Docs Home
We recommend using Azure Native.
Azure v6.21.0 published on Friday, Mar 7, 2025 by Pulumi
azure.pim.RoleManagementPolicy
Explore with Pulumi AI
Manage a role policy for an Azure Management Group, Subscription, Resource Group or resource.
Example Usage
Resource Group
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as azuread from "@pulumi/azuread";
const example = new azure.core.ResourceGroup("example", {
name: "example-rg",
location: "East US",
});
const rgContributor = azure.authorization.getRoleDefinitionOutput({
name: "Contributor",
scope: example.id,
});
const approvers = azuread.getGroup({
displayName: "Example Approver Group",
});
const exampleRoleManagementPolicy = new azure.pim.RoleManagementPolicy("example", {
scope: test.id,
roleDefinitionId: contributor.id,
activeAssignmentRules: {
expireAfter: "P365D",
},
eligibleAssignmentRules: {
expirationRequired: false,
},
activationRules: {
maximumDuration: "PT1H",
requireApproval: true,
approvalStage: {
primaryApprovers: [{
objectId: approvers.then(approvers => approvers.objectId),
type: "Group",
}],
},
},
notificationRules: {
eligibleAssignments: {
approverNotifications: {
notificationLevel: "Critical",
defaultRecipients: false,
additionalRecipients: ["someone@example.com"],
},
},
eligibleActivations: {
assigneeNotifications: {
notificationLevel: "All",
defaultRecipients: true,
additionalRecipients: ["someone.else@example.com"],
},
},
},
});
import pulumi
import pulumi_azure as azure
import pulumi_azuread as azuread
example = azure.core.ResourceGroup("example",
name="example-rg",
location="East US")
rg_contributor = azure.authorization.get_role_definition_output(name="Contributor",
scope=example.id)
approvers = azuread.get_group(display_name="Example Approver Group")
example_role_management_policy = azure.pim.RoleManagementPolicy("example",
scope=test["id"],
role_definition_id=contributor["id"],
active_assignment_rules={
"expire_after": "P365D",
},
eligible_assignment_rules={
"expiration_required": False,
},
activation_rules={
"maximum_duration": "PT1H",
"require_approval": True,
"approval_stage": {
"primary_approvers": [{
"object_id": approvers.object_id,
"type": "Group",
}],
},
},
notification_rules={
"eligible_assignments": {
"approver_notifications": {
"notification_level": "Critical",
"default_recipients": False,
"additional_recipients": ["someone@example.com"],
},
},
"eligible_activations": {
"assignee_notifications": {
"notification_level": "All",
"default_recipients": True,
"additional_recipients": ["someone.else@example.com"],
},
},
})
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/pim"
"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-rg"),
Location: pulumi.String("East US"),
})
if err != nil {
return err
}
_ = authorization.LookupRoleDefinitionOutput(ctx, authorization.GetRoleDefinitionOutputArgs{
Name: pulumi.String("Contributor"),
Scope: example.ID(),
}, nil)
approvers, err := azuread.LookupGroup(ctx, &azuread.LookupGroupArgs{
DisplayName: pulumi.StringRef("Example Approver Group"),
}, nil)
if err != nil {
return err
}
_, err = pim.NewRoleManagementPolicy(ctx, "example", &pim.RoleManagementPolicyArgs{
Scope: pulumi.Any(test.Id),
RoleDefinitionId: pulumi.Any(contributor.Id),
ActiveAssignmentRules: &pim.RoleManagementPolicyActiveAssignmentRulesArgs{
ExpireAfter: pulumi.String("P365D"),
},
EligibleAssignmentRules: &pim.RoleManagementPolicyEligibleAssignmentRulesArgs{
ExpirationRequired: pulumi.Bool(false),
},
ActivationRules: &pim.RoleManagementPolicyActivationRulesArgs{
MaximumDuration: pulumi.String("PT1H"),
RequireApproval: pulumi.Bool(true),
ApprovalStage: &pim.RoleManagementPolicyActivationRulesApprovalStageArgs{
PrimaryApprovers: pim.RoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArray{
&pim.RoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs{
ObjectId: pulumi.String(approvers.ObjectId),
Type: pulumi.String("Group"),
},
},
},
},
NotificationRules: &pim.RoleManagementPolicyNotificationRulesArgs{
EligibleAssignments: &pim.RoleManagementPolicyNotificationRulesEligibleAssignmentsArgs{
ApproverNotifications: &pim.RoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs{
NotificationLevel: pulumi.String("Critical"),
DefaultRecipients: pulumi.Bool(false),
AdditionalRecipients: pulumi.StringArray{
pulumi.String("someone@example.com"),
},
},
},
EligibleActivations: &pim.RoleManagementPolicyNotificationRulesEligibleActivationsArgs{
AssigneeNotifications: &pim.RoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs{
NotificationLevel: pulumi.String("All"),
DefaultRecipients: pulumi.Bool(true),
AdditionalRecipients: pulumi.StringArray{
pulumi.String("someone.else@example.com"),
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-rg",
Location = "East US",
});
var rgContributor = Azure.Authorization.GetRoleDefinition.Invoke(new()
{
Name = "Contributor",
Scope = example.Id,
});
var approvers = AzureAD.GetGroup.Invoke(new()
{
DisplayName = "Example Approver Group",
});
var exampleRoleManagementPolicy = new Azure.Pim.RoleManagementPolicy("example", new()
{
Scope = test.Id,
RoleDefinitionId = contributor.Id,
ActiveAssignmentRules = new Azure.Pim.Inputs.RoleManagementPolicyActiveAssignmentRulesArgs
{
ExpireAfter = "P365D",
},
EligibleAssignmentRules = new Azure.Pim.Inputs.RoleManagementPolicyEligibleAssignmentRulesArgs
{
ExpirationRequired = false,
},
ActivationRules = new Azure.Pim.Inputs.RoleManagementPolicyActivationRulesArgs
{
MaximumDuration = "PT1H",
RequireApproval = true,
ApprovalStage = new Azure.Pim.Inputs.RoleManagementPolicyActivationRulesApprovalStageArgs
{
PrimaryApprovers = new[]
{
new Azure.Pim.Inputs.RoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs
{
ObjectId = approvers.Apply(getGroupResult => getGroupResult.ObjectId),
Type = "Group",
},
},
},
},
NotificationRules = new Azure.Pim.Inputs.RoleManagementPolicyNotificationRulesArgs
{
EligibleAssignments = new Azure.Pim.Inputs.RoleManagementPolicyNotificationRulesEligibleAssignmentsArgs
{
ApproverNotifications = new Azure.Pim.Inputs.RoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs
{
NotificationLevel = "Critical",
DefaultRecipients = false,
AdditionalRecipients = new[]
{
"someone@example.com",
},
},
},
EligibleActivations = new Azure.Pim.Inputs.RoleManagementPolicyNotificationRulesEligibleActivationsArgs
{
AssigneeNotifications = new Azure.Pim.Inputs.RoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs
{
NotificationLevel = "All",
DefaultRecipients = true,
AdditionalRecipients = new[]
{
"someone.else@example.com",
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.authorization.AuthorizationFunctions;
import com.pulumi.azure.authorization.inputs.GetRoleDefinitionArgs;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetGroupArgs;
import com.pulumi.azure.pim.RoleManagementPolicy;
import com.pulumi.azure.pim.RoleManagementPolicyArgs;
import com.pulumi.azure.pim.inputs.RoleManagementPolicyActiveAssignmentRulesArgs;
import com.pulumi.azure.pim.inputs.RoleManagementPolicyEligibleAssignmentRulesArgs;
import com.pulumi.azure.pim.inputs.RoleManagementPolicyActivationRulesArgs;
import com.pulumi.azure.pim.inputs.RoleManagementPolicyActivationRulesApprovalStageArgs;
import com.pulumi.azure.pim.inputs.RoleManagementPolicyNotificationRulesArgs;
import com.pulumi.azure.pim.inputs.RoleManagementPolicyNotificationRulesEligibleAssignmentsArgs;
import com.pulumi.azure.pim.inputs.RoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs;
import com.pulumi.azure.pim.inputs.RoleManagementPolicyNotificationRulesEligibleActivationsArgs;
import com.pulumi.azure.pim.inputs.RoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-rg")
.location("East US")
.build());
final var rgContributor = AuthorizationFunctions.getRoleDefinition(GetRoleDefinitionArgs.builder()
.name("Contributor")
.scope(example.id())
.build());
final var approvers = AzureadFunctions.getGroup(GetGroupArgs.builder()
.displayName("Example Approver Group")
.build());
var exampleRoleManagementPolicy = new RoleManagementPolicy("exampleRoleManagementPolicy", RoleManagementPolicyArgs.builder()
.scope(test.id())
.roleDefinitionId(contributor.id())
.activeAssignmentRules(RoleManagementPolicyActiveAssignmentRulesArgs.builder()
.expireAfter("P365D")
.build())
.eligibleAssignmentRules(RoleManagementPolicyEligibleAssignmentRulesArgs.builder()
.expirationRequired(false)
.build())
.activationRules(RoleManagementPolicyActivationRulesArgs.builder()
.maximumDuration("PT1H")
.requireApproval(true)
.approvalStage(RoleManagementPolicyActivationRulesApprovalStageArgs.builder()
.primaryApprovers(RoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs.builder()
.objectId(approvers.applyValue(getGroupResult -> getGroupResult.objectId()))
.type("Group")
.build())
.build())
.build())
.notificationRules(RoleManagementPolicyNotificationRulesArgs.builder()
.eligibleAssignments(RoleManagementPolicyNotificationRulesEligibleAssignmentsArgs.builder()
.approverNotifications(RoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs.builder()
.notificationLevel("Critical")
.defaultRecipients(false)
.additionalRecipients("someone@example.com")
.build())
.build())
.eligibleActivations(RoleManagementPolicyNotificationRulesEligibleActivationsArgs.builder()
.assigneeNotifications(RoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs.builder()
.notificationLevel("All")
.defaultRecipients(true)
.additionalRecipients("someone.else@example.com")
