azuread.PrivilegedAccessGroupEligibilitySchedule
Explore with Pulumi AI
Manages an eligible assignment to a privileged access group.
API Permissions
The following API permissions are required in order to use this resource.
When authenticated with a service principal, this resource requires the PrivilegedEligibilitySchedule.ReadWrite.AzureADGroup
Microsoft Graph API permissions.
When authenticated with a user principal, this resource requires Global Administrator
directory role, or the Privileged Role Administrator
role in Identity Governance.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
const example = new azuread.Group("example", {
displayName: "group-name",
securityEnabled: true,
});
const member = new azuread.User("member", {
userPrincipalName: "jdoe@example.com",
displayName: "J. Doe",
mailNickname: "jdoe",
password: "SecretP@sswd99!",
});
const examplePrivilegedAccessGroupEligibilitySchedule = new azuread.PrivilegedAccessGroupEligibilitySchedule("example", {
groupId: pim.id,
principalId: member.id,
assignmentType: "member",
duration: "P30D",
justification: "as requested",
});
import pulumi
import pulumi_azuread as azuread
example = azuread.Group("example",
display_name="group-name",
security_enabled=True)
member = azuread.User("member",
user_principal_name="jdoe@example.com",
display_name="J. Doe",
mail_nickname="jdoe",
password="SecretP@sswd99!")
example_privileged_access_group_eligibility_schedule = azuread.PrivilegedAccessGroupEligibilitySchedule("example",
group_id=pim["id"],
principal_id=member.id,
assignment_type="member",
duration="P30D",
justification="as requested")
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := azuread.NewGroup(ctx, "example", &azuread.GroupArgs{
DisplayName: pulumi.String("group-name"),
SecurityEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
member, err := azuread.NewUser(ctx, "member", &azuread.UserArgs{
UserPrincipalName: pulumi.String("jdoe@example.com"),
DisplayName: pulumi.String("J. Doe"),
MailNickname: pulumi.String("jdoe"),
Password: pulumi.String("SecretP@sswd99!"),
})
if err != nil {
return err
}
_, err = azuread.NewPrivilegedAccessGroupEligibilitySchedule(ctx, "example", &azuread.PrivilegedAccessGroupEligibilityScheduleArgs{
GroupId: pulumi.Any(pim.Id),
PrincipalId: member.ID(),
AssignmentType: pulumi.String("member"),
Duration: pulumi.String("P30D"),
Justification: pulumi.String("as requested"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var example = new AzureAD.Group("example", new()
{
DisplayName = "group-name",
SecurityEnabled = true,
});
var member = new AzureAD.User("member", new()
{
UserPrincipalName = "jdoe@example.com",
DisplayName = "J. Doe",
MailNickname = "jdoe",
Password = "SecretP@sswd99!",
});
var examplePrivilegedAccessGroupEligibilitySchedule = new AzureAD.PrivilegedAccessGroupEligibilitySchedule("example", new()
{
GroupId = pim.Id,
PrincipalId = member.Id,
AssignmentType = "member",
Duration = "P30D",
Justification = "as requested",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.Group;
import com.pulumi.azuread.GroupArgs;
import com.pulumi.azuread.User;
import com.pulumi.azuread.UserArgs;
import com.pulumi.azuread.PrivilegedAccessGroupEligibilitySchedule;
import com.pulumi.azuread.PrivilegedAccessGroupEligibilityScheduleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Group("example", GroupArgs.builder()
.displayName("group-name")
.securityEnabled(true)
.build());
var member = new User("member", UserArgs.builder()
.userPrincipalName("jdoe@example.com")
.displayName("J. Doe")
.mailNickname("jdoe")
.password("SecretP@sswd99!")
