined below.
    roleDefinitionId String
    scope String

    Supporting Types

    GetRoleManagementPolicyActivationRule

    ApprovalStages List<GetRoleManagementPolicyActivationRuleApprovalStage>
    An approval_stage block as defined below.
    MaximumDuration string
    (String) The maximum length of time an activated role can be valid, in an ISO8601 Duration format.
    RequireApproval bool
    (Boolean) Is approval required for activation.
    RequireJustification bool
    (Boolean) Is a justification required to create new assignments.
    RequireMultifactorAuthentication bool
    (Boolean) Is multi-factor authentication required to create new assignments.
    RequireTicketInfo bool
    (Boolean) Is ticket information required to create new assignments.
    RequiredConditionalAccessAuthenticationContext string
    (String) The Entra ID Conditional Access context that must be present for activation.
    ApprovalStages []GetRoleManagementPolicyActivationRuleApprovalStage
    An approval_stage block as defined below.
    MaximumDuration string
    (String) The maximum length of time an activated role can be valid, in an ISO8601 Duration format.
    RequireApproval bool
    (Boolean) Is approval required for activation.
    RequireJustification bool
    (Boolean) Is a justification required to create new assignments.
    RequireMultifactorAuthentication bool
    (Boolean) Is multi-factor authentication required to create new assignments.
    RequireTicketInfo bool
    (Boolean) Is ticket information required to create new assignments.
    RequiredConditionalAccessAuthenticationContext string
    (String) The Entra ID Conditional Access context that must be present for activation.
    approvalStages List<GetRoleManagementPolicyActivationRuleApprovalStage>
    An approval_stage block as defined below.
    maximumDuration String
    (String) The maximum length of time an activated role can be valid, in an ISO8601 Duration format.
    requireApproval Boolean
    (Boolean) Is approval required for activation.
    requireJustification Boolean
    (Boolean) Is a justification required to create new assignments.
    requireMultifactorAuthentication Boolean
    (Boolean) Is multi-factor authentication required to create new assignments.
    requireTicketInfo Boolean
    (Boolean) Is ticket information required to create new assignments.
    requiredConditionalAccessAuthenticationContext String
    (String) The Entra ID Conditional Access context that must be present for activation.
    approvalStages GetRoleManagementPolicyActivationRuleApprovalStage[]
    An approval_stage block as defined below.
    maximumDuration string
    (String) The maximum length of time an activated role can be valid, in an ISO8601 Duration format.
    requireApproval boolean
    (Boolean) Is approval required for activation.
    requireJustification boolean
    (Boolean) Is a justification required to create new assignments.
    requireMultifactorAuthentication boolean
    (Boolean) Is multi-factor authentication required to create new assignments.
    requireTicketInfo boolean
    (Boolean) Is ticket information required to create new assignments.
    requiredConditionalAccessAuthenticationContext string
    (String) The Entra ID Conditional Access context that must be present for activation.
    approval_stages Sequence[GetRoleManagementPolicyActivationRuleApprovalStage]
    An approval_stage block as defined below.
    maximum_duration str
    (String) The maximum length of time an activated role can be valid, in an ISO8601 Duration format.
    require_approval bool
    (Boolean) Is approval required for activation.
    require_justification bool
    (Boolean) Is a justification required to create new assignments.
    require_multifactor_authentication bool
    (Boolean) Is multi-factor authentication required to create new assignments.
    require_ticket_info bool
    (Boolean) Is ticket information required to create new assignments.
    required_conditional_access_authentication_context str
    (String) The Entra ID Conditional Access context that must be present for activation.
    approvalStages List<Property Map>
    An approval_stage block as defined below.
    maximumDuration String
    (String) The maximum length of time an activated role can be valid, in an ISO8601 Duration format.
    requireApproval Boolean
    (Boolean) Is approval required for activation.
    requireJustification Boolean
    (Boolean) Is a justification required to create new assignments.
    requireMultifactorAuthentication Boolean
    (Boolean) Is multi-factor authentication required to create new assignments.
    requireTicketInfo Boolean
    (Boolean) Is ticket information required to create new assignments.
    requiredConditionalAccessAuthenticationContext String
    (String) The Entra ID Conditional Access context that must be present for activation.