.build())
.build())
.build())
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-rg
location: East US
exampleRoleManagementPolicy:
type: azure:pim:RoleManagementPolicy
name: example
properties:
scope: ${test.id}
roleDefinitionId: ${contributor.id}
activeAssignmentRules:
expireAfter: P365D
eligibleAssignmentRules:
expirationRequired: false
activationRules:
maximumDuration: PT1H
requireApproval: true
approvalStage:
primaryApprovers:
- objectId: ${approvers.objectId}
type: Group
notificationRules:
eligibleAssignments:
approverNotifications:
notificationLevel: Critical
defaultRecipients: false
additionalRecipients:
- someone@example.com
eligibleActivations:
assigneeNotifications:
notificationLevel: All
defaultRecipients: true
additionalRecipients:
- someone.else@example.com
variables:
rgContributor:
fn::invoke:
function: azure:authorization:getRoleDefinition
arguments:
name: Contributor
scope: ${example.id}
approvers:
fn::invoke:
function: azuread:getGroup
arguments:
displayName: Example Approver Group
Management Group
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.management.Group("example", {name: "example-group"});
const mgContributor = azure.authorization.getRoleDefinitionOutput({
name: "Contributor",
scope: example.id,
});
const exampleRoleManagementPolicy = new azure.pim.RoleManagementPolicy("example", {
scope: example.id,
roleDefinitionId: mgContributor.apply(mgContributor => mgContributor.id),
eligibleAssignmentRules: {
expirationRequired: false,
},
activeAssignmentRules: {
expireAfter: "P90D",
},
activationRules: {
maximumDuration: "PT1H",
requireApproval: true,
},
notificationRules: {
activeAssignments: {
adminNotifications: {
notificationLevel: "Critical",
defaultRecipients: false,
additionalRecipients: ["someone@example.com"],
},
},
},
});
import pulumi
import pulumi_azure as azure
example = azure.management.Group("example", name="example-group")
mg_contributor = azure.authorization.get_role_definition_output(name="Contributor",
scope=example.id)
example_role_management_policy = azure.pim.RoleManagementPolicy("example",
scope=example.id,
role_definition_id=mg_contributor.id,
eligible_assignment_rules={
"expiration_required": False,
},
active_assignment_rules={
"expire_after": "P90D",
},
activation_rules={
"maximum_duration": "PT1H",
"require_approval": True,
},
notification_rules={
"active_assignments": {
"admin_notifications": {
"notification_level": "Critical",
"default_recipients": False,
"additional_recipients": ["someone@example.com"],
},
},
})
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/management"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/pim"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := management.NewGroup(ctx, "example", &management.GroupArgs{
Name: pulumi.String("example-group"),
})
if err != nil {
return err
}
mgContributor := authorization.LookupRoleDefinitionOutput(ctx, authorization.GetRoleDefinitionOutputArgs{
Name: pulumi.String("Contributor"),
Scope: example.ID(),
}, nil)
_, err = pim.NewRoleManagementPolicy(ctx, "example", &pim.RoleManagementPolicyArgs{
Scope: example.ID(),
RoleDefinitionId: pulumi.String(mgContributor.ApplyT(func(mgContributor authorization.GetRoleDefinitionResult) (*string, error) {
return &mgContributor.Id, nil
}).(pulumi.StringPtrOutput)),
EligibleAssignmentRules: &pim.RoleManagementPolicyEligibleAssignmentRulesArgs{
ExpirationRequired: pulumi.Bool(false),
},
ActiveAssignmentRules: &pim.RoleManagementPolicyActiveAssignmentRulesArgs{
ExpireAfter: pulumi.String("P90D"),
},
ActivationRules: &pim.RoleManagementPolicyActivationRulesArgs{
MaximumDuration: pulumi.String("PT1H"),
RequireApproval: pulumi.Bool(true),
},
NotificationRules: &pim.RoleManagementPolicyNotificationRulesArgs{
ActiveAssignments: &pim.RoleManagementPolicyNotificationRulesActiveAssignmentsArgs{
AdminNotifications: &pim.RoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs{
NotificationLevel: pulumi.String("Critical"),
DefaultRecipients: pulumi.Bool(false),
AdditionalRecipients: pulumi.StringArray{
pulumi.String("someone@example.com"),
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Management.Group("example", new()
{
Name = "example-group",
});
var mgContributor = Azure.Authorization.GetRoleDefinition.Invoke(new()
{
Name = "Contributor",
Scope = example.Id,
});
var exampleRoleManagementPolicy = new Azure.Pim.RoleManagementPolicy("example", new()
{
Scope = example.Id,
RoleDefinitionId = mgContributor.Apply(getRoleDefinitionResult => getRoleDefinitionResult.Id),
EligibleAssignmentRules = new Azure.Pim.Inputs.RoleManagementPolicyEligibleAssignmentRulesArgs
{
ExpirationRequired = false,
},
ActiveAssignmentRules = new Azure.Pim.Inputs.RoleManagementPolicyActiveAssignmentRulesArgs
{
ExpireAfter = "P90D",
},
ActivationRules = new Azure.Pim.Inputs.RoleManagementPolicyActivationRulesArgs
{
MaximumDuration = "PT1H",
RequireApproval = true,
},
NotificationRules = new Azure.Pim.Inputs.RoleManagementPolicyNotificationRulesArgs
{
ActiveAssignments = new Azure.Pim.Inputs.RoleManagementPolicyNotificationRulesActiveAssignmentsArgs
{
AdminNotifications = new Azure.Pim.Inputs.RoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs
{
NotificationLevel = "Critical",
DefaultRecipients = false,
AdditionalRecipients = new[]
{
"someone@example.com",
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.management.Group;
import com.pulumi.azure.management.GroupArgs;
import com.pulumi.azure.authorization.AuthorizationFunctions;
import com.pulumi.azure.authorization.inputs.GetRoleDefinitionArgs;
import com.pulumi.azure.pim.RoleManagementPolicy;
import com.pulumi.azure.pim.RoleManagementPolicyArgs;
import com.pulumi.azure.pim.inputs.RoleManagementPolicyEligibleAssignmentRulesArgs;
import com.pulumi.azure.pim.inputs.RoleManagementPolicyActiveAssignmentRulesArgs;
import com.pulumi.azure.pim.inputs.RoleManagementPolicyActivationRulesArgs;
import com.pulumi.azure.pim.inputs.RoleManagementPolicyNotificationRulesArgs;
import com.pulumi.azure.pim.inputs.RoleManagementPolicyNotificationRulesActiveAssignmentsArgs;
import com.pulumi.azure.pim.inputs.RoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Group("example", GroupArgs.builder()
.name("example-group")
.build());
final var mgContributor = AuthorizationFunctions.getRoleDefinition(GetRoleDefinitionArgs.builder()
.name("Contributor")
.scope(example.id())
.build());
var exampleRoleManagementPolicy = new RoleManagementPolicy("exampleRoleManagementPolicy", RoleManagementPolicyArgs.builder()
.scope(example.id())
.roleDefinitionId(mgContributor.applyValue(getRoleDefinitionResult -> getRoleDefinitionResult).applyValue(mgContributor -> mgContributor.applyValue(getRoleDefinitionResult -> getRoleDefinitionResult.id())))
.eligibleAssignmentRules(RoleManagementPolicyEligibleAssignmentRulesArgs.builder()
.expirationRequired(false)
.build())
.activeAssignmentRules(RoleManagementPolicyActiveAssignmentRulesArgs.builder()
.expireAfter("P90D")
.build())
.activationRules(RoleManagementPolicyActivationRulesArgs.builder()
.maximumDuration("PT1H")
.requireApproval(true)
.build())
.notificationRules(RoleManagementPolicyNotificationRulesArgs.builder()
.activeAssignments(RoleManagementPolicyNotificationRulesActiveAssignmentsArgs.builder()
.adminNotifications(RoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs.builder()
.notificationLevel("Critical")
.defaultRecipients(false)
.additionalRecipients("someone@example.com")
.build())
.build())
.build())
.build());
}
}
resources:
example:
type: azure:management:Group
properties:
name: example-group
exampleRoleManagementPolicy:
type: azure:pim:RoleManagementPolicy
name: example
properties:
scope: ${example.id}
roleDefinitionId: ${mgContributor.id}
eligibleAssignmentRules:
expirationRequired: false
activeAssignmentRules:
expireAfter: P90D
activationRules:
maximumDuration: PT1H
requireApproval: true
notificationRules:
activeAssignments:
adminNotifications:
notificationLevel: Critical
defaultRecipients: false
additionalRecipients:
- someone@example.com
variables:
mgContributor:
fn::invoke:
function: azure:authorization:getRoleDefinition
arguments:
name: Contributor
scope: ${example.id}
Create RoleManagementPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new RoleManagementPolicy(name: string, args: RoleManagementPolicyArgs, opts?: CustomResourceOptions);@overload
def RoleManagementPolicy(resource_name: str,
args: RoleManagementPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def RoleManagementPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
role_definition_id: Optional[str] = None,
scope: Optional[str] = None,
activation_rules: Optional[RoleManagementPolicyActivationRulesArgs] = None,
active_assignment_rules: Optional[RoleManagementPolicyActiveAssignmentRulesArgs] = None,
eligible_assignment_rules: Optional[RoleManagementPolicyEligibleAssignmentRulesArgs] = None,
notification_rules: Optional[RoleManagementPolicyNotificationRulesArgs] = None)func NewRoleManagementPolicy(ctx *Context, name string, args RoleManagementPolicyArgs, opts ...ResourceOption) (*RoleManagementPolicy, error)public RoleManagementPolicy(string name, RoleManagementPolicyArgs args, CustomResourceOptions? opts = null)
public RoleManagementPolicy(String name, RoleManagementPolicyArgs args)
public RoleManagementPolicy(String name, RoleManagementPolicyArgs args, CustomResourceOptions options)
