Azure v6.22.0, Apr 1 25

We recommend using Azure Native.

Azure v6.22.0 published on Tuesday, Apr 1, 2025 by Pulumi

azure.pim.ActiveRoleAssignment

Explore with Pulumi AI

We recommend using Azure Native.

Azure v6.22.0 published on Tuesday, Apr 1, 2025 by Pulumi

pulumi/pulumi-azure

Example Usage

Subscription)

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as time from "@pulumiverse/time";

const primary = azure.core.getSubscription({});
const example = azure.core.getClientConfig({});
const exampleGetRoleDefinition = azure.authorization.getRoleDefinition({
    name: "Reader",
});
const exampleStatic = new time.Static("example", {});
const exampleActiveRoleAssignment = new azure.pim.ActiveRoleAssignment("example", {
    scope: primary.then(primary => primary.id),
    roleDefinitionId: Promise.all([primary, exampleGetRoleDefinition]).then(([primary, exampleGetRoleDefinition]) => `${primary.id}${exampleGetRoleDefinition.id}`),
    principalId: example.then(example => example.objectId),
    schedule: {
        startDateTime: exampleStatic.rfc3339,
        expiration: {
            durationHours: 8,
        },
    },
    justification: "Expiration Duration Set",
    ticket: {
        number: "1",
        system: "example ticket system",
    },
});

import pulumi
import pulumi_azure as azure
import pulumiverse_time as time

primary = azure.core.get_subscription()
example = azure.core.get_client_config()
example_get_role_definition = azure.authorization.get_role_definition(name="Reader")
example_static = time.Static("example")
example_active_role_assignment = azure.pim.ActiveRoleAssignment("example",
    scope=primary.id,
    role_definition_id=f"{primary.id}{example_get_role_definition.id}",
    principal_id=example.object_id,
    schedule={
        "start_date_time": example_static.rfc3339,
        "expiration": {
            "duration_hours": 8,
        },
    },
    justification="Expiration Duration Set",
    ticket={
        "number": "1",
        "system": "example ticket system",
    })

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/pim"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumiverse/pulumi-time/sdk/go/time"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.LookupSubscription(ctx, &core.LookupSubscriptionArgs{}, nil)
		if err != nil {
			return err
		}
		example, err := core.GetClientConfig(ctx, map[string]interface{}{}, nil)
		if err != nil {
			return err
		}
		exampleGetRoleDefinition, err := authorization.LookupRoleDefinition(ctx, &authorization.LookupRoleDefinitionArgs{
			Name: pulumi.StringRef("Reader"),
		}, nil)
		if err != nil {
			return err
		}
		exampleStatic, err := time.NewStatic(ctx, "example", nil)
		if err != nil {
			return err
		}
		_, err = pim.NewActiveRoleAssignment(ctx, "example", &pim.ActiveRoleAssignmentArgs{
			Scope:            pulumi.String(primary.Id),
			RoleDefinitionId: pulumi.Sprintf("%v%v", primary.Id, exampleGetRoleDefinition.Id),
			PrincipalId:      pulumi.String(example.ObjectId),
			Schedule: &pim.ActiveRoleAssignmentScheduleArgs{
				StartDateTime: exampleStatic.Rfc3339,
				Expiration: &pim.ActiveRoleAssignmentScheduleExpirationArgs{
					DurationHours: pulumi.Int(8),
				},
			},
			Justification: pulumi.String("Expiration Duration Set"),
			Ticket: &pim.ActiveRoleAssignmentTicketArgs{
				Number: pulumi.String("1"),
				System: pulumi.String("example ticket system"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
using Time = Pulumiverse.Time;

return await Deployment.RunAsync(() => 
{
    var primary = Azure.Core.GetSubscription.Invoke();

    var example = Azure.Core.GetClientConfig.Invoke();

    var exampleGetRoleDefinition = Azure.Authorization.GetRoleDefinition.Invoke(new()
    {
        Name = "Reader",
    });

    var exampleStatic = new Time.Static("example");

