azuread.AccessPackageAssignmentPolicy
Explore with Pulumi AI
Manages an assignment policy for an access package within Identity Governance in Azure Active Directory.
API Permissions
The following API permissions are required in order to use this resource.
When authenticated with a service principal, this resource requires the following application role: EntitlementManagement.ReadWrite.All
.
When authenticated with a user principal, this resource requires Global Administrator
directory role, or one of the Catalog Owner
and Access Package Manager
role in Identity Governance.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
const example = new azuread.Group("example", {
displayName: "group-name",
securityEnabled: true,
});
const exampleAccessPackageCatalog = new azuread.AccessPackageCatalog("example", {
displayName: "example-catalog",
description: "Example catalog",
});
const exampleAccessPackage = new azuread.AccessPackage("example", {
catalogId: exampleAccessPackageCatalog.id,
displayName: "access-package",
description: "Access Package",
});
const exampleAccessPackageAssignmentPolicy = new azuread.AccessPackageAssignmentPolicy("example", {
accessPackageId: exampleAccessPackage.id,
displayName: "assignment-policy",
description: "My assignment policy",
durationInDays: 90,
requestorSettings: {
scopeType: "AllExistingDirectoryMemberUsers",
},
approvalSettings: {
approvalRequired: true,
approvalStages: [{
approvalTimeoutInDays: 14,
primaryApprovers: [{
objectId: example.objectId,
subjectType: "groupMembers",
}],
}],
},
assignmentReviewSettings: {
enabled: true,
reviewFrequency: "weekly",
durationInDays: 3,
reviewType: "Self",
accessReviewTimeoutBehavior: "keepAccess",
},
questions: [{
text: {
defaultText: "hello, how are you?",
},
}],
});
import pulumi
import pulumi_azuread as azuread
example = azuread.Group("example",
display_name="group-name",
security_enabled=True)
example_access_package_catalog = azuread.AccessPackageCatalog("example",
display_name="example-catalog",
description="Example catalog")
example_access_package = azuread.AccessPackage("example",
catalog_id=example_access_package_catalog.id,
display_name="access-package",
description="Access Package")
example_access_package_assignment_policy = azuread.AccessPackageAssignmentPolicy("example",
access_package_id=example_access_package.id,
display_name="assignment-policy",
description="My assignment policy",
duration_in_days=90,
requestor_settings={
"scope_type": "AllExistingDirectoryMemberUsers",
},
approval_settings={
"approval_required": True,
"approval_stages": [{
"approval_timeout_in_days": 14,
"primary_approvers": [{
"object_id": example.object_id,
"subject_type": "groupMembers",
}],
}],
},
assignment_review_settings={
"enabled": True,
"review_frequency": "weekly",
"duration_in_days": 3,
"review_type": "Self",
"access_review_timeout_behavior": "keepAccess",
},
questions=[{
"text": {
"default_text": "hello, how are you?",
},
}])
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := azuread.NewGroup(ctx, "example", &azuread.GroupArgs{
DisplayName: pulumi.String("group-name"),
SecurityEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
exampleAccessPackageCatalog, err := azuread.NewAccessPackageCatalog(ctx, "example", &azuread.AccessPackageCatalogArgs{
DisplayName: pulumi.String("example-catalog"),
Description: pulumi.String("Example catalog"),
})
if err != nil {
return err
}
exampleAccessPackage, err := azuread.NewAccessPackage(ctx, "example", &azuread.AccessPackageArgs{
CatalogId: exampleAccessPackageCatalog.ID(),
DisplayName: pulumi.String("access-package"),
Description: pulumi.String("Access Package"),
})
if err != nil {
return err
}
_, err = azuread.NewAccessPackageAssignmentPolicy(ctx, "example", &azuread.AccessPackageAssignmentPolicyArgs{
AccessPackageId: exampleAccessPackage.ID(),
DisplayName: pulumi.String("assignment-policy"),
Description: pulumi.String("My assignment policy"),
DurationInDays: pulumi.Int(90),
RequestorSettings: &azuread.AccessPackageAssignmentPolicyRequestorSettingsArgs{
ScopeType: pulumi.String("AllExistingDirectoryMemberUsers"),
},
ApprovalSettings: &azuread.AccessPackageAssignmentPolicyApprovalSettingsArgs{
ApprovalRequired: pulumi.Bool(true),
ApprovalStages: azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArray{
&azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs{
ApprovalTimeoutInDays: pulumi.Int(14),
PrimaryApprovers: azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArray{
&azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs{
ObjectId: example.ObjectId,
SubjectType: pulumi.String("groupMembers"),
},
},
},
},
},
AssignmentReviewSettings: &azuread.AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs{
Enabled: pulumi.Bool(true),
ReviewFrequency: pulumi.String("weekly"),
DurationInDays: pulumi.Int(3),
ReviewType: pulumi.String("Self"),
AccessReviewTimeoutBehavior: pulumi.String("keepAccess"),
},
Questions: azuread.AccessPackageAssignmentPolicyQuestionArray{
&azuread.AccessPackageAssignmentPolicyQuestionArgs{
Text: &azuread.AccessPackageAssignmentPolicyQuestionTextArgs{
DefaultText: pulumi.String("hello, how are you?"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var example = new AzureAD.Group("example", new()
{
DisplayName = "group-name",
SecurityEnabled = true,
});
var exampleAccessPackageCatalog = new AzureAD.AccessPackageCatalog("example", new()
{
DisplayName = "example-catalog",
Description = "Example catalog",
});
var exampleAccessPackage = new AzureAD.AccessPackage("example", new()
{
CatalogId = exampleAccessPackageCatalog.Id,
DisplayName = "access-package",
Description = "Access Package",
});
var exampleAccessPackageAssignmentPolicy = new AzureAD.AccessPackageAssignmentPolicy("example", new()
{
AccessPackageId = exampleAccessPackage.Id,
DisplayName = "assignment-policy",
Description = "My assignment policy",
DurationInDays = 90,
RequestorSettings = new AzureAD.Inputs.AccessPackageAssignmentPolicyRequestorSettingsArgs
{
ScopeType = "AllExistingDirectoryMemberUsers",
},
ApprovalSettings = new AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsArgs
{
ApprovalRequired = true,
ApprovalStages = new[]
{
new AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs
{
ApprovalTimeoutInDays = 14,
PrimaryApprovers = new[]
{
new AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs
{
ObjectId = example.ObjectId,
SubjectType = "groupMembers",
},
},
},
},
},
AssignmentReviewSettings = new AzureAD.Inputs.AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs
{
Enabled = true,
ReviewFrequency = "weekly",
DurationInDays = 3,
ReviewType = "Self",
AccessReviewTimeoutBehavior = "keepAccess",
},
Questions = new[]
{
new AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionArgs
{
Text = new AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionTextArgs
{
DefaultText = "hello, how are you?",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.Group;
import com.pulumi.azuread.GroupArgs;
import com.pulumi.azuread.AccessPackageCatalog;
import com.pulumi.azuread.AccessPackageCatalogArgs;
import com.pulumi.azuread.AccessPackage;
import com.pulumi.azuread.AccessPackageArgs;
import com.pulumi.azuread.AccessPackageAssignmentPolicy;
import com.pulumi.azuread.AccessPackageAssignmentPolicyArgs;
import com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyRequestorSettingsArgs;
import com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyApprovalSettingsArgs;
import com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs;
import com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyQuestionArgs;
import com.pulumi.azuread.inputs.AccessPackageAssignmentPolicyQuestionTextArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Group("example", GroupArgs.builder()
.displayName("group-name")
.securityEnabled(true)
.build());
var exampleAccessPackageCatalog = new AccessPackageCatalog("exampleAccessPackageCatalog", AccessPackageCatalogArgs.builder()
.displayName("example-catalog")
.description("Example catalog")
.build());
var exampleAccessPackage = new AccessPackage("exampleAccessPackage", AccessPackageArgs.builder()
.catalogId(exampleAccessPackageCatalog.id())
.displayName("access-package")
.description("Access Package")
.build());
var exampleAccessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy("exampleAccessPackageAssignmentPolicy", AccessPackageAssignmentPolicyArgs.builder()
.accessPackageId(exampleAccessPackage.id())
.displayName("assignment-policy")
.description("My assignment policy")
.durationInDays(90)
.requestorSettings(AccessPackageAssignmentPolicyRequestorSettingsArgs.builder()
.scopeType("AllExistingDirectoryMemberUsers")
.build())
.approvalSettings(AccessPackageAssignmentPolicyApprovalSettingsArgs.builder()
.approvalRequired(true)
.approvalStages(AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs.builder()
.approvalTimeoutInDays(14)
.primaryApprovers(AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs.builder()
.objectId(example.objectId())
.subjectType("groupMembers")
.build())
.build())
.build())
.assignmentReviewSettings(AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs.builder()
.enabled(true)
.reviewFrequency("weekly")
.durationInDays(3)
.reviewType("Self")
.accessReviewTimeoutBehavior("keepAccess")
.build())
.questions(AccessPackageAssignmentPolicyQuestionArgs.builder()
.text(AccessPackageAssignmentPolicyQuestionTextArgs.builder()
.defaultText("hello, how are you?")