type: azure:pim:RoleManagementPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RoleManagementPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RoleManagementPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RoleManagementPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RoleManagementPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RoleManagementPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var roleManagementPolicyResource = new Azure.Pim.RoleManagementPolicy("roleManagementPolicyResource", new()
{
RoleDefinitionId = "string",
Scope = "string",
ActivationRules = new Azure.Pim.Inputs.RoleManagementPolicyActivationRulesArgs
{
ApprovalStage = new Azure.Pim.Inputs.RoleManagementPolicyActivationRulesApprovalStageArgs
{
PrimaryApprovers = new[]
{
new Azure.Pim.Inputs.RoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs
{
ObjectId = "string",
Type = "string",
},
},
},
MaximumDuration = "string",
RequireApproval = false,
RequireJustification = false,
RequireMultifactorAuthentication = false,
RequireTicketInfo = false,
RequiredConditionalAccessAuthenticationContext = "string",
},
ActiveAssignmentRules = new Azure.Pim.Inputs.RoleManagementPolicyActiveAssignmentRulesArgs
{
ExpirationRequired = false,
ExpireAfter = "string",
RequireJustification = false,
RequireMultifactorAuthentication = false,
RequireTicketInfo = false,
},
EligibleAssignmentRules = new Azure.Pim.Inputs.RoleManagementPolicyEligibleAssignmentRulesArgs
{
ExpirationRequired = false,
ExpireAfter = "string",
},
NotificationRules = new Azure.Pim.Inputs.RoleManagementPolicyNotificationRulesArgs
{
ActiveAssignments = new Azure.Pim.Inputs.RoleManagementPolicyNotificationRulesActiveAssignmentsArgs
{
AdminNotifications = new Azure.Pim.Inputs.RoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs
{
DefaultRecipients = false,
NotificationLevel = "string",
AdditionalRecipients = new[]
{
"string",
},
},
ApproverNotifications = new Azure.Pim.Inputs.RoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs
{
DefaultRecipients = false,
NotificationLevel = "string",
AdditionalRecipients = new[]
{
"string",
},
},
AssigneeNotifications = new Azure.Pim.Inputs.RoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs
{
DefaultRecipients = false,
NotificationLevel = "string",
AdditionalRecipients = new[]
{
"string",
},
},
},
EligibleActivations = new Azure.Pim.Inputs.RoleManagementPolicyNotificationRulesEligibleActivationsArgs
{
AdminNotifications = new Azure.Pim.Inputs.RoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs
{
DefaultRecipients = false,
NotificationLevel = "string",
AdditionalRecipients = new[]
{
"string",
},
},
ApproverNotifications = new Azure.Pim.Inputs.RoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs
{
DefaultRecipients = false,
NotificationLevel = "string",
AdditionalRecipients = new[]
{
"string",
},
},
AssigneeNotifications = new Azure.Pim.Inputs.RoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs
{
DefaultRecipients = false,
NotificationLevel = "string",
AdditionalRecipients = new[]
{
"string",
},
},
},
EligibleAssignments = new Azure.Pim.Inputs.RoleManagementPolicyNotificationRulesEligibleAssignmentsArgs
{
AdminNotifications = new Azure.Pim.Inputs.RoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs
{
DefaultRecipients = false,
NotificationLevel = "string",
AdditionalRecipients = new[]
{
"string",
},
},
ApproverNotifications = new Azure.Pim.Inputs.RoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs
{
DefaultRecipients = false,
NotificationLevel = "string",
AdditionalRecipients = new[]
{
"string",
},
},
AssigneeNotifications = new Azure.Pim.Inputs.RoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs
{
DefaultRecipients = false,
NotificationLevel = "string",
AdditionalRecipients = new[]
{
"string",
},
},
},
},
});
example, err := pim.NewRoleManagementPolicy(ctx, "roleManagementPolicyResource", &pim.RoleManagementPolicyArgs{
RoleDefinitionId: pulumi.String("string"),
Scope: pulumi.String("string"),
ActivationRules: &pim.RoleManagementPolicyActivationRulesArgs{
ApprovalStage: &pim.RoleManagementPolicyActivationRulesApprovalStageArgs{
PrimaryApprovers: pim.RoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArray{
&pim.RoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs{
ObjectId: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
},
MaximumDuration: pulumi.String("string"),
RequireApproval: pulumi.Bool(false),
RequireJustification: pulumi.Bool(false),
RequireMultifactorAuthentication: pulumi.Bool(false),
RequireTicketInfo: pulumi.Bool(false),
RequiredConditionalAccessAuthenticationContext: pulumi.String("string"),
},
ActiveAssignmentRules: &pim.RoleManagementPolicyActiveAssignmentRulesArgs{
ExpirationRequired: pulumi.Bool(false),
ExpireAfter: pulumi.String("string"),
RequireJustification: pulumi.Bool(false),
RequireMultifactorAuthentication: pulumi.Bool(false),
RequireTicketInfo: pulumi.Bool(false),
},
EligibleAssignmentRules: &pim.RoleManagementPolicyEligibleAssignmentRulesArgs{
ExpirationRequired: pulumi.Bool(false),
ExpireAfter: pulumi.String("string"),
},
NotificationRules: &pim.RoleManagementPolicyNotificationRulesArgs{
ActiveAssignments: &pim.RoleManagementPolicyNotificationRulesActiveAssignmentsArgs{
AdminNotifications: &pim.RoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs{
DefaultRecipients: pulumi.Bool(false),
NotificationLevel: pulumi.String("string"),
AdditionalRecipients: pulumi.StringArray{
pulumi.String("string"),
},
},
ApproverNotifications: &pim.RoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs{
DefaultRecipients: pulumi.Bool(false),
NotificationLevel: pulumi.String("string"),
AdditionalRecipients: pulumi.StringArray{
pulumi.String("string"),
},
},
AssigneeNotifications: &pim.RoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs{
DefaultRecipients: pulumi.Bool(false),
NotificationLevel: pulumi.String("string"),
AdditionalRecipients: pulumi.StringArray{
pulumi.String("string"),
},
},
},
EligibleActivations: &pim.RoleManagementPolicyNotificationRulesEligibleActivationsArgs{
AdminNotifications: &pim.RoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs{
DefaultRecipients: pulumi.Bool(false),
NotificationLevel: pulumi.String("string"),
AdditionalRecipients: pulumi.StringArray{
pulumi.String("string"),
},
},
ApproverNotifications: &pim.RoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs{
DefaultRecipients: pulumi.Bool(false),
NotificationLevel: pulumi.String("string"),
AdditionalRecipients: pulumi.StringArray{
pulumi.String("string"),
},
},
AssigneeNotifications: &pim.RoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs{
DefaultRecipients: pulumi.Bool(false),
NotificationLevel: pulumi.String("string"),
AdditionalRecipients: pulumi.StringArray{
pulumi.String("string"),
},
},
},
EligibleAssignments: &pim.RoleManagementPolicyNotificationRulesEligibleAssignmentsArgs{
AdminNotifications: &pim.RoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs{
DefaultRecipients: pulumi.Bool(false),
NotificationLevel: pulumi.String("string"),
AdditionalRecipients: pulumi.StringArray{
pulumi.String("string"),
},
},
ApproverNotifications: &pim.RoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs{
DefaultRecipients: pulumi.Bool(false),
NotificationLevel: pulumi.String("string"),
AdditionalRecipients: pulumi.StringArray{
pulumi.String("string"),
},
},
AssigneeNotifications: &pim.RoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs{
DefaultRecipients: pulumi.Bool(false),
NotificationLevel: pulumi.String("string"),
AdditionalRecipients: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
})
var roleManagementPolicyResource = new RoleManagementPolicy("roleManagementPolicyResource", RoleManagementPolicyArgs.builder()
.roleDefinitionId("string")
.scope("string")
.activationRules(RoleManagementPolicyActivationRulesArgs.builder()
.approvalStage(RoleManagementPolicyActivationRulesApprovalStageArgs.builder()
.primaryApprovers(RoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs.builder()
.objectId("string")
.type("string")
.build())
.build())
.maximumDuration("string")
.requireApproval(false)
.requireJustification(false)
.requireMultifactorAuthentication(false)
.requireTicketInfo(false)
.requiredConditionalAccessAuthenticationContext("string")
.build())
.activeAssignmentRules(RoleManagementPolicyActiveAssignmentRulesArgs.builder()
.expirationRequired(false)
.expireAfter("string")
.requireJustification(false)
.requireMultifactorAuthentication(false)
.requireTicketInfo(false)
.build())
.eligibleAssignmentRules(RoleManagementPolicyEligibleAssignmentRulesArgs.builder()
.expirationRequired(false)
.expireAfter("string")
.build())
.notificationRules(RoleManagementPolicyNotificationRulesArgs.builder()
.activeAssignments(RoleManagementPolicyNotificationRulesActiveAssignmentsArgs.builder()
.adminNotifications(RoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs.builder()
.defaultRecipients(false)
.notificationLevel("string")
.additionalRecipients("string")
.build())
.approverNotifications(RoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs.builder()
.defaultRecipients(false)
.notificationLevel("string")
.additionalRecipients("string")
.build())
.assigneeNotifications(RoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs.builder()
.defaultRecipients(false)
.notificationLevel("string")
.additionalRecipients("string")
.build())
.build())
.eligibleActivations(RoleManagementPolicyNotificationRulesEligibleActivationsArgs.builder()