    var exampleActiveRoleAssignment = new Azure.Pim.ActiveRoleAssignment("example", new()
    {
        Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
        RoleDefinitionId = Output.Tuple(primary, exampleGetRoleDefinition).Apply(values =>
        {
            var primary = values.Item1;
            var exampleGetRoleDefinition = values.Item2;
            return $"{primary.Apply(getSubscriptionResult => getSubscriptionResult.Id)}{exampleGetRoleDefinition.Apply(getRoleDefinitionResult => getRoleDefinitionResult.Id)}";
        }),
        PrincipalId = example.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
        Schedule = new Azure.Pim.Inputs.ActiveRoleAssignmentScheduleArgs
        {
            StartDateTime = exampleStatic.Rfc3339,
            Expiration = new Azure.Pim.Inputs.ActiveRoleAssignmentScheduleExpirationArgs
            {
                DurationHours = 8,
            },
        },
        Justification = "Expiration Duration Set",
        Ticket = new Azure.Pim.Inputs.ActiveRoleAssignmentTicketArgs
        {
            Number = "1",
            System = "example ticket system",
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
import com.pulumi.azure.authorization.AuthorizationFunctions;
import com.pulumi.azure.authorization.inputs.GetRoleDefinitionArgs;
import com.pulumi.time.Static;
import com.pulumi.azure.pim.ActiveRoleAssignment;
import com.pulumi.azure.pim.ActiveRoleAssignmentArgs;
import com.pulumi.azure.pim.inputs.ActiveRoleAssignmentScheduleArgs;
import com.pulumi.azure.pim.inputs.ActiveRoleAssignmentScheduleExpirationArgs;
import com.pulumi.azure.pim.inputs.ActiveRoleAssignmentTicketArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var primary = CoreFunctions.getSubscription();

        final var example = CoreFunctions.getClientConfig();

        final var exampleGetRoleDefinition = AuthorizationFunctions.getRoleDefinition(GetRoleDefinitionArgs.builder()
            .name("Reader")
            .build());

        var exampleStatic = new Static("exampleStatic");

        var exampleActiveRoleAssignment = new ActiveRoleAssignment("exampleActiveRoleAssignment", ActiveRoleAssignmentArgs.builder()
            .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
            .roleDefinitionId(String.format("%s%s", primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()),exampleGetRoleDefinition.applyValue(getRoleDefinitionResult -> getRoleDefinitionResult.id())))
            .principalId(example.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
            .schedule(ActiveRoleAssignmentScheduleArgs.builder()
                .startDateTime(exampleStatic.rfc3339())
                .expiration(ActiveRoleAssignmentScheduleExpirationArgs.builder()
                    .durationHours(8)
                    .build())
                .build())
            .justification("Expiration Duration Set")
            .ticket(ActiveRoleAssignmentTicketArgs.builder()
                .number("1")
                .system("example ticket system")
                .build())
            .build());

    }
}

resources:
  exampleStatic:
    type: time:Static
    name: example
  exampleActiveRoleAssignment:
    type: azure:pim:ActiveRoleAssignment
    name: example
    properties:
      scope: ${primary.id}
      roleDefinitionId: ${primary.id}${exampleGetRoleDefinition.id}
      principalId: ${example.objectId}
      schedule:
        startDateTime: ${exampleStatic.rfc3339}
        expiration:
          durationHours: 8
      justification: Expiration Duration Set
      ticket:
        number: '1'
        system: example ticket system
variables:
  primary:
    fn::invoke:
      function: azure:core:getSubscription
      arguments: {}
  example:
    fn::invoke:
      function: azure:core:getClientConfig
      arguments: {}
  exampleGetRoleDefinition:
    fn::invoke:
      function: azure:authorization:getRoleDefinition
      arguments:
        name: Reader

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as time from "@pulumiverse/time";

const example = azure.core.getClientConfig({});
const exampleGetRoleDefinition = azure.authorization.getRoleDefinition({
    name: "Reader",
});
const exampleGroup = new azure.management.Group("example", {name: "Example-Management-Group"});
const exampleStatic = new time.Static("example", {});
const exampleActiveRoleAssignment = new azure.pim.ActiveRoleAssignment("example", {
    scope: exampleGroup.id,
    roleDefinitionId: exampleGetRoleDefinition.then(exampleGetRoleDefinition => exampleGetRoleDefinition.id),
    principalId: example.then(example => example.objectId),
    schedule: {
        startDateTime: exampleStatic.rfc3339,
        expiration: {
            durationHours: 8,
        },
    },
    justification: "Expiration Duration Set",
    ticket: {
        number: "1",
        system: "example ticket system",
    },
});

import pulumi
import pulumi_azure as azure
import pulumiverse_time as time

example = azure.core.get_client_config()
example_get_role_definition = azure.authorization.get_role_definition(name="Reader")
example_group = azure.management.Group("example", name="Example-Management-Group")
example_static = time.Static("example")
example_active_role_assignment = azure.pim.ActiveRoleAssignment("example",
    scope=example_group.id,
    role_definition_id=example_get_role_definition.id,
    principal_id=example.object_id,
    schedule={
        "start_date_time": example_static.rfc3339,
        "expiration": {
            "duration_hours": 8,
        },
    },
    justification="Expiration Duration Set",
    ticket={
        "number": "1",
        "system": "example ticket system",
    })