    GetRoleManagementPolicyActivationRuleApprovalStage

    PrimaryApprovers List<GetRoleManagementPolicyActivationRuleApprovalStagePrimaryApprover>
    The IDs of the users or groups who can approve the activation
    PrimaryApprovers []GetRoleManagementPolicyActivationRuleApprovalStagePrimaryApprover
    The IDs of the users or groups who can approve the activation
    primaryApprovers List<GetRoleManagementPolicyActivationRuleApprovalStagePrimaryApprover>
    The IDs of the users or groups who can approve the activation
    primaryApprovers GetRoleManagementPolicyActivationRuleApprovalStagePrimaryApprover[]
    The IDs of the users or groups who can approve the activation
    primary_approvers Sequence[GetRoleManagementPolicyActivationRuleApprovalStagePrimaryApprover]
    The IDs of the users or groups who can approve the activation
    primaryApprovers List<Property Map>
    The IDs of the users or groups who can approve the activation

    GetRoleManagementPolicyActivationRuleApprovalStagePrimaryApprover

    ObjectId string
    (String) The ID of the object which will act as an approver.
    Type string
    (String) The type of object acting as an approver. Either User or Group.
    ObjectId string
    (String) The ID of the object which will act as an approver.
    Type string
    (String) The type of object acting as an approver. Either User or Group.
    objectId String
    (String) The ID of the object which will act as an approver.
    type String
    (String) The type of object acting as an approver. Either User or Group.
    objectId string
    (String) The ID of the object which will act as an approver.
    type string
    (String) The type of object acting as an approver. Either User or Group.
    object_id str
    (String) The ID of the object which will act as an approver.
    type str
    (String) The type of object acting as an approver. Either User or Group.
    objectId String
    (String) The ID of the object which will act as an approver.
    type String
    (String) The type of object acting as an approver. Either User or Group.

    GetRoleManagementPolicyActiveAssignmentRule

    ExpirationRequired bool
    (Boolean) Must an assignment have an expiry date.
    ExpireAfter string
    (String) The maximum length of time an assignment can be valid, as an ISO8601 duration.
    RequireJustification bool
    (Boolean) Is a justification required to create new assignments.
    RequireMultifactorAuthentication bool
    (Boolean) Is multi-factor authentication required to create new assignments.
    RequireTicketInfo bool
    (Boolean) Is ticket information required to create new assignments.
    ExpirationRequired bool
    (Boolean) Must an assignment have an expiry date.
    ExpireAfter string
    (String) The maximum length of time an assignment can be valid, as an ISO8601 duration.
    RequireJustification bool
    (Boolean) Is a justification required to create new assignments.
    RequireMultifactorAuthentication bool
    (Boolean) Is multi-factor authentication required to create new assignments.
    RequireTicketInfo bool
    (Boolean) Is ticket information required to create new assignments.
    expirationRequired Boolean
    (Boolean) Must an assignment have an expiry date.
    expireAfter String
    (String) The maximum length of time an assignment can be valid, as an ISO8601 duration.
    requireJustification Boolean
    (Boolean) Is a justification required to create new assignments.
    requireMultifactorAuthentication Boolean
    (Boolean) Is multi-factor authentication required to create new assignments.
    requireTicketInfo Boolean
    (Boolean) Is ticket information required to create new assignments.
    expirationRequired boolean
    (Boolean) Must an assignment have an expiry date.
    expireAfter string
    (String) The maximum length of time an assignment can be valid, as an ISO8601 duration.
    requireJustification boolean
    (Boolean) Is a justification required to create new assignments.
    requireMultifactorAuthentication boolean
    (Boolean) Is multi-factor authentication required to create new assignments.
    requireTicketInfo boolean
    (Boolean) Is ticket information required to create new assignments.
    expiration_required bool
    (Boolean) Must an assignment have an expiry date.
    expire_after str
    (String) The maximum length of time an assignment can be valid, as an ISO8601 duration.
    require_justification bool
    (Boolean) Is a justification required to create new assignments.
    require_multifactor_authentication bool
    (Boolean) Is multi-factor authentication required to create new assignments.
    require_ticket_info bool
    (Boolean) Is ticket information required to create new assignments.
    expirationRequired Boolean
    (Boolean) Must an assignment have an expiry date.
    expireAfter String
    (String) The maximum length of time an assignment can be valid, as an ISO8601 duration.
    requireJustification Boolean
    (Boolean) Is a justification required to create new assignments.
    requireMultifactorAuthentication Boolean
    (Boolean) Is multi-factor authentication required to create new assignments.
    requireTicketInfo Boolean
    (Boolean) Is ticket information required to create new assignments.