.adminNotifications(RoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs.builder()
.defaultRecipients(false)
.notificationLevel("string")
.additionalRecipients("string")
.build())
.approverNotifications(RoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs.builder()
.defaultRecipients(false)
.notificationLevel("string")
.additionalRecipients("string")
.build())
.assigneeNotifications(RoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs.builder()
.defaultRecipients(false)
.notificationLevel("string")
.additionalRecipients("string")
.build())
.build())
.eligibleAssignments(RoleManagementPolicyNotificationRulesEligibleAssignmentsArgs.builder()
.adminNotifications(RoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs.builder()
.defaultRecipients(false)
.notificationLevel("string")
.additionalRecipients("string")
.build())
.approverNotifications(RoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs.builder()
.defaultRecipients(false)
.notificationLevel("string")
.additionalRecipients("string")
.build())
.assigneeNotifications(RoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs.builder()
.defaultRecipients(false)
.notificationLevel("string")
.additionalRecipients("string")
.build())
.build())
.build())
.build());
role_management_policy_resource = azure.pim.RoleManagementPolicy("roleManagementPolicyResource",
role_definition_id="string",
scope="string",
activation_rules={
"approval_stage": {
"primary_approvers": [{
"object_id": "string",
"type": "string",
}],
},
"maximum_duration": "string",
"require_approval": False,
"require_justification": False,
"require_multifactor_authentication": False,
"require_ticket_info": False,
"required_conditional_access_authentication_context": "string",
},
active_assignment_rules={
"expiration_required": False,
"expire_after": "string",
"require_justification": False,
"require_multifactor_authentication": False,
"require_ticket_info": False,
},
eligible_assignment_rules={
"expiration_required": False,
"expire_after": "string",
},
notification_rules={
"active_assignments": {
"admin_notifications": {
"default_recipients": False,
"notification_level": "string",
"additional_recipients": ["string"],
},
"approver_notifications": {
"default_recipients": False,
"notification_level": "string",
"additional_recipients": ["string"],
},
"assignee_notifications": {
"default_recipients": False,
"notification_level": "string",
"additional_recipients": ["string"],
},
},
"eligible_activations": {
"admin_notifications": {
"default_recipients": False,
"notification_level": "string",
"additional_recipients": ["string"],
},
"approver_notifications": {
"default_recipients": False,
"notification_level": "string",
"additional_recipients": ["string"],
},
"assignee_notifications": {
"default_recipients": False,
"notification_level": "string",
"additional_recipients": ["string"],
},
},
"eligible_assignments": {
"admin_notifications": {
"default_recipients": False,
"notification_level": "string",
"additional_recipients": ["string"],
},
"approver_notifications": {
"default_recipients": False,
"notification_level": "string",
"additional_recipients": ["string"],
},
"assignee_notifications": {
"default_recipients": False,
"notification_level": "string",
"additional_recipients": ["string"],
},
},
})
const roleManagementPolicyResource = new azure.pim.RoleManagementPolicy("roleManagementPolicyResource", {
roleDefinitionId: "string",
scope: "string",
activationRules: {
approvalStage: {
primaryApprovers: [{
objectId: "string",
type: "string",
}],
},
maximumDuration: "string",
requireApproval: false,
requireJustification: false,
requireMultifactorAuthentication: false,
requireTicketInfo: false,
requiredConditionalAccessAuthenticationContext: "string",
},
activeAssignmentRules: {
expirationRequired: false,
expireAfter: "string",
requireJustification: false,
requireMultifactorAuthentication: false,
requireTicketInfo: false,
},
eligibleAssignmentRules: {
expirationRequired: false,
expireAfter: "string",
},
notificationRules: {
activeAssignments: {
adminNotifications: {
defaultRecipients: false,
notificationLevel: "string",
additionalRecipients: ["string"],
},
approverNotifications: {
defaultRecipients: false,
notificationLevel: "string",
additionalRecipients: ["string"],
},
assigneeNotifications: {
defaultRecipients: false,
notificationLevel: "string",
additionalRecipients: ["string"],
},
},
eligibleActivations: {
adminNotifications: {
defaultRecipients: false,
notificationLevel: "string",
additionalRecipients: ["string"],
},
approverNotifications: {
defaultRecipients: false,
notificationLevel: "string",
additionalRecipients: ["string"],
},
assigneeNotifications: {
defaultRecipients: false,
notificationLevel: "string",
additionalRecipients: ["string"],
},
},
eligibleAssignments: {
adminNotifications: {
defaultRecipients: false,
notificationLevel: "string",
additionalRecipients: ["string"],
},
approverNotifications: {
defaultRecipients: false,
notificationLevel: "string",
additionalRecipients: ["string"],
},
assigneeNotifications: {
defaultRecipients: false,
notificationLevel: "string",
additionalRecipients: ["string"],
},
},
},
});
type: azure:pim:RoleManagementPolicy
properties:
activationRules:
approvalStage:
primaryApprovers:
- objectId: string
type: string
maximumDuration: string
requireApproval: false
requireJustification: false
requireMultifactorAuthentication: false
requireTicketInfo: false
requiredConditionalAccessAuthenticationContext: string
activeAssignmentRules:
expirationRequired: false
expireAfter: string
requireJustification: false
requireMultifactorAuthentication: false
requireTicketInfo: false
eligibleAssignmentRules:
expirationRequired: false
expireAfter: string
notificationRules:
activeAssignments:
adminNotifications:
additionalRecipients:
- string
defaultRecipients: false
notificationLevel: string
approverNotifications:
additionalRecipients:
- string
defaultRecipients: false
notificationLevel: string
assigneeNotifications:
additionalRecipients:
- string
defaultRecipients: false
notificationLevel: string
eligibleActivations:
adminNotifications:
additionalRecipients:
- string
defaultRecipients: false
notificationLevel: string
approverNotifications:
additionalRecipients:
- string
defaultRecipients: false
notificationLevel: string
assigneeNotifications:
additionalRecipients:
- string
defaultRecipients: false
notificationLevel: string
eligibleAssignments:
adminNotifications:
additionalRecipients:
- string
defaultRecipients: false
notificationLevel: string
approverNotifications:
additionalRecipients:
- string
defaultRecipients: false
notificationLevel: string
assigneeNotifications:
additionalRecipients:
- string
defaultRecipients: false
notificationLevel: string
roleDefinitionId: string
scope: string
RoleManagementPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The RoleManagementPolicy resource accepts the following input properties:
- Role
Definition stringId - The scoped Role Definition ID of the role for which this policy will apply. Changing this forces a new resource to be created.
- Scope string
- The scope to which this Role Management Policy will apply. Can refer to a management group, a subscription, a resource group or a resource. Changing this forces a new resource to be created.
- Activation
Rules RoleManagement Policy Activation Rules - An
activation_rulesblock as defined below. - Active
Assignment RoleRules Management Policy Active Assignment Rules - An
active_assignment_rulesblock as defined below. - Eligible
Assignment RoleRules Management Policy Eligible Assignment Rules - An
eligible_assignment_rulesblock as defined below. - Notification
Rules RoleManagement Policy Notification Rules - A
notification_rulesblock as defined below.
- Role
Definition stringId - The scoped Role Definition ID of the role for which this policy will apply. Changing this forces a new resource to be created.
- Scope string
- The scope to which this Role Management Policy will apply. Can refer to a management group, a subscription, a resource group or a resource. Changing this forces a new resource to be created.
- Activation
Rules RoleManagement Policy Activation Rules Args - An
activation_rulesblock as defined below. - Active
Assignment RoleRules Management Policy Active Assignment Rules Args - An
active_assignment_rulesblock as defined below. - Eligible
Assignment RoleRules Management Policy Eligible Assignment Rules Args - An
eligible_assignment_rulesblock as defined below. - Notification
Rules RoleManagement Policy Notification Rules Args - A
notification_rulesblock as defined below.
- role
Definition StringId - The scoped Role Definition ID of the role for which this policy will apply. Changing this forces a new resource to be created.
- scope String
- The scope to which this Role Management Policy will apply. Can refer to a management group, a subscription, a resource group or a resource. Changing this forces a new resource to be created.
- activation
Rules RoleManagement Policy Activation Rules - An
activation_rulesblock as defined below. - active
Assignment RoleRules Management Policy Active Assignment Rules - An
active_assignment_rulesblock as defined below. - eligible
Assignment RoleRules Management Policy Eligible Assignment Rules - An
eligible_assignment_rulesblock as defined below. - notification
Rules RoleManagement Policy Notification Rules - A
notification_rulesblock as defined below.