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/management"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/pim"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumiverse/pulumi-time/sdk/go/time"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.GetClientConfig(ctx, map[string]interface{}{}, nil)
		if err != nil {
			return err
		}
		exampleGetRoleDefinition, err := authorization.LookupRoleDefinition(ctx, &authorization.LookupRoleDefinitionArgs{
			Name: pulumi.StringRef("Reader"),
		}, nil)
		if err != nil {
			return err
		}
		exampleGroup, err := management.NewGroup(ctx, "example", &management.GroupArgs{
			Name: pulumi.String("Example-Management-Group"),
		})
		if err != nil {
			return err
		}
		exampleStatic, err := time.NewStatic(ctx, "example", nil)
		if err != nil {
			return err
		}
		_, err = pim.NewActiveRoleAssignment(ctx, "example", &pim.ActiveRoleAssignmentArgs{
			Scope:            exampleGroup.ID(),
			RoleDefinitionId: pulumi.String(exampleGetRoleDefinition.Id),
			PrincipalId:      pulumi.String(example.ObjectId),
			Schedule: &pim.ActiveRoleAssignmentScheduleArgs{
				StartDateTime: exampleStatic.Rfc3339,
				Expiration: &pim.ActiveRoleAssignmentScheduleExpirationArgs{
					DurationHours: pulumi.Int(8),
				},
			},
			Justification: pulumi.String("Expiration Duration Set"),
			Ticket: &pim.ActiveRoleAssignmentTicketArgs{
				Number: pulumi.String("1"),
				System: pulumi.String("example ticket system"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
using Time = Pulumiverse.Time;

return await Deployment.RunAsync(() => 
{
    var example = Azure.Core.GetClientConfig.Invoke();

    var exampleGetRoleDefinition = Azure.Authorization.GetRoleDefinition.Invoke(new()
    {
        Name = "Reader",
    });

    var exampleGroup = new Azure.Management.Group("example", new()
    {
        Name = "Example-Management-Group",
    });

    var exampleStatic = new Time.Static("example");

    var exampleActiveRoleAssignment = new Azure.Pim.ActiveRoleAssignment("example", new()
    {
        Scope = exampleGroup.Id,
        RoleDefinitionId = exampleGetRoleDefinition.Apply(getRoleDefinitionResult => getRoleDefinitionResult.Id),
        PrincipalId = example.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
        Schedule = new Azure.Pim.Inputs.ActiveRoleAssignmentScheduleArgs
        {
            StartDateTime = exampleStatic.Rfc3339,
            Expiration = new Azure.Pim.Inputs.ActiveRoleAssignmentScheduleExpirationArgs
            {
                DurationHours = 8,
            },
        },
        Justification = "Expiration Duration Set",
        Ticket = new Azure.Pim.Inputs.ActiveRoleAssignmentTicketArgs
        {
            Number = "1",
            System = "example ticket system",
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.authorization.AuthorizationFunctions;
import com.pulumi.azure.authorization.inputs.GetRoleDefinitionArgs;
import com.pulumi.azure.management.Group;
import com.pulumi.azure.management.GroupArgs;
import com.pulumi.time.Static;
import com.pulumi.azure.pim.ActiveRoleAssignment;
import com.pulumi.azure.pim.ActiveRoleAssignmentArgs;
import com.pulumi.azure.pim.inputs.ActiveRoleAssignmentScheduleArgs;
import com.pulumi.azure.pim.inputs.ActiveRoleAssignmentScheduleExpirationArgs;
import com.pulumi.azure.pim.inputs.ActiveRoleAssignmentTicketArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = CoreFunctions.getClientConfig();

        final var exampleGetRoleDefinition = AuthorizationFunctions.getRoleDefinition(GetRoleDefinitionArgs.builder()
            .name("Reader")
            .build());

        var exampleGroup = new Group("exampleGroup", GroupArgs.builder()
            .name("Example-Management-Group")
            .build());

        var exampleStatic = new Static("exampleStatic");

        var exampleActiveRoleAssignment = new ActiveRoleAssignment("exampleActiveRoleAssignment", ActiveRoleAssignmentArgs.builder()
            .scope(exampleGroup.id())
            .roleDefinitionId(exampleGetRoleDefinition.applyValue(getRoleDefinitionResult -> getRoleDefinitionResult.id()))
            .principalId(example.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
            .schedule(ActiveRoleAssignmentScheduleArgs.builder()
                .startDateTime(exampleStatic.rfc3339())
                .expiration(ActiveRoleAssignmentScheduleExpirationArgs.builder()
                    .durationHours(8)
                    .build())
                .build())
            .justification("Expiration Duration Set")
            .ticket(ActiveRoleAssignmentTicketArgs.builder()
                .number("1")
                .system("example ticket system")
                .build())
            .build());