.build());
var examplePrivilegedAccessGroupEligibilitySchedule = new PrivilegedAccessGroupEligibilitySchedule("examplePrivilegedAccessGroupEligibilitySchedule", PrivilegedAccessGroupEligibilityScheduleArgs.builder()
.groupId(pim.id())
.principalId(member.id())
.assignmentType("member")
.duration("P30D")
.justification("as requested")
.build());
}
}
resources:
example:
type: azuread:Group
properties:
displayName: group-name
securityEnabled: true
member:
type: azuread:User
properties:
userPrincipalName: jdoe@example.com
displayName: J. Doe
mailNickname: jdoe
password: SecretP@sswd99!
examplePrivilegedAccessGroupEligibilitySchedule:
type: azuread:PrivilegedAccessGroupEligibilitySchedule
name: example
properties:
groupId: ${pim.id}
principalId: ${member.id}
assignmentType: member
duration: P30D
justification: as requested
Create PrivilegedAccessGroupEligibilitySchedule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PrivilegedAccessGroupEligibilitySchedule(name: string, args: PrivilegedAccessGroupEligibilityScheduleArgs, opts?: CustomResourceOptions);
@overload
def PrivilegedAccessGroupEligibilitySchedule(resource_name: str,
args: PrivilegedAccessGroupEligibilityScheduleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def PrivilegedAccessGroupEligibilitySchedule(resource_name: str,
opts: Optional[ResourceOptions] = None,
assignment_type: Optional[str] = None,
group_id: Optional[str] = None,
principal_id: Optional[str] = None,
duration: Optional[str] = None,
expiration_date: Optional[str] = None,
justification: Optional[str] = None,
permanent_assignment: Optional[bool] = None,
start_date: Optional[str] = None,
ticket_number: Optional[str] = None,
ticket_system: Optional[str] = None)
func NewPrivilegedAccessGroupEligibilitySchedule(ctx *Context, name string, args PrivilegedAccessGroupEligibilityScheduleArgs, opts ...ResourceOption) (*PrivilegedAccessGroupEligibilitySchedule, error)
public PrivilegedAccessGroupEligibilitySchedule(string name, PrivilegedAccessGroupEligibilityScheduleArgs args, CustomResourceOptions? opts = null)
public PrivilegedAccessGroupEligibilitySchedule(String name, PrivilegedAccessGroupEligibilityScheduleArgs args)
public PrivilegedAccessGroupEligibilitySchedule(String name, PrivilegedAccessGroupEligibilityScheduleArgs args, CustomResourceOptions options)
type: azuread:PrivilegedAccessGroupEligibilitySchedule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PrivilegedAccessGroupEligibilityScheduleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PrivilegedAccessGroupEligibilityScheduleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PrivilegedAccessGroupEligibilityScheduleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PrivilegedAccessGroupEligibilityScheduleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PrivilegedAccessGroupEligibilityScheduleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var privilegedAccessGroupEligibilityScheduleResource = new AzureAD.PrivilegedAccessGroupEligibilitySchedule("privilegedAccessGroupEligibilityScheduleResource", new()
{
AssignmentType = "string",
GroupId = "string",
PrincipalId = "string",
Duration = "string",
ExpirationDate = "string",
Justification = "string",
PermanentAssignment = false,
StartDate = "string",
TicketNumber = "string",
TicketSystem = "string",
});
example, err := azuread.NewPrivilegedAccessGroupEligibilitySchedule(ctx, "privilegedAccessGroupEligibilityScheduleResource", &azuread.PrivilegedAccessGroupEligibilityScheduleArgs{
AssignmentType: pulumi.String("string"),
GroupId: pulumi.String("string"),
PrincipalId: pulumi.String("string"),
Duration: pulumi.String("string"),
ExpirationDate: pulumi.String("string"),
Justification: pulumi.String("string"),
PermanentAssignment: pulumi.Bool(false),
StartDate: pulumi.String("string"),
TicketNumber: pulumi.String("string"),
TicketSystem: pulumi.String("string"),
})
var privilegedAccessGroupEligibilityScheduleResource = new PrivilegedAccessGroupEligibilitySchedule("privilegedAccessGroupEligibilityScheduleResource", PrivilegedAccessGroupEligibilityScheduleArgs.builder()
.assignmentType("string")
.groupId("string")
.principalId("string")
.duration("string")
.expirationDate("string")
.justification("string")
.permanentAssignment(false)
.startDate("string")
.ticketNumber("string")
.ticketSystem("string")
.build());
privileged_access_group_eligibility_schedule_resource = azuread.PrivilegedAccessGroupEligibilitySchedule("privilegedAccessGroupEligibilityScheduleResource",
assignment_type="string",
group_id="string",
principal_id="string",
duration="string",
expiration_date="string",
justification="string",
permanent_assignment=False,
start_date="string",
ticket_number="string",
ticket_system="string")
const privilegedAccessGroupEligibilityScheduleResource = new azuread.PrivilegedAccessGroupEligibilitySchedule("privilegedAccessGroupEligibilityScheduleResource", {
assignmentType: "string",
groupId: "string",
principalId: "string",
duration: "string",
expirationDate: "string",
justification: "string",
permanentAssignment: false,
startDate: "string",
ticketNumber: "string",
ticketSystem: "string",
});
type: azuread:PrivilegedAccessGroupEligibilitySchedule
properties:
assignmentType: string
duration: string
expirationDate: string
groupId: string
justification: string
permanentAssignment: false
principalId: string
startDate: string
ticketNumber: string
ticketSystem: string
PrivilegedAccessGroupEligibilitySchedule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The PrivilegedAccessGroupEligibilitySchedule resource accepts the following input properties:
- Assignment
Type string - The type of assignment to the group. Can be either
member
orowner
. - Group
Id string - The Object ID of the Azure AD group to which the principal will be assigned.
