Docs Home
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.89.1 published on Sunday, Mar 2, 2025 by Pulumi
azure-native.authorization.RoleDefinition
Explore with Pulumi AI
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.89.1 published on Sunday, Mar 2, 2025 by Pulumi
Role definition. Azure REST API version: 2022-05-01-preview. Prior API version in Azure Native 1.x: 2018-01-01-preview.
Example Usage
Create role definition
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var roleDefinition = new AzureNative.Authorization.RoleDefinition("roleDefinition", new()
{
RoleDefinitionId = "roleDefinitionId",
Scope = "scope",
});
});
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewRoleDefinition(ctx, "roleDefinition", &authorization.RoleDefinitionArgs{
RoleDefinitionId: pulumi.String("roleDefinitionId"),
Scope: pulumi.String("scope"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.RoleDefinition;
import com.pulumi.azurenative.authorization.RoleDefinitionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var roleDefinition = new RoleDefinition("roleDefinition", RoleDefinitionArgs.builder()
.roleDefinitionId("roleDefinitionId")
.scope("scope")
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const roleDefinition = new azure_native.authorization.RoleDefinition("roleDefinition", {
roleDefinitionId: "roleDefinitionId",
scope: "scope",
});
import pulumi
import pulumi_azure_native as azure_native
role_definition = azure_native.authorization.RoleDefinition("roleDefinition",
role_definition_id="roleDefinitionId",
scope="scope")
resources:
roleDefinition:
type: azure-native:authorization:RoleDefinition
properties:
roleDefinitionId: roleDefinitionId
scope: scope
Create RoleDefinition Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new RoleDefinition(name: string, args: RoleDefinitionArgs, opts?: CustomResourceOptions);@overload
def RoleDefinition(resource_name: str,
args: RoleDefinitionArgs,
opts: Optional[ResourceOptions] = None)
@overload
def RoleDefinition(resource_name: str,
opts: Optional[ResourceOptions] = None,
scope: Optional[str] = None,
assignable_scopes: Optional[Sequence[str]] = None,
description: Optional[str] = None,
permissions: Optional[Sequence[PermissionArgs]] = None,
role_definition_id: Optional[str] = None,
role_name: Optional[str] = None,
role_type: Optional[str] = None)func NewRoleDefinition(ctx *Context, name string, args RoleDefinitionArgs, opts ...ResourceOption) (*RoleDefinition, error)public RoleDefinition(string name, RoleDefinitionArgs args, CustomResourceOptions? opts = null)
public RoleDefinition(String name, RoleDefinitionArgs args)
public RoleDefinition(String name, RoleDefinitionArgs args, CustomResourceOptions options)
type: azure-native:authorization:RoleDefinition
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RoleDefinitionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RoleDefinitionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RoleDefinitionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RoleDefinitionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RoleDefinitionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var roleDefinitionResource = new AzureNative.Authorization.RoleDefinition("roleDefinitionResource", new()
{
Scope = "string",
AssignableScopes = new[]
{
"string",
},
Description = "string",
Permissions = new[]
{
new AzureNative.Authorization.Inputs.PermissionArgs
{
Actions = new[]
{
"string",
},
DataActions = new[]
{
"string",
},
NotActions = new[]
{
"string",
},
NotDataActions = new[]
{
"string",
},
},
},
RoleDefinitionId = "string",
RoleName = "string",
RoleType = "string",
});
example, err := authorization.NewRoleDefinition(ctx, "roleDefinitionResource", &authorization.RoleDefinitionArgs{
Scope: pulumi.String("string"),
AssignableScopes: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
Permissions: authorization.PermissionArray{
&authorization.PermissionArgs{
Actions: pulumi.StringArray{
pulumi.String("string"),
},
DataActions: pulumi.StringArray{
pulumi.String("string"),
},
NotActions: pulumi.StringArray{
pulumi.String("string"),
},
NotDataActions: pulumi.StringArray{
pulumi.String("string"),
},
},
},
RoleDefinitionId: pulumi.String("string"),
RoleName: pulumi.String("string"),
RoleType: pulumi.String("string"),
})
var roleDefinitionResource = new RoleDefinition("roleDefinitionResource", RoleDefinitionArgs.builder()
.scope("string")
.assignableScopes("string")
.description("string")
.permissions(PermissionArgs.builder()
.actions("string")
.dataActions("string")
.notActions("string")
.notDataActions("string")
.build())
.roleDefinitionId("string")