- role
Definition stringId - The scoped Role Definition ID of the role for which this policy will apply. Changing this forces a new resource to be created.
- scope string
- The scope to which this Role Management Policy will apply. Can refer to a management group, a subscription, a resource group or a resource. Changing this forces a new resource to be created.
- activation
Rules RoleManagement Policy Activation Rules - An
activation_rulesblock as defined below. - active
Assignment RoleRules Management Policy Active Assignment Rules - An
active_assignment_rulesblock as defined below. - eligible
Assignment RoleRules Management Policy Eligible Assignment Rules - An
eligible_assignment_rulesblock as defined below. - notification
Rules RoleManagement Policy Notification Rules - A
notification_rulesblock as defined below.
- role_
definition_ strid - The scoped Role Definition ID of the role for which this policy will apply. Changing this forces a new resource to be created.
- scope str
- The scope to which this Role Management Policy will apply. Can refer to a management group, a subscription, a resource group or a resource. Changing this forces a new resource to be created.
- activation_
rules RoleManagement Policy Activation Rules Args - An
activation_rulesblock as defined below. - active_
assignment_ Rolerules Management Policy Active Assignment Rules Args - An
active_assignment_rulesblock as defined below. - eligible_
assignment_ Rolerules Management Policy Eligible Assignment Rules Args - An
eligible_assignment_rulesblock as defined below. - notification_
rules RoleManagement Policy Notification Rules Args - A
notification_rulesblock as defined below.
- role
Definition StringId - The scoped Role Definition ID of the role for which this policy will apply. Changing this forces a new resource to be created.
- scope String
- The scope to which this Role Management Policy will apply. Can refer to a management group, a subscription, a resource group or a resource. Changing this forces a new resource to be created.
- activation
Rules Property Map - An
activation_rulesblock as defined below. - active
Assignment Property MapRules - An
active_assignment_rulesblock as defined below. - eligible
Assignment Property MapRules - An
eligible_assignment_rulesblock as defined below. - notification
Rules Property Map - A
notification_rulesblock as defined below.
Outputs
All input properties are implicitly available as output properties. Additionally, the RoleManagementPolicy resource produces the following output properties:
- Description string
- (String) The description of this policy.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- (String) The name of this policy, which is typically a UUID and may change over time.
- Description string
- (String) The description of this policy.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- (String) The name of this policy, which is typically a UUID and may change over time.
- description String
- (String) The description of this policy.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- (String) The name of this policy, which is typically a UUID and may change over time.
- description string
- (String) The description of this policy.
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- (String) The name of this policy, which is typically a UUID and may change over time.
- description str
- (String) The description of this policy.
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- (String) The name of this policy, which is typically a UUID and may change over time.
- description String
- (String) The description of this policy.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- (String) The name of this policy, which is typically a UUID and may change over time.
Look up Existing RoleManagementPolicy Resource
Get an existing RoleManagementPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RoleManagementPolicyState, opts?: CustomResourceOptions): RoleManagementPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
activation_rules: Optional[RoleManagementPolicyActivationRulesArgs] = None,
active_assignment_rules: Optional[RoleManagementPolicyActiveAssignmentRulesArgs] = None,
description: Optional[str] = None,
eligible_assignment_rules: Optional[RoleManagementPolicyEligibleAssignmentRulesArgs] = None,
name: Optional[str] = None,
notification_rules: Optional[RoleManagementPolicyNotificationRulesArgs] = None,
role_definition_id: Optional[str] = None,
scope: Optional[str] = None) -> RoleManagementPolicyfunc GetRoleManagementPolicy(ctx *Context, name string, id IDInput, state *RoleManagementPolicyState, opts ...ResourceOption) (*RoleManagementPolicy, error)public static RoleManagementPolicy Get(string name, Input<string> id, RoleManagementPolicyState? state, CustomResourceOptions? opts = null)public static RoleManagementPolicy get(String name, Output<String> id, RoleManagementPolicyState state, CustomResourceOptions options)resources: _: type: azure:pim:RoleManagementPolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Activation
Rules RoleManagement Policy Activation Rules - An
activation_rulesblock as defined below. - Active
Assignment RoleRules Management Policy Active Assignment Rules - An
active_assignment_rulesblock as defined below. - Description string
- (String) The description of this policy.
- Eligible
Assignment RoleRules Management Policy Eligible Assignment Rules - An
eligible_assignment_rulesblock as defined below. - Name string
- (String) The name of this policy, which is typically a UUID and may change over time.
- Notification
Rules RoleManagement Policy Notification Rules - A
notification_rulesblock as defined below. - Role
Definition stringId - The scoped Role Definition ID of the role for which this policy will apply. Changing this forces a new resource to be created.
- Scope string
- The scope to which this Role Management Policy will apply. Can refer to a management group, a subscription, a resource group or a resource. Changing this forces a new resource to be created.
- Activation
Rules RoleManagement Policy Activation Rules Args - An
activation_rulesblock as defined below. - Active
Assignment RoleRules Management Policy Active Assignment Rules Args - An
active_assignment_rulesblock as defined below. - Description string
- (String) The description of this policy.
- Eligible
Assignment RoleRules Management Policy Eligible Assignment Rules Args - An
eligible_assignment_rulesblock as defined below. - Name string
- (String) The name of this policy, which is typically a UUID and may change over time.
- Notification
Rules RoleManagement Policy Notification Rules Args - A
notification_rulesblock as defined below. - Role
Definition stringId - The scoped Role Definition ID of the role for which this policy will apply. Changing this forces a new resource to be created.
- Scope string
- The scope to which this Role Management Policy will apply. Can refer to a management group, a subscription, a resource group or a resource. Changing this forces a new resource to be created.
- activation
Rules RoleManagement Policy Activation Rules - An
activation_rulesblock as defined below. - active
Assignment RoleRules Management Policy Active Assignment Rules - An
active_assignment_rulesblock as defined below. - description String
- (String) The description of this policy.
- eligible
Assignment RoleRules Management Policy Eligible Assignment Rules - An
eligible_assignment_rulesblock as defined below. - name String
- (String) The name of this policy, which is typically a UUID and may change over time.
- notification
Rules RoleManagement Policy Notification Rules - A
notification_rulesblock as defined below. - role
Definition StringId - The scoped Role Definition ID of the role for which this policy will apply. Changing this forces a new resource to be created.
- scope String
- The scope to which this Role Management Policy will apply. Can refer to a management group, a subscription, a resource group or a resource. Changing this forces a new resource to be created.
- activation
Rules RoleManagement Policy Activation Rules - An
activation_rulesblock as defined below. - active
Assignment RoleRules Management Policy Active Assignment Rules - An
active_assignment_rulesblock as defined below. - description string
- (String) The description of this policy.
- eligible
Assignment RoleRules Management Policy Eligible Assignment Rules - An
eligible_assignment_rulesblock as defined below. - name string
- (String) The name of this policy, which is typically a UUID and may change over time.
- notification
Rules RoleManagement Policy Notification Rules - A
notification_rulesblock as defined below. - role
Definition stringId - The scoped Role Definition ID of the role for which this policy will apply. Changing this forces a new resource to be created.
- scope string
- The scope to which this Role Management Policy will apply. Can refer to a management group, a subscription, a resource group or a resource. Changing this forces a new resource to be created.
- activation_
rules RoleManagement Policy Activation Rules Args - An
activation_rulesblock as defined below. - active_
assignment_ Rolerules Management Policy Active Assignment Rules Args - An
active_assignment_rulesblock as defined below. - description str
- (String) The description of this policy.
- eligible_
assignment_ Rolerules Management Policy Eligible Assignment Rules Args - An
eligible_assignment_rulesblock as defined below. - name str
- (String) The name of this policy, which is typically a UUID and may change over time.
- notification_
rules RoleManagement Policy Notification Rules Args - A
notification_rulesblock as defined below. - role_
definition_ strid - The scoped Role Definition ID of the role for which this policy will apply. Changing this forces a new resource to be created.
- scope str
- The scope to which this Role Management Policy will apply. Can refer to a management group, a subscription, a resource group or a resource. Changing this forces a new resource to be created.
- activation
Rules Property Map - An
activation_rulesblock as defined below. - active
Assignment Property MapRules - An
active_assignment_rulesblock as defined below. - description String
- (String) The description of this policy.
- eligible
Assignment Property MapRules - An
eligible_assignment_rulesblock as defined below. - name String
- (String) The name of this policy, which is typically a UUID and may change over time.
- notification
Rules Property Map - A
notification_rulesblock as defined below. - role
Definition StringId - The scoped Role Definition ID of the role for which this policy will apply. Changing this forces a new resource to be created.
- scope String
- The scope to which this Role Management Policy will apply. Can refer to a management group, a subscription, a resource group or a resource. Changing this forces a new resource to be created.
Supporting Types
RoleManagementPolicyActivationRules, RoleManagementPolicyActivationRulesArgs
- Approval
Stage RoleManagement Policy Activation Rules Approval Stage - An
approval_stageblock as defined below. - Maximum
Duration string - The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g.
PT8H). Valid range isPT30MtoPT23H30M, in 30 minute increments, orPT1D. - Require
Approval bool - Is approval required for activation. If
trueanapproval_stageblock must be provided. - Require
Justification bool - Is a justification required during activation of the role.
- Require
Multifactor boolAuthentication - Is multi-factor authentication required to activate the role. Conflicts with
required_conditional_access_authentication_context. - Require
Ticket boolInfo - Is ticket information requrired during activation of the role.