    GetRoleManagementPolicyEligibleAssignmentRule

    ExpirationRequired bool
    (Boolean) Must an assignment have an expiry date.
    ExpireAfter string
    (String) The maximum length of time an assignment can be valid, as an ISO8601 duration.
    ExpirationRequired bool
    (Boolean) Must an assignment have an expiry date.
    ExpireAfter string
    (String) The maximum length of time an assignment can be valid, as an ISO8601 duration.
    expirationRequired Boolean
    (Boolean) Must an assignment have an expiry date.
    expireAfter String
    (String) The maximum length of time an assignment can be valid, as an ISO8601 duration.
    expirationRequired boolean
    (Boolean) Must an assignment have an expiry date.
    expireAfter string
    (String) The maximum length of time an assignment can be valid, as an ISO8601 duration.
    expiration_required bool
    (Boolean) Must an assignment have an expiry date.
    expire_after str
    (String) The maximum length of time an assignment can be valid, as an ISO8601 duration.
    expirationRequired Boolean
    (Boolean) Must an assignment have an expiry date.
    expireAfter String
    (String) The maximum length of time an assignment can be valid, as an ISO8601 duration.

    GetRoleManagementPolicyNotificationRule

    ActiveAssignments List<GetRoleManagementPolicyNotificationRuleActiveAssignment>
    A notification_target block as defined below with the details of notfications on active role assignments.
    EligibleActivations List<GetRoleManagementPolicyNotificationRuleEligibleActivation>
    A notification_target block as defined below with the details of notifications on activation of eligible role.
    EligibleAssignments List<GetRoleManagementPolicyNotificationRuleEligibleAssignment>
    A notification_target block as defined below with the details of notifications on eligible role assignments.
    ActiveAssignments []GetRoleManagementPolicyNotificationRuleActiveAssignment
    A notification_target block as defined below with the details of notfications on active role assignments.
    EligibleActivations []GetRoleManagementPolicyNotificationRuleEligibleActivation
    A notification_target block as defined below with the details of notifications on activation of eligible role.
    EligibleAssignments []GetRoleManagementPolicyNotificationRuleEligibleAssignment
    A notification_target block as defined below with the details of notifications on eligible role assignments.
    activeAssignments List<GetRoleManagementPolicyNotificationRuleActiveAssignment>
    A notification_target block as defined below with the details of notfications on active role assignments.
    eligibleActivations List<GetRoleManagementPolicyNotificationRuleEligibleActivation>
    A notification_target block as defined below with the details of notifications on activation of eligible role.
    eligibleAssignments List<GetRoleManagementPolicyNotificationRuleEligibleAssignment>
    A notification_target block as defined below with the details of notifications on eligible role assignments.
    activeAssignments GetRoleManagementPolicyNotificationRuleActiveAssignment[]
    A notification_target block as defined below with the details of notfications on active role assignments.
    eligibleActivations GetRoleManagementPolicyNotificationRuleEligibleActivation[]
    A notification_target block as defined below with the details of notifications on activation of eligible role.
    eligibleAssignments GetRoleManagementPolicyNotificationRuleEligibleAssignment[]
    A notification_target block as defined below with the details of notifications on eligible role assignments.
    active_assignments Sequence[GetRoleManagementPolicyNotificationRuleActiveAssignment]
    A notification_target block as defined below with the details of notfications on active role assignments.
    eligible_activations Sequence[GetRoleManagementPolicyNotificationRuleEligibleActivation]
    A notification_target block as defined below with the details of notifications on activation of eligible role.
    eligible_assignments Sequence[GetRoleManagementPolicyNotificationRuleEligibleAssignment]
    A notification_target block as defined below with the details of notifications on eligible role assignments.
    activeAssignments List<Property Map>
    A notification_target block as defined below with the details of notfications on active role assignments.
    eligibleActivations List<Property Map>
    A notification_target block as defined below with the details of notifications on activation of eligible role.
    eligibleAssignments List<Property Map>
    A notification_target block as defined below with the details of notifications on eligible role assignments.

    GetRoleManagementPolicyNotificationRuleActiveAssignment

    adminNotifications List<Property Map>
    A notification_settings block as defined above.
    approverNotifications List<Property Map>
    A notification_settings block as defined above.
    assigneeNotifications List<Property Map>
    A notification_settings block as defined above.

    GetRoleManagementPolicyNotificationRuleActiveAssignmentAdminNotification

    AdditionalRecipients List<string>
    A list of additional email addresses that will receive these notifications.
    DefaultRecipients bool
    (Boolean) Should the default recipients receive these notifications.
    NotificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    AdditionalRecipients []string
    A list of additional email addresses that will receive these notifications.
    DefaultRecipients bool
    (Boolean) Should the default recipients receive these notifications.
    NotificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients List<String>
    A list of additional email addresses that will receive these notifications.
    defaultRecipients Boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel String
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients string[]
    A list of additional email addresses that will receive these notifications.
    defaultRecipients boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    additional_recipients Sequence[str]
    A list of additional email addresses that will receive these notifications.
    default_recipients bool
    (Boolean) Should the default recipients receive these notifications.
    notification_level str
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients List<String>
    A list of additional email addresses that will receive these notifications.
    defaultRecipients Boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel String
    (String) What level of notifications should be sent. Either All or Critical.