.build())
.build())
.build());
}
}
resources:
example:
type: azuread:Group
properties:
displayName: group-name
securityEnabled: true
exampleAccessPackageCatalog:
type: azuread:AccessPackageCatalog
name: example
properties:
displayName: example-catalog
description: Example catalog
exampleAccessPackage:
type: azuread:AccessPackage
name: example
properties:
catalogId: ${exampleAccessPackageCatalog.id}
displayName: access-package
description: Access Package
exampleAccessPackageAssignmentPolicy:
type: azuread:AccessPackageAssignmentPolicy
name: example
properties:
accessPackageId: ${exampleAccessPackage.id}
displayName: assignment-policy
description: My assignment policy
durationInDays: 90
requestorSettings:
scopeType: AllExistingDirectoryMemberUsers
approvalSettings:
approvalRequired: true
approvalStages:
- approvalTimeoutInDays: 14
primaryApprovers:
- objectId: ${example.objectId}
subjectType: groupMembers
assignmentReviewSettings:
enabled: true
reviewFrequency: weekly
durationInDays: 3
reviewType: Self
accessReviewTimeoutBehavior: keepAccess
questions:
- text:
defaultText: hello, how are you?
Create AccessPackageAssignmentPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AccessPackageAssignmentPolicy(name: string, args: AccessPackageAssignmentPolicyArgs, opts?: CustomResourceOptions);
@overload
def AccessPackageAssignmentPolicy(resource_name: str,
args: AccessPackageAssignmentPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AccessPackageAssignmentPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
access_package_id: Optional[str] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
approval_settings: Optional[AccessPackageAssignmentPolicyApprovalSettingsArgs] = None,
assignment_review_settings: Optional[AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs] = None,
duration_in_days: Optional[int] = None,
expiration_date: Optional[str] = None,
extension_enabled: Optional[bool] = None,
questions: Optional[Sequence[AccessPackageAssignmentPolicyQuestionArgs]] = None,
requestor_settings: Optional[AccessPackageAssignmentPolicyRequestorSettingsArgs] = None)
func NewAccessPackageAssignmentPolicy(ctx *Context, name string, args AccessPackageAssignmentPolicyArgs, opts ...ResourceOption) (*AccessPackageAssignmentPolicy, error)
public AccessPackageAssignmentPolicy(string name, AccessPackageAssignmentPolicyArgs args, CustomResourceOptions? opts = null)
public AccessPackageAssignmentPolicy(String name, AccessPackageAssignmentPolicyArgs args)
public AccessPackageAssignmentPolicy(String name, AccessPackageAssignmentPolicyArgs args, CustomResourceOptions options)
type: azuread:AccessPackageAssignmentPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AccessPackageAssignmentPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AccessPackageAssignmentPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccessPackageAssignmentPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessPackageAssignmentPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AccessPackageAssignmentPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var accessPackageAssignmentPolicyResource = new AzureAD.AccessPackageAssignmentPolicy("accessPackageAssignmentPolicyResource", new()
{
AccessPackageId = "string",
Description = "string",
DisplayName = "string",
ApprovalSettings = new AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsArgs
{
ApprovalRequired = false,
ApprovalRequiredForExtension = false,
ApprovalStages = new[]
{
new AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs
{
ApprovalTimeoutInDays = 0,
AlternativeApprovalEnabled = false,
AlternativeApprovers = new[]
{
new AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApproverArgs
{
SubjectType = "string",
Backup = false,
ObjectId = "string",
},
},
ApproverJustificationRequired = false,
EnableAlternativeApprovalInDays = 0,
PrimaryApprovers = new[]
{
new AzureAD.Inputs.AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs
{
SubjectType = "string",
Backup = false,
ObjectId = "string",
},
},
},
},
RequestorJustificationRequired = false,
},
AssignmentReviewSettings = new AzureAD.Inputs.AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs
{
AccessRecommendationEnabled = false,
AccessReviewTimeoutBehavior = "string",
ApproverJustificationRequired = false,
DurationInDays = 0,
Enabled = false,
ReviewFrequency = "string",
ReviewType = "string",
Reviewers = new[]
{
new AzureAD.Inputs.AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewerArgs
{
SubjectType = "string",
Backup = false,
ObjectId = "string",
},
},
StartingOn = "string",
},
DurationInDays = 0,
ExpirationDate = "string",
ExtensionEnabled = false,
Questions = new[]
{
new AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionArgs
{
Text = new AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionTextArgs
{
DefaultText = "string",
LocalizedTexts = new[]
{
new AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionTextLocalizedTextArgs
{
Content = "string",
LanguageCode = "string",
},
},
},
Choices = new[]
{
new AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionChoiceArgs
{
ActualValue = "string",
DisplayValue = new AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionChoiceDisplayValueArgs
{
DefaultText = "string",
LocalizedTexts = new[]
{
new AzureAD.Inputs.AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedTextArgs
{
Content = "string",
LanguageCode = "string",
},
},
},
},
},
Required = false,
Sequence = 0,
},
},
RequestorSettings = new AzureAD.Inputs.AccessPackageAssignmentPolicyRequestorSettingsArgs
{
Requestors = new[]
{
new AzureAD.Inputs.AccessPackageAssignmentPolicyRequestorSettingsRequestorArgs
{
SubjectType = "string",
Backup = false,
ObjectId = "string",
},
},
RequestsAccepted = false,
ScopeType = "string",
},
});
example, err := azuread.NewAccessPackageAssignmentPolicy(ctx, "accessPackageAssignmentPolicyResource", &azuread.AccessPackageAssignmentPolicyArgs{
AccessPackageId: pulumi.String("string"),
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
ApprovalSettings: &azuread.AccessPackageAssignmentPolicyApprovalSettingsArgs{
ApprovalRequired: pulumi.Bool(false),
ApprovalRequiredForExtension: pulumi.Bool(false),
ApprovalStages: azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArray{
&azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs{
ApprovalTimeoutInDays: pulumi.Int(0),
AlternativeApprovalEnabled: pulumi.Bool(false),
AlternativeApprovers: azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApproverArray{
&azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApproverArgs{
SubjectType: pulumi.String("string"),
Backup: pulumi.Bool(false),
ObjectId: pulumi.String("string"),
},
},
ApproverJustificationRequired: pulumi.Bool(false),
EnableAlternativeApprovalInDays: pulumi.Int(0),
PrimaryApprovers: azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArray{
&azuread.AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs{
SubjectType: pulumi.String("string"),
Backup: pulumi.Bool(false),
ObjectId: pulumi.String("string"),
},
},
},
},
RequestorJustificationRequired: pulumi.Bool(false),
},
AssignmentReviewSettings: &azuread.AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs{
AccessRecommendationEnabled: pulumi.Bool(false),
AccessReviewTimeoutBehavior: pulumi.String("string"),
ApproverJustificationRequired: pulumi.Bool(false),
DurationInDays: pulumi.Int(0),
Enabled: pulumi.Bool(false),
ReviewFrequency: pulumi.String("string"),
ReviewType: pulumi.String("string"),
Reviewers: azuread.AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewerArray{
&azuread.AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewerArgs{
SubjectType: pulumi.String("string"),
Backup: pulumi.Bool(false),
ObjectId: pulumi.String("string"),
},
},
StartingOn: pulumi.String("string"),
},
DurationInDays: pulumi.Int(0),
ExpirationDate: pulumi.String("string"),
ExtensionEnabled: pulumi.Bool(false),
Questions: azuread.AccessPackageAssignmentPolicyQuestionArray{
&azuread.AccessPackageAssignmentPolicyQuestionArgs{
Text: &azuread.AccessPackageAssignmentPolicyQuestionTextArgs{
DefaultText: pulumi.String("string"),
LocalizedTexts: azuread.AccessPackageAssignmentPolicyQuestionTextLocalizedTextArray{
&azuread.AccessPackageAssignmentPolicyQuestionTextLocalizedTextArgs{