- Required
Conditional stringAccess Authentication Context - The Entra ID Conditional Access context that must be present for activation. Conflicts with
require_multifactor_authentication.
- Approval
Stage RoleManagement Policy Activation Rules Approval Stage - An
approval_stageblock as defined below. - Maximum
Duration string - The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g.
PT8H). Valid range isPT30MtoPT23H30M, in 30 minute increments, orPT1D. - Require
Approval bool - Is approval required for activation. If
trueanapproval_stageblock must be provided. - Require
Justification bool - Is a justification required during activation of the role.
- Require
Multifactor boolAuthentication - Is multi-factor authentication required to activate the role. Conflicts with
required_conditional_access_authentication_context. - Require
Ticket boolInfo - Is ticket information requrired during activation of the role.
- Required
Conditional stringAccess Authentication Context - The Entra ID Conditional Access context that must be present for activation. Conflicts with
require_multifactor_authentication.
- approval
Stage RoleManagement Policy Activation Rules Approval Stage - An
approval_stageblock as defined below. - maximum
Duration String - The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g.
PT8H). Valid range isPT30MtoPT23H30M, in 30 minute increments, orPT1D. - require
Approval Boolean - Is approval required for activation. If
trueanapproval_stageblock must be provided. - require
Justification Boolean - Is a justification required during activation of the role.
- require
Multifactor BooleanAuthentication - Is multi-factor authentication required to activate the role. Conflicts with
required_conditional_access_authentication_context. - require
Ticket BooleanInfo - Is ticket information requrired during activation of the role.
- required
Conditional StringAccess Authentication Context - The Entra ID Conditional Access context that must be present for activation. Conflicts with
require_multifactor_authentication.
- approval
Stage RoleManagement Policy Activation Rules Approval Stage - An
approval_stageblock as defined below. - maximum
Duration string - The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g.
PT8H). Valid range isPT30MtoPT23H30M, in 30 minute increments, orPT1D. - require
Approval boolean - Is approval required for activation. If
trueanapproval_stageblock must be provided. - require
Justification boolean - Is a justification required during activation of the role.
- require
Multifactor booleanAuthentication - Is multi-factor authentication required to activate the role. Conflicts with
required_conditional_access_authentication_context. - require
Ticket booleanInfo - Is ticket information requrired during activation of the role.
- required
Conditional stringAccess Authentication Context - The Entra ID Conditional Access context that must be present for activation. Conflicts with
require_multifactor_authentication.
- approval_
stage RoleManagement Policy Activation Rules Approval Stage - An
approval_stageblock as defined below. - maximum_
duration str - The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g.
PT8H). Valid range isPT30MtoPT23H30M, in 30 minute increments, orPT1D. - require_
approval bool - Is approval required for activation. If
trueanapproval_stageblock must be provided. - require_
justification bool - Is a justification required during activation of the role.
- require_
multifactor_ boolauthentication - Is multi-factor authentication required to activate the role. Conflicts with
required_conditional_access_authentication_context. - require_
ticket_ boolinfo - Is ticket information requrired during activation of the role.
- required_
conditional_ straccess_ authentication_ context - The Entra ID Conditional Access context that must be present for activation. Conflicts with
require_multifactor_authentication.
- approval
Stage Property Map - An
approval_stageblock as defined below. - maximum
Duration String - The maximum length of time an activated role can be valid, in an ISO8601 Duration format (e.g.
PT8H). Valid range isPT30MtoPT23H30M, in 30 minute increments, orPT1D. - require
Approval Boolean - Is approval required for activation. If
trueanapproval_stageblock must be provided. - require
Justification Boolean - Is a justification required during activation of the role.
- require
Multifactor BooleanAuthentication - Is multi-factor authentication required to activate the role. Conflicts with
required_conditional_access_authentication_context. - require
Ticket BooleanInfo - Is ticket information requrired during activation of the role.
- required
Conditional StringAccess Authentication Context - The Entra ID Conditional Access context that must be present for activation. Conflicts with
require_multifactor_authentication.
RoleManagementPolicyActivationRulesApprovalStage, RoleManagementPolicyActivationRulesApprovalStageArgs
- Primary
Approvers List<RoleManagement Policy Activation Rules Approval Stage Primary Approver> - The IDs of the users or groups who can approve the activation
- Primary
Approvers []RoleManagement Policy Activation Rules Approval Stage Primary Approver - The IDs of the users or groups who can approve the activation
- primary
Approvers List<RoleManagement Policy Activation Rules Approval Stage Primary Approver> - The IDs of the users or groups who can approve the activation
- primary
Approvers RoleManagement Policy Activation Rules Approval Stage Primary Approver[] - The IDs of the users or groups who can approve the activation
- primary_
approvers Sequence[RoleManagement Policy Activation Rules Approval Stage Primary Approver] - The IDs of the users or groups who can approve the activation
- primary
Approvers List<Property Map> - The IDs of the users or groups who can approve the activation
RoleManagementPolicyActivationRulesApprovalStagePrimaryApprover, RoleManagementPolicyActivationRulesApprovalStagePrimaryApproverArgs
RoleManagementPolicyActiveAssignmentRules, RoleManagementPolicyActiveAssignmentRulesArgs
- Expiration
Required bool - Must an assignment have an expiry date.
falseallows permanent assignment. - Expire
After string - The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values:
P15D,P30D,P90D,P180D, orP365D. - Require
Justification bool - Is a justification required to create new assignments.
- Require
Multifactor boolAuthentication - Is multi-factor authentication required to create new assignments.
- Require
Ticket boolInfo Is ticket information required to create new assignments.
One of
expiration_requiredorexpire_aftermust be provided.
- Expiration
Required bool - Must an assignment have an expiry date.
falseallows permanent assignment. - Expire
After string - The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values:
P15D,P30D,P90D,P180D, orP365D. - Require
Justification bool - Is a justification required to create new assignments.
- Require
Multifactor boolAuthentication - Is multi-factor authentication required to create new assignments.
- Require
Ticket boolInfo Is ticket information required to create new assignments.
One of
expiration_requiredorexpire_aftermust be provided.
- expiration
Required Boolean - Must an assignment have an expiry date.
falseallows permanent assignment. - expire
After String - The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values:
P15D,P30D,P90D,P180D, orP365D. - require
Justification Boolean - Is a justification required to create new assignments.
- require
Multifactor BooleanAuthentication - Is multi-factor authentication required to create new assignments.
- require
Ticket BooleanInfo Is ticket information required to create new assignments.
One of
expiration_requiredorexpire_aftermust be provided.
- expiration
Required boolean - Must an assignment have an expiry date.
falseallows permanent assignment. - expire
After string - The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values:
P15D,P30D,P90D,P180D, orP365D. - require
Justification boolean - Is a justification required to create new assignments.
- require
Multifactor booleanAuthentication - Is multi-factor authentication required to create new assignments.
- require
Ticket booleanInfo Is ticket information required to create new assignments.
One of
expiration_requiredorexpire_aftermust be provided.
- expiration_
required bool - Must an assignment have an expiry date.
falseallows permanent assignment. - expire_
after str - The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values:
P15D,P30D,P90D,P180D, orP365D. - require_
justification bool - Is a justification required to create new assignments.
- require_
multifactor_ boolauthentication - Is multi-factor authentication required to create new assignments.
- require_
ticket_ boolinfo Is ticket information required to create new assignments.
One of
expiration_requiredorexpire_aftermust be provided.
- expiration
Required Boolean - Must an assignment have an expiry date.
falseallows permanent assignment. - expire
After String - The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values:
P15D,P30D,P90D,P180D, orP365D. - require
Justification Boolean - Is a justification required to create new assignments.
- require
Multifactor BooleanAuthentication - Is multi-factor authentication required to create new assignments.
- require
Ticket BooleanInfo Is ticket information required to create new assignments.
One of
expiration_requiredorexpire_aftermust be provided.
RoleManagementPolicyEligibleAssignmentRules, RoleManagementPolicyEligibleAssignmentRulesArgs
- Expiration
Required bool - Must an assignment have an expiry date.
falseallows permanent assignment. - Expire
After string The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values:
P15D,P30D,P90D,P180D, orP365D.One of
expiration_requiredorexpire_aftermust be provided.
- Expiration
Required bool - Must an assignment have an expiry date.
falseallows permanent assignment. - Expire
After string The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values:
P15D,P30D,P90D,P180D, orP365D.One of
expiration_requiredorexpire_aftermust be provided.
- expiration
Required Boolean - Must an assignment have an expiry date.
falseallows permanent assignment. - expire
After String The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values:
P15D,P30D,P90D,P180D, orP365D.One of
expiration_requiredorexpire_aftermust be provided.
- expiration
Required boolean - Must an assignment have an expiry date.
falseallows permanent assignment. - expire
After string The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values:
P15D,P30D,P90D,P180D, orP365D.One of
expiration_requiredorexpire_aftermust be provided.
- expiration_
required bool - Must an assignment have an expiry date.
falseallows permanent assignment. - expire_
after str The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values:
P15D,P30D,P90D,P180D, orP365D.One of
expiration_requiredorexpire_aftermust be provided.
- expiration
Required Boolean - Must an assignment have an expiry date.
falseallows permanent assignment. - expire
After String The maximum length of time an assignment can be valid, as an ISO8601 duration. Permitted values:
P15D,P30D,P90D,P180D, orP365D.One of
expiration_requiredorexpire_aftermust be provided.