    }
}

resources:
  exampleGroup:
    type: azure:management:Group
    name: example
    properties:
      name: Example-Management-Group
  exampleStatic:
    type: time:Static
    name: example
  exampleActiveRoleAssignment:
    type: azure:pim:ActiveRoleAssignment
    name: example
    properties:
      scope: ${exampleGroup.id}
      roleDefinitionId: ${exampleGetRoleDefinition.id}
      principalId: ${example.objectId}
      schedule:
        startDateTime: ${exampleStatic.rfc3339}
        expiration:
          durationHours: 8
      justification: Expiration Duration Set
      ticket:
        number: '1'
        system: example ticket system
variables:
  example:
    fn::invoke:
      function: azure:core:getClientConfig
      arguments: {}
  exampleGetRoleDefinition:
    fn::invoke:
      function: azure:authorization:getRoleDefinition
      arguments:
        name: Reader

Create ActiveRoleAssignment Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

TypeScript
Python
Go
C#
Java
YAML

new ActiveRoleAssignment(name: string, args: ActiveRoleAssignmentArgs, opts?: CustomResourceOptions);

@overload
def ActiveRoleAssignment(resource_name: str,
                         args: ActiveRoleAssignmentArgs,
                         opts: Optional[ResourceOptions] = None)

@overload
def ActiveRoleAssignment(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         principal_id: Optional[str] = None,
                         role_definition_id: Optional[str] = None,
                         scope: Optional[str] = None,
                         justification: Optional[str] = None,
                         schedule: Optional[ActiveRoleAssignmentScheduleArgs] = None,
                         ticket: Optional[ActiveRoleAssignmentTicketArgs] = None)

func NewActiveRoleAssignment(ctx *Context, name string, args ActiveRoleAssignmentArgs, opts ...ResourceOption) (*ActiveRoleAssignment, error)

public ActiveRoleAssignment(string name, ActiveRoleAssignmentArgs args, CustomResourceOptions? opts = null)

public ActiveRoleAssignment(String name, ActiveRoleAssignmentArgs args)
public ActiveRoleAssignment(String name, ActiveRoleAssignmentArgs args, CustomResourceOptions options)

type: azure:pim:ActiveRoleAssignment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ActiveRoleAssignmentArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ActiveRoleAssignmentArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ActiveRoleAssignmentArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ActiveRoleAssignmentArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ActiveRoleAssignmentArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

TypeScript
Python
Go
C#
Java
YAML

var activeRoleAssignmentResource = new Azure.Pim.ActiveRoleAssignment("activeRoleAssignmentResource", new()
{
    PrincipalId = "string",
    RoleDefinitionId = "string",
    Scope = "string",
    Justification = "string",
    Schedule = new Azure.Pim.Inputs.ActiveRoleAssignmentScheduleArgs
    {
        Expiration = new Azure.Pim.Inputs.ActiveRoleAssignmentScheduleExpirationArgs
        {
            DurationDays = 0,
            DurationHours = 0,
            EndDateTime = "string",
        },
        StartDateTime = "string",
    },
    Ticket = new Azure.Pim.Inputs.ActiveRoleAssignmentTicketArgs
    {
        Number = "string",
        System = "string",
    },
});

example, err := pim.NewActiveRoleAssignment(ctx, "activeRoleAssignmentResource", &pim.ActiveRoleAssignmentArgs{
	PrincipalId:      pulumi.String("string"),
	RoleDefinitionId: pulumi.String("string"),
	Scope:            pulumi.String("string"),
	Justification:    pulumi.String("string"),
	Schedule: &pim.ActiveRoleAssignmentScheduleArgs{
		Expiration: &pim.ActiveRoleAssignmentScheduleExpirationArgs{
			DurationDays:  pulumi.Int(0),
			DurationHours: pulumi.Int(0),
			EndDateTime:   pulumi.String("string"),
		},
		StartDateTime: pulumi.String("string"),
	},
	Ticket: &pim.ActiveRoleAssignmentTicketArgs{
		Number: pulumi.String("string"),
		System: pulumi.String("string"),
	},
})