Content: pulumi.String("string"),
LanguageCode: pulumi.String("string"),
},
},
},
Choices: azuread.AccessPackageAssignmentPolicyQuestionChoiceArray{
&azuread.AccessPackageAssignmentPolicyQuestionChoiceArgs{
ActualValue: pulumi.String("string"),
DisplayValue: &azuread.AccessPackageAssignmentPolicyQuestionChoiceDisplayValueArgs{
DefaultText: pulumi.String("string"),
LocalizedTexts: azuread.AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedTextArray{
&azuread.AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedTextArgs{
Content: pulumi.String("string"),
LanguageCode: pulumi.String("string"),
},
},
},
},
},
Required: pulumi.Bool(false),
Sequence: pulumi.Int(0),
},
},
RequestorSettings: &azuread.AccessPackageAssignmentPolicyRequestorSettingsArgs{
Requestors: azuread.AccessPackageAssignmentPolicyRequestorSettingsRequestorArray{
&azuread.AccessPackageAssignmentPolicyRequestorSettingsRequestorArgs{
SubjectType: pulumi.String("string"),
Backup: pulumi.Bool(false),
ObjectId: pulumi.String("string"),
},
},
RequestsAccepted: pulumi.Bool(false),
ScopeType: pulumi.String("string"),
},
})
var accessPackageAssignmentPolicyResource = new AccessPackageAssignmentPolicy("accessPackageAssignmentPolicyResource", AccessPackageAssignmentPolicyArgs.builder()
.accessPackageId("string")
.description("string")
.displayName("string")
.approvalSettings(AccessPackageAssignmentPolicyApprovalSettingsArgs.builder()
.approvalRequired(false)
.approvalRequiredForExtension(false)
.approvalStages(AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs.builder()
.approvalTimeoutInDays(0)
.alternativeApprovalEnabled(false)
.alternativeApprovers(AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApproverArgs.builder()
.subjectType("string")
.backup(false)
.objectId("string")
.build())
.approverJustificationRequired(false)
.enableAlternativeApprovalInDays(0)
.primaryApprovers(AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs.builder()
.subjectType("string")
.backup(false)
.objectId("string")
.build())
.build())
.requestorJustificationRequired(false)
.build())
.assignmentReviewSettings(AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs.builder()
.accessRecommendationEnabled(false)
.accessReviewTimeoutBehavior("string")
.approverJustificationRequired(false)
.durationInDays(0)
.enabled(false)
.reviewFrequency("string")
.reviewType("string")
.reviewers(AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewerArgs.builder()
.subjectType("string")
.backup(false)
.objectId("string")
.build())
.startingOn("string")
.build())
.durationInDays(0)
.expirationDate("string")
.extensionEnabled(false)
.questions(AccessPackageAssignmentPolicyQuestionArgs.builder()
.text(AccessPackageAssignmentPolicyQuestionTextArgs.builder()
.defaultText("string")
.localizedTexts(AccessPackageAssignmentPolicyQuestionTextLocalizedTextArgs.builder()
.content("string")
.languageCode("string")
.build())
.build())
.choices(AccessPackageAssignmentPolicyQuestionChoiceArgs.builder()
.actualValue("string")
.displayValue(AccessPackageAssignmentPolicyQuestionChoiceDisplayValueArgs.builder()
.defaultText("string")
.localizedTexts(AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedTextArgs.builder()
.content("string")
.languageCode("string")
.build())
.build())
.build())
.required(false)
.sequence(0)
.build())
.requestorSettings(AccessPackageAssignmentPolicyRequestorSettingsArgs.builder()
.requestors(AccessPackageAssignmentPolicyRequestorSettingsRequestorArgs.builder()
.subjectType("string")
.backup(false)
.objectId("string")
.build())
.requestsAccepted(false)
.scopeType("string")
.build())
.build());
access_package_assignment_policy_resource = azuread.AccessPackageAssignmentPolicy("accessPackageAssignmentPolicyResource",
access_package_id="string",
description="string",
display_name="string",
approval_settings={
"approval_required": False,
"approval_required_for_extension": False,
"approval_stages": [{
"approval_timeout_in_days": 0,
"alternative_approval_enabled": False,
"alternative_approvers": [{
"subject_type": "string",
"backup": False,
"object_id": "string",
}],
"approver_justification_required": False,
"enable_alternative_approval_in_days": 0,
"primary_approvers": [{
"subject_type": "string",
"backup": False,
"object_id": "string",
}],
}],
"requestor_justification_required": False,
},
assignment_review_settings={
"access_recommendation_enabled": False,
"access_review_timeout_behavior": "string",
"approver_justification_required": False,
"duration_in_days": 0,
"enabled": False,
"review_frequency": "string",
"review_type": "string",
"reviewers": [{
"subject_type": "string",
"backup": False,
"object_id": "string",
}],
"starting_on": "string",
},
duration_in_days=0,
expiration_date="string",
extension_enabled=False,
questions=[{
"text": {
"default_text": "string",
"localized_texts": [{
"content": "string",
"language_code": "string",
}],
},
"choices": [{
"actual_value": "string",
"display_value": {
"default_text": "string",
"localized_texts": [{
"content": "string",
"language_code": "string",
}],
},
}],
"required": False,
"sequence": 0,
}],
requestor_settings={
"requestors": [{
"subject_type": "string",
"backup": False,
"object_id": "string",
}],
"requests_accepted": False,
"scope_type": "string",
})
const accessPackageAssignmentPolicyResource = new azuread.AccessPackageAssignmentPolicy("accessPackageAssignmentPolicyResource", {
accessPackageId: "string",
description: "string",
displayName: "string",
approvalSettings: {
approvalRequired: false,
approvalRequiredForExtension: false,
approvalStages: [{
approvalTimeoutInDays: 0,
alternativeApprovalEnabled: false,
alternativeApprovers: [{
subjectType: "string",
backup: false,
objectId: "string",
}],
approverJustificationRequired: false,
enableAlternativeApprovalInDays: 0,
primaryApprovers: [{
subjectType: "string",
backup: false,
objectId: "string",
}],
}],
requestorJustificationRequired: false,
},
assignmentReviewSettings: {
accessRecommendationEnabled: false,
accessReviewTimeoutBehavior: "string",
approverJustificationRequired: false,
durationInDays: 0,
enabled: false,
reviewFrequency: "string",
reviewType: "string",
reviewers: [{
subjectType: "string",
backup: false,
objectId: "string",
}],
startingOn: "string",
},
durationInDays: 0,
expirationDate: "string",
extensionEnabled: false,
questions: [{
text: {
defaultText: "string",
localizedTexts: [{
content: "string",
languageCode: "string",
}],
},
choices: [{
actualValue: "string",
displayValue: {
defaultText: "string",
localizedTexts: [{
content: "string",
languageCode: "string",
}],
},
}],
required: false,
sequence: 0,
}],
requestorSettings: {
requestors: [{
subjectType: "string",
backup: false,
objectId: "string",
}],
requestsAccepted: false,
scopeType: "string",
},
});
type: azuread:AccessPackageAssignmentPolicy
properties:
accessPackageId: string
approvalSettings:
approvalRequired: false
approvalRequiredForExtension: false
approvalStages:
- alternativeApprovalEnabled: false
alternativeApprovers:
- backup: false
objectId: string
subjectType: string
approvalTimeoutInDays: 0
approverJustificationRequired: false
enableAlternativeApprovalInDays: 0
primaryApprovers:
- backup: false
objectId: string
subjectType: string
requestorJustificationRequired: false
assignmentReviewSettings:
accessRecommendationEnabled: false
accessReviewTimeoutBehavior: string
approverJustificationRequired: false
durationInDays: 0
enabled: false
reviewFrequency: string
reviewType: string
reviewers:
- backup: false
objectId: string
subjectType: string
startingOn: string
description: string
displayName: string
durationInDays: 0
expirationDate: string
extensionEnabled: false
questions:
- choices:
- actualValue: string
displayValue:
defaultText: string
localizedTexts:
- content: string
languageCode: string
required: false
sequence: 0
text:
defaultText: string
localizedTexts:
- content: string
languageCode: string
requestorSettings:
requestors:
- backup: false
objectId: string
subjectType: string
requestsAccepted: false
scopeType: string
AccessPackageAssignmentPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AccessPackageAssignmentPolicy resource accepts the following input properties:
- Access
Package stringId - The ID of the access package that will contain the policy.