RoleManagementPolicyNotificationRules, RoleManagementPolicyNotificationRulesArgs
- Active
Assignments RoleManagement Policy Notification Rules Active Assignments - A
notification_targetblock as defined below to configure notfications on active role assignments. - Eligible
Activations RoleManagement Policy Notification Rules Eligible Activations - A
notification_targetblock as defined below for configuring notifications on activation of eligible role. - Eligible
Assignments RoleManagement Policy Notification Rules Eligible Assignments A
notification_targetblock as defined below to configure notification on eligible role assignments.At least one
notification_targetblock must be provided.
- Active
Assignments RoleManagement Policy Notification Rules Active Assignments - A
notification_targetblock as defined below to configure notfications on active role assignments. - Eligible
Activations RoleManagement Policy Notification Rules Eligible Activations - A
notification_targetblock as defined below for configuring notifications on activation of eligible role. - Eligible
Assignments RoleManagement Policy Notification Rules Eligible Assignments A
notification_targetblock as defined below to configure notification on eligible role assignments.At least one
notification_targetblock must be provided.
- active
Assignments RoleManagement Policy Notification Rules Active Assignments - A
notification_targetblock as defined below to configure notfications on active role assignments. - eligible
Activations RoleManagement Policy Notification Rules Eligible Activations - A
notification_targetblock as defined below for configuring notifications on activation of eligible role. - eligible
Assignments RoleManagement Policy Notification Rules Eligible Assignments A
notification_targetblock as defined below to configure notification on eligible role assignments.At least one
notification_targetblock must be provided.
- active
Assignments RoleManagement Policy Notification Rules Active Assignments - A
notification_targetblock as defined below to configure notfications on active role assignments. - eligible
Activations RoleManagement Policy Notification Rules Eligible Activations - A
notification_targetblock as defined below for configuring notifications on activation of eligible role. - eligible
Assignments RoleManagement Policy Notification Rules Eligible Assignments A
notification_targetblock as defined below to configure notification on eligible role assignments.At least one
notification_targetblock must be provided.
- active_
assignments RoleManagement Policy Notification Rules Active Assignments - A
notification_targetblock as defined below to configure notfications on active role assignments. - eligible_
activations RoleManagement Policy Notification Rules Eligible Activations - A
notification_targetblock as defined below for configuring notifications on activation of eligible role. - eligible_
assignments RoleManagement Policy Notification Rules Eligible Assignments A
notification_targetblock as defined below to configure notification on eligible role assignments.At least one
notification_targetblock must be provided.
- active
Assignments Property Map - A
notification_targetblock as defined below to configure notfications on active role assignments. - eligible
Activations Property Map - A
notification_targetblock as defined below for configuring notifications on activation of eligible role. - eligible
Assignments Property Map A
notification_targetblock as defined below to configure notification on eligible role assignments.At least one
notification_targetblock must be provided.
RoleManagementPolicyNotificationRulesActiveAssignments, RoleManagementPolicyNotificationRulesActiveAssignmentsArgs
- Admin
Notifications RoleManagement Policy Notification Rules Active Assignments Admin Notifications - Admin notification settings
- Approver
Notifications RoleManagement Policy Notification Rules Active Assignments Approver Notifications - Approver notification settings
- Assignee
Notifications RoleManagement Policy Notification Rules Active Assignments Assignee Notifications - Assignee notification settings
- Admin
Notifications RoleManagement Policy Notification Rules Active Assignments Admin Notifications - Admin notification settings
- Approver
Notifications RoleManagement Policy Notification Rules Active Assignments Approver Notifications - Approver notification settings
- Assignee
Notifications RoleManagement Policy Notification Rules Active Assignments Assignee Notifications - Assignee notification settings
- admin
Notifications RoleManagement Policy Notification Rules Active Assignments Admin Notifications - Admin notification settings
- approver
Notifications RoleManagement Policy Notification Rules Active Assignments Approver Notifications - Approver notification settings
- assignee
Notifications RoleManagement Policy Notification Rules Active Assignments Assignee Notifications - Assignee notification settings
- admin
Notifications RoleManagement Policy Notification Rules Active Assignments Admin Notifications - Admin notification settings
- approver
Notifications RoleManagement Policy Notification Rules Active Assignments Approver Notifications - Approver notification settings
- assignee
Notifications RoleManagement Policy Notification Rules Active Assignments Assignee Notifications - Assignee notification settings
- admin_
notifications RoleManagement Policy Notification Rules Active Assignments Admin Notifications - Admin notification settings
- approver_
notifications RoleManagement Policy Notification Rules Active Assignments Approver Notifications - Approver notification settings
- assignee_
notifications RoleManagement Policy Notification Rules Active Assignments Assignee Notifications - Assignee notification settings
- admin
Notifications Property Map - Admin notification settings
- approver
Notifications Property Map - Approver notification settings
- assignee
Notifications Property Map - Assignee notification settings
RoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotifications, RoleManagementPolicyNotificationRulesActiveAssignmentsAdminNotificationsArgs
- Default
Recipients bool - Whether the default recipients are notified
- Notification
Level string - What level of notifications are sent
- Additional
Recipients List<string> - The additional recipients to notify
- Default
Recipients bool - Whether the default recipients are notified
- Notification
Level string - What level of notifications are sent
- Additional
Recipients []string - The additional recipients to notify
- default
Recipients Boolean - Whether the default recipients are notified
- notification
Level String - What level of notifications are sent
- additional
Recipients List<String> - The additional recipients to notify
- default
Recipients boolean - Whether the default recipients are notified
- notification
Level string - What level of notifications are sent
- additional
Recipients string[] - The additional recipients to notify
- default_
recipients bool - Whether the default recipients are notified
- notification_
level str - What level of notifications are sent
- additional_
recipients Sequence[str] - The additional recipients to notify
- default
Recipients Boolean - Whether the default recipients are notified
- notification
Level String - What level of notifications are sent
- additional
Recipients List<String> - The additional recipients to notify
RoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotifications, RoleManagementPolicyNotificationRulesActiveAssignmentsApproverNotificationsArgs
- Default
Recipients bool - Whether the default recipients are notified
- Notification
Level string - What level of notifications are sent
- Additional
Recipients List<string> - The additional recipients to notify
- Default
Recipients bool - Whether the default recipients are notified
- Notification
Level string - What level of notifications are sent
- Additional
Recipients []string - The additional recipients to notify
- default
Recipients Boolean - Whether the default recipients are notified
- notification
Level String - What level of notifications are sent
- additional
Recipients List<String> - The additional recipients to notify
- default
Recipients boolean - Whether the default recipients are notified
- notification
Level string - What level of notifications are sent
- additional
Recipients string[] - The additional recipients to notify
- default_
recipients bool - Whether the default recipients are notified
- notification_
level str - What level of notifications are sent
- additional_
recipients Sequence[str] - The additional recipients to notify
- default
Recipients Boolean - Whether the default recipients are notified
- notification
Level String - What level of notifications are sent
- additional
Recipients List<String> - The additional recipients to notify
RoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotifications, RoleManagementPolicyNotificationRulesActiveAssignmentsAssigneeNotificationsArgs
- Default
Recipients bool - Whether the default recipients are notified
- Notification
Level string - What level of notifications are sent
- Additional
Recipients List<string> - The additional recipients to notify
- Default
Recipients bool - Whether the default recipients are notified
- Notification
Level string - What level of notifications are sent
- Additional
Recipients []string - The additional recipients to notify
- default
Recipients Boolean - Whether the default recipients are notified
- notification
Level String - What level of notifications are sent
- additional
Recipients List<String> - The additional recipients to notify
- default
Recipients boolean - Whether the default recipients are notified
- notification
Level string - What level of notifications are sent
- additional
Recipients string[] - The additional recipients to notify
- default_
recipients bool - Whether the default recipients are notified
- notification_
level str - What level of notifications are sent
- additional_
recipients Sequence[str] - The additional recipients to notify
- default
Recipients Boolean - Whether the default recipients are notified
- notification
Level String - What level of notifications are sent
- additional
Recipients List<String> - The additional recipients to notify
RoleManagementPolicyNotificationRulesEligibleActivations, RoleManagementPolicyNotificationRulesEligibleActivationsArgs
- Admin
Notifications RoleManagement Policy Notification Rules Eligible Activations Admin Notifications - Admin notification settings
- Approver
Notifications RoleManagement Policy Notification Rules Eligible Activations Approver Notifications - Approver notification settings
- Assignee
Notifications RoleManagement Policy Notification Rules Eligible Activations Assignee Notifications - Assignee notification settings
- Admin
Notifications RoleManagement Policy Notification Rules Eligible Activations Admin Notifications - Admin notification settings
- Approver
Notifications RoleManagement Policy Notification Rules Eligible Activations Approver Notifications - Approver notification settings
- Assignee
Notifications RoleManagement Policy Notification Rules Eligible Activations Assignee Notifications - Assignee notification settings
- admin
Notifications RoleManagement Policy Notification Rules Eligible Activations Admin Notifications - Admin notification settings
- approver
Notifications RoleManagement Policy Notification Rules Eligible Activations Approver Notifications - Approver notification settings
- assignee
Notifications RoleManagement Policy Notification Rules Eligible Activations Assignee Notifications - Assignee notification settings
- admin
Notifications RoleManagement Policy Notification Rules Eligible Activations Admin Notifications - Admin notification settings
- approver
Notifications RoleManagement Policy Notification Rules Eligible Activations Approver Notifications - Approver notification settings
- assignee
Notifications RoleManagement Policy Notification Rules Eligible Activations Assignee Notifications - Assignee notification settings