.roleName("string")
.roleType("string")
.build());
role_definition_resource = azure_native.authorization.RoleDefinition("roleDefinitionResource",
scope="string",
assignable_scopes=["string"],
description="string",
permissions=[{
"actions": ["string"],
"data_actions": ["string"],
"not_actions": ["string"],
"not_data_actions": ["string"],
}],
role_definition_id="string",
role_name="string",
role_type="string")
const roleDefinitionResource = new azure_native.authorization.RoleDefinition("roleDefinitionResource", {
scope: "string",
assignableScopes: ["string"],
description: "string",
permissions: [{
actions: ["string"],
dataActions: ["string"],
notActions: ["string"],
notDataActions: ["string"],
}],
roleDefinitionId: "string",
roleName: "string",
roleType: "string",
});
type: azure-native:authorization:RoleDefinition
properties:
assignableScopes:
- string
description: string
permissions:
- actions:
- string
dataActions:
- string
notActions:
- string
notDataActions:
- string
roleDefinitionId: string
roleName: string
roleType: string
scope: string
RoleDefinition Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The RoleDefinition resource accepts the following input properties:
- Scope string
- The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- Assignable
Scopes List<string> - Role definition assignable scopes.
- Description string
- The role definition description.
- Permissions
List<Pulumi.
Azure Native. Authorization. Inputs. Permission> - Role definition permissions.
- Role
Definition stringId - The ID of the role definition.
- Role
Name string - The role name.
- Role
Type string - The role type.
- Scope string
- The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- Assignable
Scopes []string - Role definition assignable scopes.
- Description string
- The role definition description.
- Permissions
[]Permission
Args - Role definition permissions.
- Role
Definition stringId - The ID of the role definition.
- Role
Name string - The role name.
- Role
Type string - The role type.
- scope String
- The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- assignable
Scopes List<String> - Role definition assignable scopes.
- description String
- The role definition description.
- permissions List<Permission>
- Role definition permissions.
- role
Definition StringId - The ID of the role definition.
- role
Name String - The role name.
- role
Type String - The role type.
- scope string
- The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- assignable
Scopes string[] - Role definition assignable scopes.
- description string
- The role definition description.
- permissions Permission[]
- Role definition permissions.
- role
Definition stringId - The ID of the role definition.
- role
Name string - The role name.
- role
Type string - The role type.
- scope str
- The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- assignable_
scopes Sequence[str] - Role definition assignable scopes.
- description str
- The role definition description.
- permissions
Sequence[Permission
Args] - Role definition permissions.
- role_
definition_ strid - The ID of the role definition.
- role_
name str - The role name.
- role_
type str - The role type.
- scope String
- The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- assignable
Scopes List<String> - Role definition assignable scopes.
- description String
- The role definition description.
- permissions List<Property Map>
- Role definition permissions.
- role
Definition StringId - The ID of the role definition.
- role
Name String - The role name.
- role
Type String - The role type.
Outputs
All input properties are implicitly available as output properties. Additionally, the RoleDefinition resource produces the following output properties:
- Created
By string - Id of the user who created the assignment
- Created
On string - Time it was created
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- The role definition name.
- Type string
- The role definition type.
- Updated
By string - Id of the user who updated the assignment
- Updated
On string - Time it was updated
- Created
By string - Id of the user who created the assignment
- Created
On string - Time it was created
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- The role definition name.
- Type string
- The role definition type.
- Updated
By string - Id of the user who updated the assignment
- Updated
On string - Time it was updated
- created
By String - Id of the user who created the assignment
- created
On String - Time it was created
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- The role definition name.
- type String
- The role definition type.