- Description string
- The description of the policy.
- Display
Name string - The display name of the policy.
- Approval
Settings Pulumi.Azure AD. Inputs. Access Package Assignment Policy Approval Settings - An
approval_settings
block to specify whether approvals are required and how they are obtained, as documented below. - Assignment
Review Pulumi.Settings Azure AD. Inputs. Access Package Assignment Policy Assignment Review Settings - An
assignment_review_settings
block, to specify whether assignment review is needed and how it is conducted, as documented below. - Duration
In intDays - How many days this assignment is valid for.
- Expiration
Date string - The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
- Extension
Enabled bool - Whether users will be able to request extension of their access to this package before their access expires.
- Questions
List<Pulumi.
Azure AD. Inputs. Access Package Assignment Policy Question> - One or more
question
blocks for the requestor, as documented below. - Requestor
Settings Pulumi.Azure AD. Inputs. Access Package Assignment Policy Requestor Settings - A
requestor_settings
block to configure the users who can request access, as documented below.
- Access
Package stringId - The ID of the access package that will contain the policy.
- Description string
- The description of the policy.
- Display
Name string - The display name of the policy.
- Approval
Settings AccessPackage Assignment Policy Approval Settings Args - An
approval_settings
block to specify whether approvals are required and how they are obtained, as documented below. - Assignment
Review AccessSettings Package Assignment Policy Assignment Review Settings Args - An
assignment_review_settings
block, to specify whether assignment review is needed and how it is conducted, as documented below. - Duration
In intDays - How many days this assignment is valid for.
- Expiration
Date string - The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
- Extension
Enabled bool - Whether users will be able to request extension of their access to this package before their access expires.
- Questions
[]Access
Package Assignment Policy Question Args - One or more
question
blocks for the requestor, as documented below. - Requestor
Settings AccessPackage Assignment Policy Requestor Settings Args - A
requestor_settings
block to configure the users who can request access, as documented below.
- access
Package StringId - The ID of the access package that will contain the policy.
- description String
- The description of the policy.
- display
Name String - The display name of the policy.
- approval
Settings AccessPackage Assignment Policy Approval Settings - An
approval_settings
block to specify whether approvals are required and how they are obtained, as documented below. - assignment
Review AccessSettings Package Assignment Policy Assignment Review Settings - An
assignment_review_settings
block, to specify whether assignment review is needed and how it is conducted, as documented below. - duration
In IntegerDays - How many days this assignment is valid for.
- expiration
Date String - The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
- extension
Enabled Boolean - Whether users will be able to request extension of their access to this package before their access expires.
- questions
List<Access
Package Assignment Policy Question> - One or more
question
blocks for the requestor, as documented below. - requestor
Settings AccessPackage Assignment Policy Requestor Settings - A
requestor_settings
block to configure the users who can request access, as documented below.
- access
Package stringId - The ID of the access package that will contain the policy.
- description string
- The description of the policy.
- display
Name string - The display name of the policy.
- approval
Settings AccessPackage Assignment Policy Approval Settings - An
approval_settings
block to specify whether approvals are required and how they are obtained, as documented below. - assignment
Review AccessSettings Package Assignment Policy Assignment Review Settings - An
assignment_review_settings
block, to specify whether assignment review is needed and how it is conducted, as documented below. - duration
In numberDays - How many days this assignment is valid for.
- expiration
Date string - The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
- extension
Enabled boolean - Whether users will be able to request extension of their access to this package before their access expires.
- questions
Access
Package Assignment Policy Question[] - One or more
question
blocks for the requestor, as documented below. - requestor
Settings AccessPackage Assignment Policy Requestor Settings - A
requestor_settings
block to configure the users who can request access, as documented below.
- access_
package_ strid - The ID of the access package that will contain the policy.
- description str
- The description of the policy.
- display_
name str - The display name of the policy.
- approval_
settings AccessPackage Assignment Policy Approval Settings Args - An
approval_settings
block to specify whether approvals are required and how they are obtained, as documented below. - assignment_
review_ Accesssettings Package Assignment Policy Assignment Review Settings Args - An
assignment_review_settings
block, to specify whether assignment review is needed and how it is conducted, as documented below. - duration_
in_ intdays - How many days this assignment is valid for.
- expiration_
date str - The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
- extension_
enabled bool - Whether users will be able to request extension of their access to this package before their access expires.
- questions
Sequence[Access
Package Assignment Policy Question Args] - One or more
question
blocks for the requestor, as documented below. - requestor_
settings AccessPackage Assignment Policy Requestor Settings Args - A
requestor_settings
block to configure the users who can request access, as documented below.
- access
Package StringId - The ID of the access package that will contain the policy.
- description String
- The description of the policy.
- display
Name String - The display name of the policy.
- approval
Settings Property Map - An
approval_settings
block to specify whether approvals are required and how they are obtained, as documented below. - assignment
Review Property MapSettings - An
assignment_review_settings
block, to specify whether assignment review is needed and how it is conducted, as documented below. - duration
In NumberDays - How many days this assignment is valid for.
- expiration
Date String - The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
- extension
Enabled Boolean - Whether users will be able to request extension of their access to this package before their access expires.
- questions List<Property Map>
- One or more
question
blocks for the requestor, as documented below. - requestor
Settings Property Map - A
requestor_settings
block to configure the users who can request access, as documented below.
Outputs
All input properties are implicitly available as output properties. Additionally, the AccessPackageAssignmentPolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing AccessPackageAssignmentPolicy Resource
Get an existing AccessPackageAssignmentPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AccessPackageAssignmentPolicyState, opts?: CustomResourceOptions): AccessPackageAssignmentPolicy
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_package_id: Optional[str] = None,
approval_settings: Optional[AccessPackageAssignmentPolicyApprovalSettingsArgs] = None,
assignment_review_settings: Optional[AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
duration_in_days: Optional[int] = None,
expiration_date: Optional[str] = None,
extension_enabled: Optional[bool] = None,
questions: Optional[Sequence[AccessPackageAssignmentPolicyQuestionArgs]] = None,
requestor_settings: Optional[AccessPackageAssignmentPolicyRequestorSettingsArgs] = None) -> AccessPackageAssignmentPolicy
func GetAccessPackageAssignmentPolicy(ctx *Context, name string, id IDInput, state *AccessPackageAssignmentPolicyState, opts ...ResourceOption) (*AccessPackageAssignmentPolicy, error)
public static AccessPackageAssignmentPolicy Get(string name, Input<string> id, AccessPackageAssignmentPolicyState? state, CustomResourceOptions? opts = null)
public static AccessPackageAssignmentPolicy get(String name, Output<String> id, AccessPackageAssignmentPolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Package stringId - The ID of the access package that will contain the policy.
- Approval
Settings Pulumi.Azure AD. Inputs. Access Package Assignment Policy Approval Settings - An
approval_settings
block to specify whether approvals are required and how they are obtained, as documented below. - Assignment
Review Pulumi.Settings Azure AD. Inputs. Access Package Assignment Policy Assignment Review Settings - An
assignment_review_settings
block, to specify whether assignment review is needed and how it is conducted, as documented below. - Description string
- The description of the policy.
- Display
Name string - The display name of the policy.
- Duration
In intDays - How many days this assignment is valid for.