    GetRoleManagementPolicyNotificationRuleActiveAssignmentApproverNotification

    AdditionalRecipients List<string>
    A list of additional email addresses that will receive these notifications.
    DefaultRecipients bool
    (Boolean) Should the default recipients receive these notifications.
    NotificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    AdditionalRecipients []string
    A list of additional email addresses that will receive these notifications.
    DefaultRecipients bool
    (Boolean) Should the default recipients receive these notifications.
    NotificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients List<String>
    A list of additional email addresses that will receive these notifications.
    defaultRecipients Boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel String
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients string[]
    A list of additional email addresses that will receive these notifications.
    defaultRecipients boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    additional_recipients Sequence[str]
    A list of additional email addresses that will receive these notifications.
    default_recipients bool
    (Boolean) Should the default recipients receive these notifications.
    notification_level str
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients List<String>
    A list of additional email addresses that will receive these notifications.
    defaultRecipients Boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel String
    (String) What level of notifications should be sent. Either All or Critical.

    GetRoleManagementPolicyNotificationRuleActiveAssignmentAssigneeNotification

    AdditionalRecipients List<string>
    A list of additional email addresses that will receive these notifications.
    DefaultRecipients bool
    (Boolean) Should the default recipients receive these notifications.
    NotificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    AdditionalRecipients []string
    A list of additional email addresses that will receive these notifications.
    DefaultRecipients bool
    (Boolean) Should the default recipients receive these notifications.
    NotificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients List<String>
    A list of additional email addresses that will receive these notifications.
    defaultRecipients Boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel String
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients string[]
    A list of additional email addresses that will receive these notifications.
    defaultRecipients boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    additional_recipients Sequence[str]
    A list of additional email addresses that will receive these notifications.
    default_recipients bool
    (Boolean) Should the default recipients receive these notifications.
    notification_level str
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients List<String>
    A list of additional email addresses that will receive these notifications.
    defaultRecipients Boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel String
    (String) What level of notifications should be sent. Either All or Critical.

    GetRoleManagementPolicyNotificationRuleEligibleActivation

    adminNotifications List<Property Map>
    A notification_settings block as defined above.
    approverNotifications List<Property Map>
    A notification_settings block as defined above.
    assigneeNotifications List<Property Map>
    A notification_settings block as defined above.

    GetRoleManagementPolicyNotificationRuleEligibleActivationAdminNotification

    AdditionalRecipients List<string>
    A list of additional email addresses that will receive these notifications.
    DefaultRecipients bool
    (Boolean) Should the default recipients receive these notifications.
    NotificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    AdditionalRecipients []string
    A list of additional email addresses that will receive these notifications.
    DefaultRecipients bool
    (Boolean) Should the default recipients receive these notifications.
    NotificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients List<String>
    A list of additional email addresses that will receive these notifications.
    defaultRecipients Boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel String
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients string[]
    A list of additional email addresses that will receive these notifications.
    defaultRecipients boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    additional_recipients Sequence[str]
    A list of additional email addresses that will receive these notifications.
    default_recipients bool
    (Boolean) Should the default recipients receive these notifications.
    notification_level str
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients List<String>
    A list of additional email addresses that will receive these notifications.
    defaultRecipients Boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel String
    (String) What level of notifications should be sent. Either All or Critical.

    GetRoleManagementPolicyNotificationRuleEligibleActivationApproverNotification

    AdditionalRecipients List<string>
    A list of additional email addresses that will receive these notifications.
    DefaultRecipients bool
    (Boolean) Should the default recipients receive these notifications.
    NotificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    AdditionalRecipients []string
    A list of additional email addresses that will receive these notifications.
    DefaultRecipients bool
    (Boolean) Should the default recipients receive these notifications.
    NotificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients List<String>
    A list of additional email addresses that will receive these notifications.
    defaultRecipients Boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel String
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients string[]
    A list of additional email addresses that will receive these notifications.
    defaultRecipients boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    additional_recipients Sequence[str]
    A list of additional email addresses that will receive these notifications.
    default_recipients bool
    (Boolean) Should the default recipients receive these notifications.
    notification_level str
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients List<String>
    A list of additional email addresses that will receive these notifications.
    defaultRecipients Boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel String
    (String) What level of notifications should be sent. Either All or Critical.