var activeRoleAssignmentResource = new ActiveRoleAssignment("activeRoleAssignmentResource", ActiveRoleAssignmentArgs.builder()
    .principalId("string")
    .roleDefinitionId("string")
    .scope("string")
    .justification("string")
    .schedule(ActiveRoleAssignmentScheduleArgs.builder()
        .expiration(ActiveRoleAssignmentScheduleExpirationArgs.builder()
            .durationDays(0)
            .durationHours(0)
            .endDateTime("string")
            .build())
        .startDateTime("string")
        .build())
    .ticket(ActiveRoleAssignmentTicketArgs.builder()
        .number("string")
        .system("string")
        .build())
    .build());

active_role_assignment_resource = azure.pim.ActiveRoleAssignment("activeRoleAssignmentResource",
    principal_id="string",
    role_definition_id="string",
    scope="string",
    justification="string",
    schedule={
        "expiration": {
            "duration_days": 0,
            "duration_hours": 0,
            "end_date_time": "string",
        },
        "start_date_time": "string",
    },
    ticket={
        "number": "string",
        "system": "string",
    })

const activeRoleAssignmentResource = new azure.pim.ActiveRoleAssignment("activeRoleAssignmentResource", {
    principalId: "string",
    roleDefinitionId: "string",
    scope: "string",
    justification: "string",
    schedule: {
        expiration: {
            durationDays: 0,
            durationHours: 0,
            endDateTime: "string",
        },
        startDateTime: "string",
    },
    ticket: {
        number: "string",
        system: "string",
    },
});

type: azure:pim:ActiveRoleAssignment
properties:
    justification: string
    principalId: string
    roleDefinitionId: string
    schedule:
        expiration:
            durationDays: 0
            durationHours: 0
            endDateTime: string
        startDateTime: string
    scope: string
    ticket:
        number: string
        system: string

ActiveRoleAssignment Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ActiveRoleAssignment resource accepts the following input properties:

PrincipalId string: Object ID of the principal for this role assignment. Changing this forces a new resource to be created.
RoleDefinitionId string: The role definition ID for this role assignment. Changing this forces a new resource to be created.
Scope string: The scope for this role assignment, should be a valid resource ID. Changing this forces a new resource to be created.
Justification string: The justification for the role assignment. Changing this forces a new resource to be created.
Schedule ActiveRoleAssignmentSchedule: A schedule block as defined below. Changing this forces a new resource to be created.
Ticket ActiveRoleAssignmentTicket: A ticket block as defined below. Changing this forces a new resource to be created.

PrincipalId string: Object ID of the principal for this role assignment. Changing this forces a new resource to be created.
RoleDefinitionId string: The role definition ID for this role assignment. Changing this forces a new resource to be created.
Scope string: The scope for this role assignment, should be a valid resource ID. Changing this forces a new resource to be created.
Justification string: The justification for the role assignment. Changing this forces a new resource to be created.
Schedule ActiveRoleAssignmentScheduleArgs: A schedule block as defined below. Changing this forces a new resource to be created.
Ticket ActiveRoleAssignmentTicketArgs: A ticket block as defined below. Changing this forces a new resource to be created.

principalId String: Object ID of the principal for this role assignment. Changing this forces a new resource to be created.
roleDefinitionId String: The role definition ID for this role assignment. Changing this forces a new resource to be created.
scope String: The scope for this role assignment, should be a valid resource ID. Changing this forces a new resource to be created.
justification String: The justification for the role assignment. Changing this forces a new resource to be created.
schedule ActiveRoleAssignmentSchedule: A schedule block as defined below. Changing this forces a new resource to be created.
ticket ActiveRoleAssignmentTicket: A ticket block as defined below. Changing this forces a new resource to be created.

principalId string: Object ID of the principal for this role assignment. Changing this forces a new resource to be created.
roleDefinitionId string: The role definition ID for this role assignment. Changing this forces a new resource to be created.
scope string: The scope for this role assignment, should be a valid resource ID. Changing this forces a new resource to be created.
justification string: The justification for the role assignment. Changing this forces a new resource to be created.
schedule ActiveRoleAssignmentSchedule: A schedule block as defined below. Changing this forces a new resource to be created.
ticket ActiveRoleAssignmentTicket: A ticket block as defined below. Changing this forces a new resource to be created.