- Expiration
Date string - The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
- Extension
Enabled bool - Whether users will be able to request extension of their access to this package before their access expires.
- Questions
List<Pulumi.
Azure AD. Inputs. Access Package Assignment Policy Question> - One or more
question
blocks for the requestor, as documented below. - Requestor
Settings Pulumi.Azure AD. Inputs. Access Package Assignment Policy Requestor Settings - A
requestor_settings
block to configure the users who can request access, as documented below.
- Access
Package stringId - The ID of the access package that will contain the policy.
- Approval
Settings AccessPackage Assignment Policy Approval Settings Args - An
approval_settings
block to specify whether approvals are required and how they are obtained, as documented below. - Assignment
Review AccessSettings Package Assignment Policy Assignment Review Settings Args - An
assignment_review_settings
block, to specify whether assignment review is needed and how it is conducted, as documented below. - Description string
- The description of the policy.
- Display
Name string - The display name of the policy.
- Duration
In intDays - How many days this assignment is valid for.
- Expiration
Date string - The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
- Extension
Enabled bool - Whether users will be able to request extension of their access to this package before their access expires.
- Questions
[]Access
Package Assignment Policy Question Args - One or more
question
blocks for the requestor, as documented below. - Requestor
Settings AccessPackage Assignment Policy Requestor Settings Args - A
requestor_settings
block to configure the users who can request access, as documented below.
- access
Package StringId - The ID of the access package that will contain the policy.
- approval
Settings AccessPackage Assignment Policy Approval Settings - An
approval_settings
block to specify whether approvals are required and how they are obtained, as documented below. - assignment
Review AccessSettings Package Assignment Policy Assignment Review Settings - An
assignment_review_settings
block, to specify whether assignment review is needed and how it is conducted, as documented below. - description String
- The description of the policy.
- display
Name String - The display name of the policy.
- duration
In IntegerDays - How many days this assignment is valid for.
- expiration
Date String - The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
- extension
Enabled Boolean - Whether users will be able to request extension of their access to this package before their access expires.
- questions
List<Access
Package Assignment Policy Question> - One or more
question
blocks for the requestor, as documented below. - requestor
Settings AccessPackage Assignment Policy Requestor Settings - A
requestor_settings
block to configure the users who can request access, as documented below.
- access
Package stringId - The ID of the access package that will contain the policy.
- approval
Settings AccessPackage Assignment Policy Approval Settings - An
approval_settings
block to specify whether approvals are required and how they are obtained, as documented below. - assignment
Review AccessSettings Package Assignment Policy Assignment Review Settings - An
assignment_review_settings
block, to specify whether assignment review is needed and how it is conducted, as documented below. - description string
- The description of the policy.
- display
Name string - The display name of the policy.
- duration
In numberDays - How many days this assignment is valid for.
- expiration
Date string - The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
- extension
Enabled boolean - Whether users will be able to request extension of their access to this package before their access expires.
- questions
Access
Package Assignment Policy Question[] - One or more
question
blocks for the requestor, as documented below. - requestor
Settings AccessPackage Assignment Policy Requestor Settings - A
requestor_settings
block to configure the users who can request access, as documented below.
- access_
package_ strid - The ID of the access package that will contain the policy.
- approval_
settings AccessPackage Assignment Policy Approval Settings Args - An
approval_settings
block to specify whether approvals are required and how they are obtained, as documented below. - assignment_
review_ Accesssettings Package Assignment Policy Assignment Review Settings Args - An
assignment_review_settings
block, to specify whether assignment review is needed and how it is conducted, as documented below. - description str
- The description of the policy.
- display_
name str - The display name of the policy.
- duration_
in_ intdays - How many days this assignment is valid for.
- expiration_
date str - The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
- extension_
enabled bool - Whether users will be able to request extension of their access to this package before their access expires.
- questions
Sequence[Access
Package Assignment Policy Question Args] - One or more
question
blocks for the requestor, as documented below. - requestor_
settings AccessPackage Assignment Policy Requestor Settings Args - A
requestor_settings
block to configure the users who can request access, as documented below.
- access
Package StringId - The ID of the access package that will contain the policy.
- approval
Settings Property Map - An
approval_settings
block to specify whether approvals are required and how they are obtained, as documented below. - assignment
Review Property MapSettings - An
assignment_review_settings
block, to specify whether assignment review is needed and how it is conducted, as documented below. - description String
- The description of the policy.
- display
Name String - The display name of the policy.
- duration
In NumberDays - How many days this assignment is valid for.
- expiration
Date String - The date that this assignment expires, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z).
- extension
Enabled Boolean - Whether users will be able to request extension of their access to this package before their access expires.
- questions List<Property Map>
- One or more
question
blocks for the requestor, as documented below. - requestor
Settings Property Map - A
requestor_settings
block to configure the users who can request access, as documented below.
Supporting Types
AccessPackageAssignmentPolicyApprovalSettings, AccessPackageAssignmentPolicyApprovalSettingsArgs
- Approval
Required bool - Whether an approval is required.
- Approval
Required boolFor Extension - Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.
- Approval
Stages List<Pulumi.Azure AD. Inputs. Access Package Assignment Policy Approval Settings Approval Stage> - An
approval_stage
block specifying the process to obtain an approval, as documented below. - Requestor
Justification boolRequired - Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.
- Approval
Required bool - Whether an approval is required.
- Approval
Required boolFor Extension - Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.
- Approval
Stages []AccessPackage Assignment Policy Approval Settings Approval Stage - An
approval_stage
block specifying the process to obtain an approval, as documented below. - Requestor
Justification boolRequired - Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.
- approval
Required Boolean - Whether an approval is required.
- approval
Required BooleanFor Extension - Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.
- approval
Stages List<AccessPackage Assignment Policy Approval Settings Approval Stage> - An
approval_stage
block specifying the process to obtain an approval, as documented below. - requestor
Justification BooleanRequired - Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.
- approval
Required boolean - Whether an approval is required.
- approval
Required booleanFor Extension - Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.
- approval
Stages AccessPackage Assignment Policy Approval Settings Approval Stage[] - An
approval_stage
block specifying the process to obtain an approval, as documented below. - requestor
Justification booleanRequired - Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.
- approval_
required bool - Whether an approval is required.
- approval_
required_ boolfor_ extension - Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.
- approval_
stages Sequence[AccessPackage Assignment Policy Approval Settings Approval Stage] - An
approval_stage
block specifying the process to obtain an approval, as documented below. - requestor_
justification_ boolrequired - Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.
- approval
Required Boolean - Whether an approval is required.
- approval
Required BooleanFor Extension - Whether an approval is required to grant extension. Same approval settings used to approve initial access will apply.
- approval
Stages List<Property Map> - An
approval_stage
block specifying the process to obtain an approval, as documented below. - requestor
Justification BooleanRequired - Whether a requestor is required to provide a justification to request an access package. Justification is visible to approvers and the requestor.
AccessPackageAssignmentPolicyApprovalSettingsApprovalStage, AccessPackageAssignmentPolicyApprovalSettingsApprovalStageArgs
- Approval
Timeout intIn Days - Decision must be made in how many days? If a request is not approved within this time period after it is made, it will be automatically rejected
- Alternative
Approval boolEnabled - If no action taken, forward to alternate approvers?
- Alternative
Approvers List<Pulumi.Azure AD. Inputs. Access Package Assignment Policy Approval Settings Approval Stage Alternative Approver> - If escalation is enabled and the primary approvers do not respond before the escalation time, the escalationApprovers are the users who will be asked to approve requests. This can be a collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, if there are no escalation approvers, or escalation approvers are not required for the stage, the value of this property should be an empty collection
- Approver
Justification boolRequired - Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor
- Enable
Alternative intApproval In Days - Forward to alternate approver(s) after how many days?
- Primary
Approvers List<Pulumi.Azure AD. Inputs. Access Package Assignment Policy Approval Settings Approval Stage Primary Approver> - The users who will be asked to approve requests. A collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, include at least one userSet in this collection
- Approval
Timeout intIn Days - Decision must be made in how many days? If a request is not approved within this time period after it is made, it will be automatically rejected
- Alternative
Approval boolEnabled - If no action taken, forward to alternate approvers?