- updated
By String - Id of the user who updated the assignment
- updated
On String - Time it was updated
- created
By string - Id of the user who created the assignment
- created
On string - Time it was created
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- The role definition name.
- type string
- The role definition type.
- updated
By string - Id of the user who updated the assignment
- updated
On string - Time it was updated
- created_
by str - Id of the user who created the assignment
- created_
on str - Time it was created
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- The role definition name.
- type str
- The role definition type.
- updated_
by str - Id of the user who updated the assignment
- updated_
on str - Time it was updated
- created
By String - Id of the user who created the assignment
- created
On String - Time it was created
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- The role definition name.
- type String
- The role definition type.
- updated
By String - Id of the user who updated the assignment
- updated
On String - Time it was updated
Supporting Types
Permission, PermissionArgs
- Actions List<string>
- Allowed actions.
- Data
Actions List<string> - Allowed Data actions.
- Not
Actions List<string> - Denied actions.
- Not
Data List<string>Actions - Denied Data actions.
- Actions []string
- Allowed actions.
- Data
Actions []string - Allowed Data actions.
- Not
Actions []string - Denied actions.
- Not
Data []stringActions - Denied Data actions.
- actions List<String>
- Allowed actions.
- data
Actions List<String> - Allowed Data actions.
- not
Actions List<String> - Denied actions.
- not
Data List<String>Actions - Denied Data actions.
- actions string[]
- Allowed actions.
- data
Actions string[] - Allowed Data actions.
- not
Actions string[] - Denied actions.
- not
Data string[]Actions - Denied Data actions.
- actions Sequence[str]
- Allowed actions.
- data_
actions Sequence[str] - Allowed Data actions.
- not_
actions Sequence[str] - Denied actions.
- not_
data_ Sequence[str]actions - Denied Data actions.
- actions List<String>
- Allowed actions.
- data
Actions List<String> - Allowed Data actions.
- not
Actions List<String> - Denied actions.
- not
Data List<String>Actions - Denied Data actions.
PermissionResponse, PermissionResponseArgs
- Condition string
- The conditions on the role definition. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
- Condition
Version string - Version of the condition. Currently the only accepted value is '2.0'
- Actions List<string>
- Allowed actions.
- Data
Actions List<string> - Allowed Data actions.
- Not
Actions List<string> - Denied actions.
- Not
Data List<string>Actions - Denied Data actions.
- Condition string
- The conditions on the role definition. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
- Condition
Version string - Version of the condition. Currently the only accepted value is '2.0'
- Actions []string
- Allowed actions.
- Data
Actions []string - Allowed Data actions.
- Not
Actions []string - Denied actions.
- Not
Data []stringActions - Denied Data actions.
- condition String
- The conditions on the role definition. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
- condition
Version String - Version of the condition. Currently the only accepted value is '2.0'
- actions List<String>
- Allowed actions.
- data
Actions List<String> - Allowed Data actions.
- not
Actions List<String> - Denied actions.
- not
Data List<String>Actions - Denied Data actions.
- condition string
- The conditions on the role definition. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
- condition
Version string - Version of the condition. Currently the only accepted value is '2.0'
- actions string[]
- Allowed actions.
- data
Actions string[] - Allowed Data actions.
- not
Actions string[] - Denied actions.
- not
Data string[]Actions - Denied Data actions.
- condition str
- The conditions on the role definition. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
- condition_
version str - Version of the condition. Currently the only accepted value is '2.0'
- actions Sequence[str]
- Allowed actions.
- data_
actions Sequence[str] - Allowed Data actions.
- not_
actions Sequence[str] - Denied actions.
- not_
data_ Sequence[str]actions - Denied Data actions.
- condition String
- The conditions on the role definition. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
- condition
Version String - Version of the condition. Currently the only accepted value is '2.0'
- actions List<String>
- Allowed actions.
- data
Actions List<String> - Allowed Data actions.
- not
Actions List<String> - Denied actions.
- not
Data List<String>Actions - Denied Data actions.
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:authorization:RoleDefinition roleDefinitionId /{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionId}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.89.1 published on Sunday, Mar 2, 2025 by Pulumi