principal_id str: Object ID of the principal for this role assignment. Changing this forces a new resource to be created.
role_definition_id str: The role definition ID for this role assignment. Changing this forces a new resource to be created.
scope str: The scope for this role assignment, should be a valid resource ID. Changing this forces a new resource to be created.
justification str: The justification for the role assignment. Changing this forces a new resource to be created.
schedule ActiveRoleAssignmentScheduleArgs: A schedule block as defined below. Changing this forces a new resource to be created.
ticket ActiveRoleAssignmentTicketArgs: A ticket block as defined below. Changing this forces a new resource to be created.

principalId String: Object ID of the principal for this role assignment. Changing this forces a new resource to be created.
roleDefinitionId String: The role definition ID for this role assignment. Changing this forces a new resource to be created.
scope String: The scope for this role assignment, should be a valid resource ID. Changing this forces a new resource to be created.
justification String: The justification for the role assignment. Changing this forces a new resource to be created.
schedule Property Map: A schedule block as defined below. Changing this forces a new resource to be created.
ticket Property Map: A ticket block as defined below. Changing this forces a new resource to be created.

Outputs

All input properties are implicitly available as output properties. Additionally, the ActiveRoleAssignment resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
PrincipalType string: Type of principal to which the role will be assigned.

Id string: The provider-assigned unique ID for this managed resource.
PrincipalType string: Type of principal to which the role will be assigned.

id String: The provider-assigned unique ID for this managed resource.
principalType String: Type of principal to which the role will be assigned.

id string: The provider-assigned unique ID for this managed resource.
principalType string: Type of principal to which the role will be assigned.

id str: The provider-assigned unique ID for this managed resource.
principal_type str: Type of principal to which the role will be assigned.

id String: The provider-assigned unique ID for this managed resource.
principalType String: Type of principal to which the role will be assigned.

Look up Existing ActiveRoleAssignment Resource

Get an existing ActiveRoleAssignment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

TypeScript
Python
Go
C#
Java
YAML

public static get(name: string, id: Input<ID>, state?: ActiveRoleAssignmentState, opts?: CustomResourceOptions): ActiveRoleAssignment

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        justification: Optional[str] = None,
        principal_id: Optional[str] = None,
        principal_type: Optional[str] = None,
        role_definition_id: Optional[str] = None,
        schedule: Optional[ActiveRoleAssignmentScheduleArgs] = None,
        scope: Optional[str] = None,
        ticket: Optional[ActiveRoleAssignmentTicketArgs] = None) -> ActiveRoleAssignment

func GetActiveRoleAssignment(ctx *Context, name string, id IDInput, state *ActiveRoleAssignmentState, opts ...ResourceOption) (*ActiveRoleAssignment, error)

public static ActiveRoleAssignment Get(string name, Input<string> id, ActiveRoleAssignmentState? state, CustomResourceOptions? opts = null)

public static ActiveRoleAssignment get(String name, Output<String> id, ActiveRoleAssignmentState state, CustomResourceOptions options)

resources:  _:    type: azure:pim:ActiveRoleAssignment    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Justification string: The justification for the role assignment. Changing this forces a new resource to be created.
PrincipalId string: Object ID of the principal for this role assignment. Changing this forces a new resource to be created.
PrincipalType string: Type of principal to which the role will be assigned.
RoleDefinitionId string: The role definition ID for this role assignment. Changing this forces a new resource to be created.
Schedule ActiveRoleAssignmentSchedule: A schedule block as defined below. Changing this forces a new resource to be created.
Scope string: The scope for this role assignment, should be a valid resource ID. Changing this forces a new resource to be created.
Ticket ActiveRoleAssignmentTicket: A ticket block as defined below. Changing this forces a new resource to be created.

Justification string: The justification for the role assignment. Changing this forces a new resource to be created.
PrincipalId string: Object ID of the principal for this role assignment. Changing this forces a new resource to be created.
PrincipalType string: Type of principal to which the role will be assigned.
RoleDefinitionId string: The role definition ID for this role assignment. Changing this forces a new resource to be created.
Schedule ActiveRoleAssignmentScheduleArgs: A schedule block as defined below. Changing this forces a new resource to be created.
Scope string: The scope for this role assignment, should be a valid resource ID. Changing this forces a new resource to be created.
Ticket ActiveRoleAssignmentTicketArgs: A ticket block as defined below. Changing this forces a new resource to be created.