- Alternative
Approvers []AccessPackage Assignment Policy Approval Settings Approval Stage Alternative Approver - If escalation is enabled and the primary approvers do not respond before the escalation time, the escalationApprovers are the users who will be asked to approve requests. This can be a collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, if there are no escalation approvers, or escalation approvers are not required for the stage, the value of this property should be an empty collection
- Approver
Justification boolRequired - Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor
- Enable
Alternative intApproval In Days - Forward to alternate approver(s) after how many days?
- Primary
Approvers []AccessPackage Assignment Policy Approval Settings Approval Stage Primary Approver - The users who will be asked to approve requests. A collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, include at least one userSet in this collection
- approval
Timeout IntegerIn Days - Decision must be made in how many days? If a request is not approved within this time period after it is made, it will be automatically rejected
- alternative
Approval BooleanEnabled - If no action taken, forward to alternate approvers?
- alternative
Approvers List<AccessPackage Assignment Policy Approval Settings Approval Stage Alternative Approver> - If escalation is enabled and the primary approvers do not respond before the escalation time, the escalationApprovers are the users who will be asked to approve requests. This can be a collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, if there are no escalation approvers, or escalation approvers are not required for the stage, the value of this property should be an empty collection
- approver
Justification BooleanRequired - Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor
- enable
Alternative IntegerApproval In Days - Forward to alternate approver(s) after how many days?
- primary
Approvers List<AccessPackage Assignment Policy Approval Settings Approval Stage Primary Approver> - The users who will be asked to approve requests. A collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, include at least one userSet in this collection
- approval
Timeout numberIn Days - Decision must be made in how many days? If a request is not approved within this time period after it is made, it will be automatically rejected
- alternative
Approval booleanEnabled - If no action taken, forward to alternate approvers?
- alternative
Approvers AccessPackage Assignment Policy Approval Settings Approval Stage Alternative Approver[] - If escalation is enabled and the primary approvers do not respond before the escalation time, the escalationApprovers are the users who will be asked to approve requests. This can be a collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, if there are no escalation approvers, or escalation approvers are not required for the stage, the value of this property should be an empty collection
- approver
Justification booleanRequired - Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor
- enable
Alternative numberApproval In Days - Forward to alternate approver(s) after how many days?
- primary
Approvers AccessPackage Assignment Policy Approval Settings Approval Stage Primary Approver[] - The users who will be asked to approve requests. A collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, include at least one userSet in this collection
- approval_
timeout_ intin_ days - Decision must be made in how many days? If a request is not approved within this time period after it is made, it will be automatically rejected
- alternative_
approval_ boolenabled - If no action taken, forward to alternate approvers?
- alternative_
approvers Sequence[AccessPackage Assignment Policy Approval Settings Approval Stage Alternative Approver] - If escalation is enabled and the primary approvers do not respond before the escalation time, the escalationApprovers are the users who will be asked to approve requests. This can be a collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, if there are no escalation approvers, or escalation approvers are not required for the stage, the value of this property should be an empty collection
- approver_
justification_ boolrequired - Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor
- enable_
alternative_ intapproval_ in_ days - Forward to alternate approver(s) after how many days?
- primary_
approvers Sequence[AccessPackage Assignment Policy Approval Settings Approval Stage Primary Approver] - The users who will be asked to approve requests. A collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, include at least one userSet in this collection
- approval
Timeout NumberIn Days - Decision must be made in how many days? If a request is not approved within this time period after it is made, it will be automatically rejected
- alternative
Approval BooleanEnabled - If no action taken, forward to alternate approvers?
- alternative
Approvers List<Property Map> - If escalation is enabled and the primary approvers do not respond before the escalation time, the escalationApprovers are the users who will be asked to approve requests. This can be a collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, if there are no escalation approvers, or escalation approvers are not required for the stage, the value of this property should be an empty collection
- approver
Justification BooleanRequired - Whether an approver must provide a justification for their decision. Justification is visible to other approvers and the requestor
- enable
Alternative NumberApproval In Days - Forward to alternate approver(s) after how many days?
- primary
Approvers List<Property Map> - The users who will be asked to approve requests. A collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, include at least one userSet in this collection
AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApprover, AccessPackageAssignmentPolicyApprovalSettingsApprovalStageAlternativeApproverArgs
- Subject
Type string - Type of users
- Backup bool
- For a user in an approval stage, this property indicates whether the user is a backup fallback approver
- Object
Id string - The object ID of the subject
- Subject
Type string - Type of users
- Backup bool
- For a user in an approval stage, this property indicates whether the user is a backup fallback approver
- Object
Id string - The object ID of the subject
- subject
Type String - Type of users
- backup Boolean
- For a user in an approval stage, this property indicates whether the user is a backup fallback approver
- object
Id String - The object ID of the subject
- subject
Type string - Type of users
- backup boolean
- For a user in an approval stage, this property indicates whether the user is a backup fallback approver
- object
Id string - The object ID of the subject
- subject_
type str - Type of users
- backup bool
- For a user in an approval stage, this property indicates whether the user is a backup fallback approver
- object_
id str - The object ID of the subject
- subject
Type String - Type of users
- backup Boolean
- For a user in an approval stage, this property indicates whether the user is a backup fallback approver
- object
Id String - The object ID of the subject
AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApprover, AccessPackageAssignmentPolicyApprovalSettingsApprovalStagePrimaryApproverArgs
- Subject
Type string - Type of users
- Backup bool
- For a user in an approval stage, this property indicates whether the user is a backup fallback approver
- Object
Id string - The object ID of the subject
- Subject
Type string - Type of users
- Backup bool
- For a user in an approval stage, this property indicates whether the user is a backup fallback approver
- Object
Id string - The object ID of the subject
- subject
Type String - Type of users
- backup Boolean
- For a user in an approval stage, this property indicates whether the user is a backup fallback approver
- object
Id String - The object ID of the subject
- subject
Type string - Type of users
- backup boolean
- For a user in an approval stage, this property indicates whether the user is a backup fallback approver
- object
Id string - The object ID of the subject
- subject_
type str - Type of users
- backup bool
- For a user in an approval stage, this property indicates whether the user is a backup fallback approver
- object_
id str - The object ID of the subject
- subject
Type String - Type of users
- backup Boolean
- For a user in an approval stage, this property indicates whether the user is a backup fallback approver
- object
Id String - The object ID of the subject
AccessPackageAssignmentPolicyAssignmentReviewSettings, AccessPackageAssignmentPolicyAssignmentReviewSettingsArgs
- Access
Recommendation boolEnabled - Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.
- Access
Review stringTimeout Behavior - Specifies the actions the system takes if reviewers don't respond in time. Valid values are
keepAccess
,removeAccess
, oracceptAccessRecommendation
. - Approver
Justification boolRequired - Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.
- Duration
In intDays - How many days each occurrence of the access review series will run.
- Enabled bool
- Whether to enable assignment review.
- Review
Frequency string - This will determine how often the access review campaign runs, valid values are
weekly
,monthly
,quarterly
,halfyearly
, orannual
. - Review
Type string - Self-review or specific reviewers. Valid values are
Manager
,Reviewers
, orSelf
. - Reviewers
List<Pulumi.
Azure AD. Inputs. Access Package Assignment Policy Assignment Review Settings Reviewer> - One or more
reviewer
blocks to specify the users who will be reviewers (whenreview_type
isReviewers
), as documented below. - Starting
On string - This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date
- Access
Recommendation boolEnabled - Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.
- Access
Review stringTimeout Behavior - Specifies the actions the system takes if reviewers don't respond in time. Valid values are
keepAccess
,removeAccess
, oracceptAccessRecommendation
. - Approver
Justification boolRequired - Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.
- Duration
In intDays - How many days each occurrence of the access review series will run.
- Enabled bool
- Whether to enable assignment review.
- Review
Frequency string - This will determine how often the access review campaign runs, valid values are
weekly
,monthly
,quarterly
,halfyearly
, orannual
. - Review
Type string - Self-review or specific reviewers. Valid values are
Manager
,Reviewers
, orSelf
. - Reviewers
[]Access
Package Assignment Policy Assignment Review Settings Reviewer - One or more
reviewer
blocks to specify the users who will be reviewers (whenreview_type
isReviewers
), as documented below. - Starting
On string - This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date
- access
Recommendation BooleanEnabled - Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.