- Principal
Id string - The Object ID of the principal to be assigned to the above group. Can be either a user or a group.
- Duration string
- The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).
- Expiration
Date string - The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).
- Justification string
- The justification for this assignment. May be required by the role policy.
- Permanent
Assignment bool Is this assigment permanently valid.
At least one of
expiration_date
,duration
, orpermanent_assignment
must be supplied. The role policy may limit the maximum duration which can be supplied.- Start
Date string - The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.
- Ticket
Number string - The ticket number in the ticket system approving this assignment. May be required by the role policy.
- Ticket
System string - The ticket system containing the ticket number approving this assignment. May be required by the role policy.
- Assignment
Type string - The type of assignment to the group. Can be either
member
orowner
. - Group
Id string - The Object ID of the Azure AD group to which the principal will be assigned.
- Principal
Id string - The Object ID of the principal to be assigned to the above group. Can be either a user or a group.
- Duration string
- The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).
- Expiration
Date string - The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).
- Justification string
- The justification for this assignment. May be required by the role policy.
- Permanent
Assignment bool Is this assigment permanently valid.
At least one of
expiration_date
,duration
, orpermanent_assignment
must be supplied. The role policy may limit the maximum duration which can be supplied.- Start
Date string - The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.
- Ticket
Number string - The ticket number in the ticket system approving this assignment. May be required by the role policy.
- Ticket
System string - The ticket system containing the ticket number approving this assignment. May be required by the role policy.
- assignment
Type String - The type of assignment to the group. Can be either
member
orowner
. - group
Id String - The Object ID of the Azure AD group to which the principal will be assigned.
- principal
Id String - The Object ID of the principal to be assigned to the above group. Can be either a user or a group.
- duration String
- The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).
- expiration
Date String - The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).
- justification String
- The justification for this assignment. May be required by the role policy.
- permanent
Assignment Boolean Is this assigment permanently valid.
At least one of
expiration_date
,duration
, orpermanent_assignment
must be supplied. The role policy may limit the maximum duration which can be supplied.- start
Date String - The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.
- ticket
Number String - The ticket number in the ticket system approving this assignment. May be required by the role policy.
- ticket
System String - The ticket system containing the ticket number approving this assignment. May be required by the role policy.
- assignment
Type string - The type of assignment to the group. Can be either
member
orowner
. - group
Id string - The Object ID of the Azure AD group to which the principal will be assigned.
- principal
Id string - The Object ID of the principal to be assigned to the above group. Can be either a user or a group.
- duration string
- The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).
- expiration
Date string - The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).
- justification string
- The justification for this assignment. May be required by the role policy.
- permanent
Assignment boolean Is this assigment permanently valid.
At least one of
expiration_date
,duration
, orpermanent_assignment
must be supplied. The role policy may limit the maximum duration which can be supplied.- start
Date string - The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.
- ticket
Number string - The ticket number in the ticket system approving this assignment. May be required by the role policy.
- ticket
System string - The ticket system containing the ticket number approving this assignment. May be required by the role policy.
- assignment_
type str - The type of assignment to the group. Can be either
member
orowner
. - group_
id str - The Object ID of the Azure AD group to which the principal will be assigned.