justification String: The justification for the role assignment. Changing this forces a new resource to be created.
principalId String: Object ID of the principal for this role assignment. Changing this forces a new resource to be created.
principalType String: Type of principal to which the role will be assigned.
roleDefinitionId String: The role definition ID for this role assignment. Changing this forces a new resource to be created.
schedule ActiveRoleAssignmentSchedule: A schedule block as defined below. Changing this forces a new resource to be created.
scope String: The scope for this role assignment, should be a valid resource ID. Changing this forces a new resource to be created.
ticket ActiveRoleAssignmentTicket: A ticket block as defined below. Changing this forces a new resource to be created.

justification string: The justification for the role assignment. Changing this forces a new resource to be created.
principalId string: Object ID of the principal for this role assignment. Changing this forces a new resource to be created.
principalType string: Type of principal to which the role will be assigned.
roleDefinitionId string: The role definition ID for this role assignment. Changing this forces a new resource to be created.
schedule ActiveRoleAssignmentSchedule: A schedule block as defined below. Changing this forces a new resource to be created.
scope string: The scope for this role assignment, should be a valid resource ID. Changing this forces a new resource to be created.
ticket ActiveRoleAssignmentTicket: A ticket block as defined below. Changing this forces a new resource to be created.

justification str: The justification for the role assignment. Changing this forces a new resource to be created.
principal_id str: Object ID of the principal for this role assignment. Changing this forces a new resource to be created.
principal_type str: Type of principal to which the role will be assigned.
role_definition_id str: The role definition ID for this role assignment. Changing this forces a new resource to be created.
schedule ActiveRoleAssignmentScheduleArgs: A schedule block as defined below. Changing this forces a new resource to be created.
scope str: The scope for this role assignment, should be a valid resource ID. Changing this forces a new resource to be created.
ticket ActiveRoleAssignmentTicketArgs: A ticket block as defined below. Changing this forces a new resource to be created.

justification String: The justification for the role assignment. Changing this forces a new resource to be created.
principalId String: Object ID of the principal for this role assignment. Changing this forces a new resource to be created.
principalType String: Type of principal to which the role will be assigned.
roleDefinitionId String: The role definition ID for this role assignment. Changing this forces a new resource to be created.
schedule Property Map: A schedule block as defined below. Changing this forces a new resource to be created.
scope String: The scope for this role assignment, should be a valid resource ID. Changing this forces a new resource to be created.
ticket Property Map: A ticket block as defined below. Changing this forces a new resource to be created.

Supporting Types

ActiveRoleAssignmentSchedule
, ActiveRoleAssignmentScheduleArgs

Expiration ActiveRoleAssignmentScheduleExpiration: An expiration block as defined above.
StartDateTime string: The start date/time of the role assignment. Changing this forces a new resource to be created.

Expiration ActiveRoleAssignmentScheduleExpiration: An expiration block as defined above.
StartDateTime string: The start date/time of the role assignment. Changing this forces a new resource to be created.

expiration ActiveRoleAssignmentScheduleExpiration: An expiration block as defined above.
startDateTime String: The start date/time of the role assignment. Changing this forces a new resource to be created.

expiration ActiveRoleAssignmentScheduleExpiration: An expiration block as defined above.
startDateTime string: The start date/time of the role assignment. Changing this forces a new resource to be created.

expiration ActiveRoleAssignmentScheduleExpiration: An expiration block as defined above.
start_date_time str: The start date/time of the role assignment. Changing this forces a new resource to be created.

expiration Property Map: An expiration block as defined above.
startDateTime String: The start date/time of the role assignment. Changing this forces a new resource to be created.

ActiveRoleAssignmentScheduleExpiration
, ActiveRoleAssignmentScheduleExpirationArgs

DurationDays int: The duration of the role assignment in days. Changing this forces a new resource to be created.
DurationHours int: The duration of the role assignment in hours. Changing this forces a new resource to be created.
EndDateTime string: The end date/time of the role assignment. Changing this forces a new resource to be created.
Note: Only one of duration_days, duration_hours or end_date_time should be specified.