    GetRoleManagementPolicyNotificationRuleEligibleActivationAssigneeNotification

    AdditionalRecipients List<string>
    A list of additional email addresses that will receive these notifications.
    DefaultRecipients bool
    (Boolean) Should the default recipients receive these notifications.
    NotificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    AdditionalRecipients []string
    A list of additional email addresses that will receive these notifications.
    DefaultRecipients bool
    (Boolean) Should the default recipients receive these notifications.
    NotificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients List<String>
    A list of additional email addresses that will receive these notifications.
    defaultRecipients Boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel String
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients string[]
    A list of additional email addresses that will receive these notifications.
    defaultRecipients boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    additional_recipients Sequence[str]
    A list of additional email addresses that will receive these notifications.
    default_recipients bool
    (Boolean) Should the default recipients receive these notifications.
    notification_level str
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients List<String>
    A list of additional email addresses that will receive these notifications.
    defaultRecipients Boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel String
    (String) What level of notifications should be sent. Either All or Critical.

    GetRoleManagementPolicyNotificationRuleEligibleAssignment

    adminNotifications List<Property Map>
    A notification_settings block as defined above.
    approverNotifications List<Property Map>
    A notification_settings block as defined above.
    assigneeNotifications List<Property Map>
    A notification_settings block as defined above.

    GetRoleManagementPolicyNotificationRuleEligibleAssignmentAdminNotification

    AdditionalRecipients List<string>
    A list of additional email addresses that will receive these notifications.
    DefaultRecipients bool
    (Boolean) Should the default recipients receive these notifications.
    NotificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    AdditionalRecipients []string
    A list of additional email addresses that will receive these notifications.
    DefaultRecipients bool
    (Boolean) Should the default recipients receive these notifications.
    NotificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients List<String>
    A list of additional email addresses that will receive these notifications.
    defaultRecipients Boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel String
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients string[]
    A list of additional email addresses that will receive these notifications.
    defaultRecipients boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    additional_recipients Sequence[str]
    A list of additional email addresses that will receive these notifications.
    default_recipients bool
    (Boolean) Should the default recipients receive these notifications.
    notification_level str
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients List<String>
    A list of additional email addresses that will receive these notifications.
    defaultRecipients Boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel String
    (String) What level of notifications should be sent. Either All or Critical.

    GetRoleManagementPolicyNotificationRuleEligibleAssignmentApproverNotification

    AdditionalRecipients List<string>
    A list of additional email addresses that will receive these notifications.
    DefaultRecipients bool
    (Boolean) Should the default recipients receive these notifications.
    NotificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    AdditionalRecipients []string
    A list of additional email addresses that will receive these notifications.
    DefaultRecipients bool
    (Boolean) Should the default recipients receive these notifications.
    NotificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients List<String>
    A list of additional email addresses that will receive these notifications.
    defaultRecipients Boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel String
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients string[]
    A list of additional email addresses that will receive these notifications.
    defaultRecipients boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    additional_recipients Sequence[str]
    A list of additional email addresses that will receive these notifications.
    default_recipients bool
    (Boolean) Should the default recipients receive these notifications.
    notification_level str
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients List<String>
    A list of additional email addresses that will receive these notifications.
    defaultRecipients Boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel String
    (String) What level of notifications should be sent. Either All or Critical.

    GetRoleManagementPolicyNotificationRuleEligibleAssignmentAssigneeNotification

    AdditionalRecipients List<string>
    A list of additional email addresses that will receive these notifications.
    DefaultRecipients bool
    (Boolean) Should the default recipients receive these notifications.
    NotificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    AdditionalRecipients []string
    A list of additional email addresses that will receive these notifications.
    DefaultRecipients bool
    (Boolean) Should the default recipients receive these notifications.
    NotificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients List<String>
    A list of additional email addresses that will receive these notifications.
    defaultRecipients Boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel String
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients string[]
    A list of additional email addresses that will receive these notifications.
    defaultRecipients boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel string
    (String) What level of notifications should be sent. Either All or Critical.
    additional_recipients Sequence[str]
    A list of additional email addresses that will receive these notifications.
    default_recipients bool
    (Boolean) Should the default recipients receive these notifications.
    notification_level str
    (String) What level of notifications should be sent. Either All or Critical.
    additionalRecipients List<String>
    A list of additional email addresses that will receive these notifications.
    defaultRecipients Boolean
    (Boolean) Should the default recipients receive these notifications.
    notificationLevel String
    (String) What level of notifications should be sent. Either All or Critical.

    Package Details

    Repository
    Azure Classic pulumi/pulumi-azure
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azurerm Terraform Provider.
    azure logo

    We recommend using Azure Native.

    Azure v6.10.0 published on Tuesday, Nov 19, 2024 by Pulumi