- principal_
id str - The Object ID of the principal to be assigned to the above group. Can be either a user or a group.
- duration str
- The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).
- expiration_
date str - The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).
- justification str
- The justification for this assignment. May be required by the role policy.
- permanent_
assignment bool Is this assigment permanently valid.
At least one of
expiration_date
,duration
, orpermanent_assignment
must be supplied. The role policy may limit the maximum duration which can be supplied.- start_
date str - The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.
- ticket_
number str - The ticket number in the ticket system approving this assignment. May be required by the role policy.
- ticket_
system str - The ticket system containing the ticket number approving this assignment. May be required by the role policy.
- assignment
Type String - The type of assignment to the group. Can be either
member
orowner
. - group
Id String - The Object ID of the Azure AD group to which the principal will be assigned.
- principal
Id String - The Object ID of the principal to be assigned to the above group. Can be either a user or a group.
- duration String
- The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).
- expiration
Date String - The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).
- justification String
- The justification for this assignment. May be required by the role policy.
- permanent
Assignment Boolean Is this assigment permanently valid.
At least one of
expiration_date
,duration
, orpermanent_assignment
must be supplied. The role policy may limit the maximum duration which can be supplied.- start
Date String - The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.
- ticket
Number String - The ticket number in the ticket system approving this assignment. May be required by the role policy.
- ticket
System String - The ticket system containing the ticket number approving this assignment. May be required by the role policy.
Outputs
All input properties are implicitly available as output properties. Additionally, the PrivilegedAccessGroupEligibilitySchedule resource produces the following output properties:
Look up Existing PrivilegedAccessGroupEligibilitySchedule Resource
Get an existing PrivilegedAccessGroupEligibilitySchedule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PrivilegedAccessGroupEligibilityScheduleState, opts?: CustomResourceOptions): PrivilegedAccessGroupEligibilitySchedule
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
assignment_type: Optional[str] = None,
duration: Optional[str] = None,
expiration_date: Optional[str] = None,
group_id: Optional[str] = None,
justification: Optional[str] = None,
permanent_assignment: Optional[bool] = None,
principal_id: Optional[str] = None,
start_date: Optional[str] = None,
status: Optional[str] = None,
ticket_number: Optional[str] = None,
ticket_system: Optional[str] = None) -> PrivilegedAccessGroupEligibilitySchedule
func GetPrivilegedAccessGroupEligibilitySchedule(ctx *Context, name string, id IDInput, state *PrivilegedAccessGroupEligibilityScheduleState, opts ...ResourceOption) (*PrivilegedAccessGroupEligibilitySchedule, error)
public static PrivilegedAccessGroupEligibilitySchedule Get(string name, Input<string> id, PrivilegedAccessGroupEligibilityScheduleState? state, CustomResourceOptions? opts = null)
public static PrivilegedAccessGroupEligibilitySchedule get(String name, Output<String> id, PrivilegedAccessGroupEligibilityScheduleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Assignment
Type string - The type of assignment to the group. Can be either
member
orowner
. - Duration string
- The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).
- Expiration
Date string - The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).
- Group
Id string - The Object ID of the Azure AD group to which the principal will be assigned.
- Justification string
- The justification for this assignment. May be required by the role policy.
- Permanent
Assignment bool Is this assigment permanently valid.
At least one of
expiration_date
,duration
, orpermanent_assignment
must be supplied. The role policy may limit the maximum duration which can be supplied.- Principal
Id string - The Object ID of the principal to be assigned to the above group. Can be either a user or a group.
- Start
Date string - The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.
- Status string
- (String) The provisioning status of this request.
- Ticket
Number string - The ticket number in the ticket system approving this assignment. May be required by the role policy.
- Ticket
System string - The ticket system containing the ticket number approving this assignment. May be required by the role policy.
- Assignment
Type string - The type of assignment to the group. Can be either
member
orowner
. - Duration string
- The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).
- Expiration
Date string - The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).
- Group
Id string - The Object ID of the Azure AD group to which the principal will be assigned.
- Justification string
- The justification for this assignment. May be required by the role policy.
- Permanent
Assignment bool Is this assigment permanently valid.