DurationDays int: The duration of the role assignment in days. Changing this forces a new resource to be created.
DurationHours int: The duration of the role assignment in hours. Changing this forces a new resource to be created.
EndDateTime string: The end date/time of the role assignment. Changing this forces a new resource to be created.
Note: Only one of duration_days, duration_hours or end_date_time should be specified.

durationDays Integer: The duration of the role assignment in days. Changing this forces a new resource to be created.
durationHours Integer: The duration of the role assignment in hours. Changing this forces a new resource to be created.
endDateTime String: The end date/time of the role assignment. Changing this forces a new resource to be created.
Note: Only one of duration_days, duration_hours or end_date_time should be specified.

durationDays number: The duration of the role assignment in days. Changing this forces a new resource to be created.
durationHours number: The duration of the role assignment in hours. Changing this forces a new resource to be created.
endDateTime string: The end date/time of the role assignment. Changing this forces a new resource to be created.
Note: Only one of duration_days, duration_hours or end_date_time should be specified.

duration_days int: The duration of the role assignment in days. Changing this forces a new resource to be created.
duration_hours int: The duration of the role assignment in hours. Changing this forces a new resource to be created.
end_date_time str: The end date/time of the role assignment. Changing this forces a new resource to be created.
Note: Only one of duration_days, duration_hours or end_date_time should be specified.

durationDays Number: The duration of the role assignment in days. Changing this forces a new resource to be created.
durationHours Number: The duration of the role assignment in hours. Changing this forces a new resource to be created.
endDateTime String: The end date/time of the role assignment. Changing this forces a new resource to be created.
Note: Only one of duration_days, duration_hours or end_date_time should be specified.

ActiveRoleAssignmentTicket
, ActiveRoleAssignmentTicketArgs

Number string: User-supplied ticket number to be included with the request. Changing this forces a new resource to be created.
System string: User-supplied ticket system name to be included with the request. Changing this forces a new resource to be created.

Number string: User-supplied ticket number to be included with the request. Changing this forces a new resource to be created.
System string: User-supplied ticket system name to be included with the request. Changing this forces a new resource to be created.

number String: User-supplied ticket number to be included with the request. Changing this forces a new resource to be created.
system String: User-supplied ticket system name to be included with the request. Changing this forces a new resource to be created.

number string: User-supplied ticket number to be included with the request. Changing this forces a new resource to be created.
system string: User-supplied ticket system name to be included with the request. Changing this forces a new resource to be created.

number str: User-supplied ticket number to be included with the request. Changing this forces a new resource to be created.
system str: User-supplied ticket system name to be included with the request. Changing this forces a new resource to be created.

number String: User-supplied ticket number to be included with the request. Changing this forces a new resource to be created.
system String: User-supplied ticket system name to be included with the request. Changing this forces a new resource to be created.

Import

PIM Active Role Assignments can be imported using the following composite resource ID, e.g.

$ pulumi import azure:pim/activeRoleAssignment:ActiveRoleAssignment example /subscriptions/00000000-0000-0000-0000-000000000000|/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/00000000-0000-0000-0000-000000000000|00000000-0000-0000-0000-000000000000

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Azure Classic pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

We recommend using Azure Native.

Azure v6.22.0 published on Tuesday, Apr 1, 2025 by Pulumi

pulumi/pulumi-azure

azure.pim.ActiveRoleAssignment

On this page

On this page

Example Usage

Subscription)

Management Group)

Create ActiveRoleAssignment Resource

Constructor syntax

Parameters

Constructor example

ActiveRoleAssignment Resource Properties

Inputs

Outputs

Look up Existing ActiveRoleAssignment Resource

Supporting Types

ActiveRoleAssignmentSchedule
, ActiveRoleAssignmentScheduleArgs

ActiveRoleAssignmentScheduleExpiration
, ActiveRoleAssignmentScheduleExpirationArgs

ActiveRoleAssignmentTicket
, ActiveRoleAssignmentTicketArgs

Import

Package Details

On this page

On this page

azure.pim.ActiveRoleAssignment

On this page

On this page

Example Usage

Subscription)

Management Group)

Create ActiveRoleAssignment Resource

Constructor syntax

Parameters

Constructor example

ActiveRoleAssignment Resource Properties

Inputs

Outputs

Look up Existing ActiveRoleAssignment Resource

Supporting Types

ActiveRoleAssignmentSchedule, ActiveRoleAssignmentScheduleArgs

ActiveRoleAssignmentScheduleExpiration, ActiveRoleAssignmentScheduleExpirationArgs

ActiveRoleAssignmentTicket, ActiveRoleAssignmentTicketArgs

Import

Package Details

On this page

On this page

ActiveRoleAssignmentSchedule
, ActiveRoleAssignmentScheduleArgs

ActiveRoleAssignmentScheduleExpiration
, ActiveRoleAssignmentScheduleExpirationArgs

ActiveRoleAssignmentTicket
, ActiveRoleAssignmentTicketArgs