- admin_
notifications RoleManagement Policy Notification Rules Eligible Activations Admin Notifications - Admin notification settings
- approver_
notifications RoleManagement Policy Notification Rules Eligible Activations Approver Notifications - Approver notification settings
- assignee_
notifications RoleManagement Policy Notification Rules Eligible Activations Assignee Notifications - Assignee notification settings
- admin
Notifications Property Map - Admin notification settings
- approver
Notifications Property Map - Approver notification settings
- assignee
Notifications Property Map - Assignee notification settings
RoleManagementPolicyNotificationRulesEligibleActivationsAdminNotifications, RoleManagementPolicyNotificationRulesEligibleActivationsAdminNotificationsArgs
- Default
Recipients bool - Whether the default recipients are notified
- Notification
Level string - What level of notifications are sent
- Additional
Recipients List<string> - The additional recipients to notify
- Default
Recipients bool - Whether the default recipients are notified
- Notification
Level string - What level of notifications are sent
- Additional
Recipients []string - The additional recipients to notify
- default
Recipients Boolean - Whether the default recipients are notified
- notification
Level String - What level of notifications are sent
- additional
Recipients List<String> - The additional recipients to notify
- default
Recipients boolean - Whether the default recipients are notified
- notification
Level string - What level of notifications are sent
- additional
Recipients string[] - The additional recipients to notify
- default_
recipients bool - Whether the default recipients are notified
- notification_
level str - What level of notifications are sent
- additional_
recipients Sequence[str] - The additional recipients to notify
- default
Recipients Boolean - Whether the default recipients are notified
- notification
Level String - What level of notifications are sent
- additional
Recipients List<String> - The additional recipients to notify
RoleManagementPolicyNotificationRulesEligibleActivationsApproverNotifications, RoleManagementPolicyNotificationRulesEligibleActivationsApproverNotificationsArgs
- Default
Recipients bool - Whether the default recipients are notified
- Notification
Level string - What level of notifications are sent
- Additional
Recipients List<string> - The additional recipients to notify
- Default
Recipients bool - Whether the default recipients are notified
- Notification
Level string - What level of notifications are sent
- Additional
Recipients []string - The additional recipients to notify
- default
Recipients Boolean - Whether the default recipients are notified
- notification
Level String - What level of notifications are sent
- additional
Recipients List<String> - The additional recipients to notify
- default
Recipients boolean - Whether the default recipients are notified
- notification
Level string - What level of notifications are sent
- additional
Recipients string[] - The additional recipients to notify
- default_
recipients bool - Whether the default recipients are notified
- notification_
level str - What level of notifications are sent
- additional_
recipients Sequence[str] - The additional recipients to notify
- default
Recipients Boolean - Whether the default recipients are notified
- notification
Level String - What level of notifications are sent
- additional
Recipients List<String> - The additional recipients to notify
RoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotifications, RoleManagementPolicyNotificationRulesEligibleActivationsAssigneeNotificationsArgs
- Default
Recipients bool - Whether the default recipients are notified
- Notification
Level string - What level of notifications are sent
- Additional
Recipients List<string> - The additional recipients to notify
- Default
Recipients bool - Whether the default recipients are notified
- Notification
Level string - What level of notifications are sent
- Additional
Recipients []string - The additional recipients to notify
- default
Recipients Boolean - Whether the default recipients are notified
- notification
Level String - What level of notifications are sent
- additional
Recipients List<String> - The additional recipients to notify
- default
Recipients boolean - Whether the default recipients are notified
- notification
Level string - What level of notifications are sent
- additional
Recipients string[] - The additional recipients to notify
- default_
recipients bool - Whether the default recipients are notified
- notification_
level str - What level of notifications are sent
- additional_
recipients Sequence[str] - The additional recipients to notify
- default
Recipients Boolean - Whether the default recipients are notified
- notification
Level String - What level of notifications are sent
- additional
Recipients List<String> - The additional recipients to notify
RoleManagementPolicyNotificationRulesEligibleAssignments, RoleManagementPolicyNotificationRulesEligibleAssignmentsArgs
- Admin
Notifications RoleManagement Policy Notification Rules Eligible Assignments Admin Notifications - Admin notification settings
- Approver
Notifications RoleManagement Policy Notification Rules Eligible Assignments Approver Notifications - Approver notification settings
- Assignee
Notifications RoleManagement Policy Notification Rules Eligible Assignments Assignee Notifications - Assignee notification settings
- Admin
Notifications RoleManagement Policy Notification Rules Eligible Assignments Admin Notifications - Admin notification settings
- Approver
Notifications RoleManagement Policy Notification Rules Eligible Assignments Approver Notifications - Approver notification settings
- Assignee
Notifications RoleManagement Policy Notification Rules Eligible Assignments Assignee Notifications - Assignee notification settings
- admin
Notifications RoleManagement Policy Notification Rules Eligible Assignments Admin Notifications - Admin notification settings
- approver
Notifications RoleManagement Policy Notification Rules Eligible Assignments Approver Notifications - Approver notification settings
- assignee
Notifications RoleManagement Policy Notification Rules Eligible Assignments Assignee Notifications - Assignee notification settings
- admin
Notifications RoleManagement Policy Notification Rules Eligible Assignments Admin Notifications - Admin notification settings
- approver
Notifications RoleManagement Policy Notification Rules Eligible Assignments Approver Notifications - Approver notification settings
- assignee
Notifications RoleManagement Policy Notification Rules Eligible Assignments Assignee Notifications - Assignee notification settings
- admin_
notifications RoleManagement Policy Notification Rules Eligible Assignments Admin Notifications - Admin notification settings
- approver_
notifications RoleManagement Policy Notification Rules Eligible Assignments Approver Notifications - Approver notification settings
- assignee_
notifications RoleManagement Policy Notification Rules Eligible Assignments Assignee Notifications - Assignee notification settings
- admin
Notifications Property Map - Admin notification settings
- approver
Notifications Property Map - Approver notification settings
- assignee
Notifications Property Map - Assignee notification settings
RoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotifications, RoleManagementPolicyNotificationRulesEligibleAssignmentsAdminNotificationsArgs
- Default
Recipients bool - Whether the default recipients are notified
- Notification
Level string - What level of notifications are sent
- Additional
Recipients List<string> - The additional recipients to notify
- Default
Recipients bool - Whether the default recipients are notified
- Notification
Level string - What level of notifications are sent
- Additional
Recipients []string - The additional recipients to notify
- default
Recipients Boolean - Whether the default recipients are notified
- notification
Level String - What level of notifications are sent
- additional
Recipients List<String> - The additional recipients to notify
- default
Recipients boolean - Whether the default recipients are notified
- notification
Level string - What level of notifications are sent
- additional
Recipients string[] - The additional recipients to notify
- default_
recipients bool - Whether the default recipients are notified
- notification_
level str - What level of notifications are sent
- additional_
recipients Sequence[str] - The additional recipients to notify
- default
Recipients Boolean - Whether the default recipients are notified
- notification
Level String - What level of notifications are sent
- additional
Recipients List<String> - The additional recipients to notify
RoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotifications, RoleManagementPolicyNotificationRulesEligibleAssignmentsApproverNotificationsArgs
- Default
Recipients bool - Whether the default recipients are notified
- Notification
Level string - What level of notifications are sent
- Additional
Recipients List<string> - The additional recipients to notify
- Default
Recipients bool - Whether the default recipients are notified
- Notification
Level string - What level of notifications are sent
- Additional
Recipients []string - The additional recipients to notify
- default
Recipients Boolean - Whether the default recipients are notified
- notification
Level String - What level of notifications are sent
- additional
Recipients List<String> - The additional recipients to notify
- default
Recipients boolean - Whether the default recipients are notified
- notification
Level string - What level of notifications are sent
- additional
Recipients string[] - The additional recipients to notify
- default_
recipients bool - Whether the default recipients are notified
- notification_
level str - What level of notifications are sent
- additional_
recipients Sequence[str] - The additional recipients to notify
- default
Recipients Boolean - Whether the default recipients are notified
- notification
Level String - What level of notifications are sent
- additional
Recipients List<String> - The additional recipients to notify
RoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotifications, RoleManagementPolicyNotificationRulesEligibleAssignmentsAssigneeNotificationsArgs
- Default
Recipients bool - Whether the default recipients are notified
- Notification
Level string - What level of notifications are sent
- Additional
Recipients List<string> - The additional recipients to notify
- Default
Recipients bool - Whether the default recipients are notified
- Notification
Level string - What level of notifications are sent
- Additional
Recipients []string - The additional recipients to notify
- default
Recipients Boolean - Whether the default recipients are notified
- notification
Level String - What level of notifications are sent
- additional
Recipients List<String> - The additional recipients to notify
- default
Recipients boolean - Whether the default recipients are notified
- notification
Level string - What level of notifications are sent
- additional
Recipients string[] - The additional recipients to notify
- default_
recipients bool - Whether the default recipients are notified
- notification_
level str - What level of notifications are sent
- additional_
recipients Sequence[str] - The additional recipients to notify
- default
Recipients Boolean - Whether the default recipients are notified
- notification
Level String - What level of notifications are sent
- additional
Recipients List<String> - The additional recipients to notify
Import
Because these policies are created automatically by Azure, they will auto-import on first use. They can be imported using the resource id of the role definition, combined with the scope id, e.g.
$ pulumi import azure:pim/roleManagementPolicy:RoleManagementPolicy example "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/00000000-0000-0000-0000-000000000000|<scope>"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.