- access
Review StringTimeout Behavior - Specifies the actions the system takes if reviewers don't respond in time. Valid values are
keepAccess
,removeAccess
, oracceptAccessRecommendation
. - approver
Justification BooleanRequired - Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.
- duration
In IntegerDays - How many days each occurrence of the access review series will run.
- enabled Boolean
- Whether to enable assignment review.
- review
Frequency String - This will determine how often the access review campaign runs, valid values are
weekly
,monthly
,quarterly
,halfyearly
, orannual
. - review
Type String - Self-review or specific reviewers. Valid values are
Manager
,Reviewers
, orSelf
. - reviewers
List<Access
Package Assignment Policy Assignment Review Settings Reviewer> - One or more
reviewer
blocks to specify the users who will be reviewers (whenreview_type
isReviewers
), as documented below. - starting
On String - This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date
- access
Recommendation booleanEnabled - Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.
- access
Review stringTimeout Behavior - Specifies the actions the system takes if reviewers don't respond in time. Valid values are
keepAccess
,removeAccess
, oracceptAccessRecommendation
. - approver
Justification booleanRequired - Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.
- duration
In numberDays - How many days each occurrence of the access review series will run.
- enabled boolean
- Whether to enable assignment review.
- review
Frequency string - This will determine how often the access review campaign runs, valid values are
weekly
,monthly
,quarterly
,halfyearly
, orannual
. - review
Type string - Self-review or specific reviewers. Valid values are
Manager
,Reviewers
, orSelf
. - reviewers
Access
Package Assignment Policy Assignment Review Settings Reviewer[] - One or more
reviewer
blocks to specify the users who will be reviewers (whenreview_type
isReviewers
), as documented below. - starting
On string - This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date
- access_
recommendation_ boolenabled - Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.
- access_
review_ strtimeout_ behavior - Specifies the actions the system takes if reviewers don't respond in time. Valid values are
keepAccess
,removeAccess
, oracceptAccessRecommendation
. - approver_
justification_ boolrequired - Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.
- duration_
in_ intdays - How many days each occurrence of the access review series will run.
- enabled bool
- Whether to enable assignment review.
- review_
frequency str - This will determine how often the access review campaign runs, valid values are
weekly
,monthly
,quarterly
,halfyearly
, orannual
. - review_
type str - Self-review or specific reviewers. Valid values are
Manager
,Reviewers
, orSelf
. - reviewers
Sequence[Access
Package Assignment Policy Assignment Review Settings Reviewer] - One or more
reviewer
blocks to specify the users who will be reviewers (whenreview_type
isReviewers
), as documented below. - starting_
on str - This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date
- access
Recommendation BooleanEnabled - Whether to show the reviewer decision helpers. If enabled, system recommendations based on users' access information will be shown to the reviewers. The reviewer will be recommended to approve the review if the user has signed-in at least once during the last 30 days. The reviewer will be recommended to deny the review if the user has not signed-in during the last 30 days.
- access
Review StringTimeout Behavior - Specifies the actions the system takes if reviewers don't respond in time. Valid values are
keepAccess
,removeAccess
, oracceptAccessRecommendation
. - approver
Justification BooleanRequired - Whether a reviewer needs to provide a justification for their decision. Justification is visible to other reviewers and the requestor.
- duration
In NumberDays - How many days each occurrence of the access review series will run.
- enabled Boolean
- Whether to enable assignment review.
- review
Frequency String - This will determine how often the access review campaign runs, valid values are
weekly
,monthly
,quarterly
,halfyearly
, orannual
. - review
Type String - Self-review or specific reviewers. Valid values are
Manager
,Reviewers
, orSelf
. - reviewers List<Property Map>
- One or more
reviewer
blocks to specify the users who will be reviewers (whenreview_type
isReviewers
), as documented below. - starting
On String - This is the date the access review campaign will start on, formatted as an RFC3339 date string in UTC(e.g. 2018-01-01T01:02:03Z), default is now. Once an access review has been created, you cannot update its start date
AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewer, AccessPackageAssignmentPolicyAssignmentReviewSettingsReviewerArgs
- Subject
Type string - Type of users
- Backup bool
- For a user in an approval stage, this property indicates whether the user is a backup fallback approver
- Object
Id string - The object ID of the subject
- Subject
Type string - Type of users
- Backup bool
- For a user in an approval stage, this property indicates whether the user is a backup fallback approver
- Object
Id string - The object ID of the subject
- subject
Type String - Type of users
- backup Boolean
- For a user in an approval stage, this property indicates whether the user is a backup fallback approver
- object
Id String - The object ID of the subject
- subject
Type string - Type of users
- backup boolean
- For a user in an approval stage, this property indicates whether the user is a backup fallback approver
- object
Id string - The object ID of the subject
- subject_
type str - Type of users
- backup bool
- For a user in an approval stage, this property indicates whether the user is a backup fallback approver
- object_
id str - The object ID of the subject
- subject
Type String - Type of users
- backup Boolean
- For a user in an approval stage, this property indicates whether the user is a backup fallback approver
- object
Id String - The object ID of the subject
AccessPackageAssignmentPolicyQuestion, AccessPackageAssignmentPolicyQuestionArgs
- Text
Pulumi.
Azure AD. Inputs. Access Package Assignment Policy Question Text - A block describing the content of this question, as documented below.
- Choices
List<Pulumi.
Azure AD. Inputs. Access Package Assignment Policy Question Choice> - One or more blocks configuring a choice to the question, as documented below.
- Required bool
- Whether this question is required.
- Sequence int
- The sequence number of this question.
- Text
Access
Package Assignment Policy Question Text - A block describing the content of this question, as documented below.
- Choices
[]Access
Package Assignment Policy Question Choice - One or more blocks configuring a choice to the question, as documented below.
- Required bool
- Whether this question is required.
- Sequence int
- The sequence number of this question.
- text
Access
Package Assignment Policy Question Text - A block describing the content of this question, as documented below.
- choices
List<Access
Package Assignment Policy Question Choice> - One or more blocks configuring a choice to the question, as documented below.
- required Boolean
- Whether this question is required.
- sequence Integer
- The sequence number of this question.
- text
Access
Package Assignment Policy Question Text - A block describing the content of this question, as documented below.
- choices
Access
Package Assignment Policy Question Choice[] - One or more blocks configuring a choice to the question, as documented below.
- required boolean
- Whether this question is required.
- sequence number
- The sequence number of this question.
- text
Access
Package Assignment Policy Question Text - A block describing the content of this question, as documented below.
- choices
Sequence[Access
Package Assignment Policy Question Choice] - One or more blocks configuring a choice to the question, as documented below.
- required bool
- Whether this question is required.
- sequence int
- The sequence number of this question.
- text Property Map
- A block describing the content of this question, as documented below.
- choices List<Property Map>
- One or more blocks configuring a choice to the question, as documented below.
- required Boolean
- Whether this question is required.
- sequence Number
- The sequence number of this question.