At least one of
expiration_date
,duration
, orpermanent_assignment
must be supplied. The role policy may limit the maximum duration which can be supplied.- Principal
Id string - The Object ID of the principal to be assigned to the above group. Can be either a user or a group.
- Start
Date string - The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.
- Status string
- (String) The provisioning status of this request.
- Ticket
Number string - The ticket number in the ticket system approving this assignment. May be required by the role policy.
- Ticket
System string - The ticket system containing the ticket number approving this assignment. May be required by the role policy.
- assignment
Type String - The type of assignment to the group. Can be either
member
orowner
. - duration String
- The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).
- expiration
Date String - The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).
- group
Id String - The Object ID of the Azure AD group to which the principal will be assigned.
- justification String
- The justification for this assignment. May be required by the role policy.
- permanent
Assignment Boolean Is this assigment permanently valid.
At least one of
expiration_date
,duration
, orpermanent_assignment
must be supplied. The role policy may limit the maximum duration which can be supplied.- principal
Id String - The Object ID of the principal to be assigned to the above group. Can be either a user or a group.
- start
Date String - The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.
- status String
- (String) The provisioning status of this request.
- ticket
Number String - The ticket number in the ticket system approving this assignment. May be required by the role policy.
- ticket
System String - The ticket system containing the ticket number approving this assignment. May be required by the role policy.
- assignment
Type string - The type of assignment to the group. Can be either
member
orowner
. - duration string
- The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).
- expiration
Date string - The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).
- group
Id string - The Object ID of the Azure AD group to which the principal will be assigned.
- justification string
- The justification for this assignment. May be required by the role policy.
- permanent
Assignment boolean Is this assigment permanently valid.
At least one of
expiration_date
,duration
, orpermanent_assignment
must be supplied. The role policy may limit the maximum duration which can be supplied.- principal
Id string - The Object ID of the principal to be assigned to the above group. Can be either a user or a group.
- start
Date string - The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.
- status string
- (String) The provisioning status of this request.
- ticket
Number string - The ticket number in the ticket system approving this assignment. May be required by the role policy.
- ticket
System string - The ticket system containing the ticket number approving this assignment. May be required by the role policy.
- assignment_
type str - The type of assignment to the group. Can be either
member
orowner
. - duration str
- The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).
- expiration_
date str - The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).
- group_
id str - The Object ID of the Azure AD group to which the principal will be assigned.
- justification str
- The justification for this assignment. May be required by the role policy.
- permanent_
assignment bool Is this assigment permanently valid.
At least one of
expiration_date
,duration
, orpermanent_assignment
must be supplied. The role policy may limit the maximum duration which can be supplied.- principal_
id str - The Object ID of the principal to be assigned to the above group. Can be either a user or a group.
- start_
date str - The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.
- status str
- (String) The provisioning status of this request.
- ticket_
number str - The ticket number in the ticket system approving this assignment. May be required by the role policy.
- ticket_
system str - The ticket system containing the ticket number approving this assignment. May be required by the role policy.
- assignment
Type String - The type of assignment to the group. Can be either
member
orowner
. - duration String
- The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).
- expiration
Date String - The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).
- group
Id String - The Object ID of the Azure AD group to which the principal will be assigned.
- justification String
- The justification for this assignment. May be required by the role policy.
- permanent
Assignment Boolean Is this assigment permanently valid.
At least one of
expiration_date
,duration
, orpermanent_assignment
must be supplied. The role policy may limit the maximum duration which can be supplied.- principal
Id String - The Object ID of the principal to be assigned to the above group. Can be either a user or a group.
- start
Date String - The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.
- status String
- (String) The provisioning status of this request.
- ticket
Number String - The ticket number in the ticket system approving this assignment. May be required by the role policy.
- ticket
System String - The ticket system containing the ticket number approving this assignment. May be required by the role policy.
Import
An assignment schedule can be imported using the schedule ID, e.g.
$ pulumi import azuread:index/privilegedAccessGroupEligibilitySchedule:PrivilegedAccessGroupEligibilitySchedule example 00000000-0000-0000-0000-000000000000_member_00000000-0000-0000-0000-000000000000
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Active Directory (Azure AD) pulumi/pulumi-azuread
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azuread
Terraform Provider.