AccessPackageAssignmentPolicyQuestionChoice, AccessPackageAssignmentPolicyQuestionChoiceArgs
- Actual
Value string - The actual value of this choice
- Display
Value Pulumi.Azure AD. Inputs. Access Package Assignment Policy Question Choice Display Value - The display text of this choice
- Actual
Value string - The actual value of this choice
- Display
Value AccessPackage Assignment Policy Question Choice Display Value - The display text of this choice
- actual
Value String - The actual value of this choice
- display
Value AccessPackage Assignment Policy Question Choice Display Value - The display text of this choice
- actual
Value string - The actual value of this choice
- display
Value AccessPackage Assignment Policy Question Choice Display Value - The display text of this choice
- actual_
value str - The actual value of this choice
- display_
value AccessPackage Assignment Policy Question Choice Display Value - The display text of this choice
- actual
Value String - The actual value of this choice
- display
Value Property Map - The display text of this choice
AccessPackageAssignmentPolicyQuestionChoiceDisplayValue, AccessPackageAssignmentPolicyQuestionChoiceDisplayValueArgs
- Default
Text string - The default text of this question
- Localized
Texts List<Pulumi.Azure AD. Inputs. Access Package Assignment Policy Question Choice Display Value Localized Text> - The localized text of this question
- Default
Text string - The default text of this question
- Localized
Texts []AccessPackage Assignment Policy Question Choice Display Value Localized Text - The localized text of this question
- default
Text String - The default text of this question
- localized
Texts List<AccessPackage Assignment Policy Question Choice Display Value Localized Text> - The localized text of this question
- default
Text string - The default text of this question
- localized
Texts AccessPackage Assignment Policy Question Choice Display Value Localized Text[] - The localized text of this question
- default_
text str - The default text of this question
- localized_
texts Sequence[AccessPackage Assignment Policy Question Choice Display Value Localized Text] - The localized text of this question
- default
Text String - The default text of this question
- localized
Texts List<Property Map> - The localized text of this question
AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedText, AccessPackageAssignmentPolicyQuestionChoiceDisplayValueLocalizedTextArgs
- Content string
- The localized content of this question
- Language
Code string - The language code of this question content
- Content string
- The localized content of this question
- Language
Code string - The language code of this question content
- content String
- The localized content of this question
- language
Code String - The language code of this question content
- content string
- The localized content of this question
- language
Code string - The language code of this question content
- content str
- The localized content of this question
- language_
code str - The language code of this question content
- content String
- The localized content of this question
- language
Code String - The language code of this question content
AccessPackageAssignmentPolicyQuestionText, AccessPackageAssignmentPolicyQuestionTextArgs
- Default
Text string - The default text of this question
- Localized
Texts List<Pulumi.Azure AD. Inputs. Access Package Assignment Policy Question Text Localized Text> - The localized text of this question
- Default
Text string - The default text of this question
- Localized
Texts []AccessPackage Assignment Policy Question Text Localized Text - The localized text of this question
- default
Text String - The default text of this question
- localized
Texts List<AccessPackage Assignment Policy Question Text Localized Text> - The localized text of this question
- default
Text string - The default text of this question
- localized
Texts AccessPackage Assignment Policy Question Text Localized Text[] - The localized text of this question
- default_
text str - The default text of this question
- localized_
texts Sequence[AccessPackage Assignment Policy Question Text Localized Text] - The localized text of this question
- default
Text String - The default text of this question
- localized
Texts List<Property Map> - The localized text of this question
AccessPackageAssignmentPolicyQuestionTextLocalizedText, AccessPackageAssignmentPolicyQuestionTextLocalizedTextArgs
- Content string
- The localized content of this question
- Language
Code string - The language code of this question content
- Content string
- The localized content of this question
- Language
Code string - The language code of this question content
- content String
- The localized content of this question
- language
Code String - The language code of this question content
- content string
- The localized content of this question
- language
Code string - The language code of this question content
- content str
- The localized content of this question
- language_
code str - The language code of this question content
- content String
- The localized content of this question
- language
Code String - The language code of this question content
AccessPackageAssignmentPolicyRequestorSettings, AccessPackageAssignmentPolicyRequestorSettingsArgs
- Requestors
List<Pulumi.
Azure AD. Inputs. Access Package Assignment Policy Requestor Settings Requestor> - A block specifying the users who are allowed to request on this policy, as documented below.
- Requests
Accepted bool - Whether to accept requests using this policy. When
false
, no new requests can be made using this policy. - Scope
Type string - Specifies the scopes of the requestors. Valid values are
AllConfiguredConnectedOrganizationSubjects
,AllExistingConnectedOrganizationSubjects
,AllExistingDirectoryMemberUsers
,AllExistingDirectorySubjects
,AllExternalSubjects
,NoSubjects
,SpecificConnectedOrganizationSubjects
, orSpecificDirectorySubjects
.
- Requestors
[]Access
Package Assignment Policy Requestor Settings Requestor - A block specifying the users who are allowed to request on this policy, as documented below.
- Requests
Accepted bool - Whether to accept requests using this policy. When
false
, no new requests can be made using this policy. - Scope
Type string - Specifies the scopes of the requestors. Valid values are
AllConfiguredConnectedOrganizationSubjects
,AllExistingConnectedOrganizationSubjects
,AllExistingDirectoryMemberUsers
,AllExistingDirectorySubjects
,AllExternalSubjects
,NoSubjects
,SpecificConnectedOrganizationSubjects
, orSpecificDirectorySubjects
.
- requestors
List<Access
Package Assignment Policy Requestor Settings Requestor> - A block specifying the users who are allowed to request on this policy, as documented below.
- requests
Accepted Boolean - Whether to accept requests using this policy. When
false
, no new requests can be made using this policy. - scope
Type String - Specifies the scopes of the requestors. Valid values are
AllConfiguredConnectedOrganizationSubjects
,AllExistingConnectedOrganizationSubjects
,AllExistingDirectoryMemberUsers
,AllExistingDirectorySubjects
,AllExternalSubjects
,NoSubjects
,SpecificConnectedOrganizationSubjects
, orSpecificDirectorySubjects
.
- requestors
Access
Package Assignment Policy Requestor Settings Requestor[] - A block specifying the users who are allowed to request on this policy, as documented below.
- requests
Accepted boolean - Whether to accept requests using this policy. When
false
, no new requests can be made using this policy. - scope
Type string - Specifies the scopes of the requestors. Valid values are
AllConfiguredConnectedOrganizationSubjects
,AllExistingConnectedOrganizationSubjects
,AllExistingDirectoryMemberUsers
,AllExistingDirectorySubjects
,AllExternalSubjects
,NoSubjects
,SpecificConnectedOrganizationSubjects
, orSpecificDirectorySubjects
.
- requestors
Sequence[Access
Package Assignment Policy Requestor Settings Requestor] - A block specifying the users who are allowed to request on this policy, as documented below.
- requests_
accepted bool - Whether to accept requests using this policy. When
false
, no new requests can be made using this policy. - scope_
type str - Specifies the scopes of the requestors. Valid values are
AllConfiguredConnectedOrganizationSubjects
,AllExistingConnectedOrganizationSubjects
,AllExistingDirectoryMemberUsers
,AllExistingDirectorySubjects
,AllExternalSubjects
,NoSubjects
,SpecificConnectedOrganizationSubjects
, orSpecificDirectorySubjects
.
- requestors List<Property Map>
- A block specifying the users who are allowed to request on this policy, as documented below.
- requests
Accepted Boolean - Whether to accept requests using this policy. When
false
, no new requests can be made using this policy. - scope
Type String - Specifies the scopes of the requestors. Valid values are
AllConfiguredConnectedOrganizationSubjects
,AllExistingConnectedOrganizationSubjects
,AllExistingDirectoryMemberUsers
,AllExistingDirectorySubjects
,AllExternalSubjects
,NoSubjects
,SpecificConnectedOrganizationSubjects
, orSpecificDirectorySubjects
.
AccessPackageAssignmentPolicyRequestorSettingsRequestor, AccessPackageAssignmentPolicyRequestorSettingsRequestorArgs
- Subject
Type string - Type of users
- Backup bool
- For a user in an approval stage, this property indicates whether the user is a backup fallback approver
- Object
Id string - The object ID of the subject
- Subject
Type string - Type of users
- Backup bool
- For a user in an approval stage, this property indicates whether the user is a backup fallback approver
- Object
Id string - The object ID of the subject
- subject
Type String - Type of users
- backup Boolean
- For a user in an approval stage, this property indicates whether the user is a backup fallback approver
- object
Id String - The object ID of the subject
- subject
Type string - Type of users
- backup boolean
- For a user in an approval stage, this property indicates whether the user is a backup fallback approver
- object
Id string - The object ID of the subject
- subject_
type str - Type of users
- backup bool
- For a user in an approval stage, this property indicates whether the user is a backup fallback approver
- object_
id str - The object ID of the subject
- subject
Type String - Type of users
- backup Boolean
- For a user in an approval stage, this property indicates whether the user is a backup fallback approver
- object
Id String - The object ID of the subject
Import
An access package assignment policy can be imported using the ID, e.g.
$ pulumi import azuread:index/accessPackageAssignmentPolicy:AccessPackageAssignmentPolicy example 00000000-0000-0000-0000-000000000000
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Active Directory (Azure AD) pulumi/pulumi-azuread
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azuread
Terraform Provider.