Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi IDP Pulumi Cloud Packages Tutorials
  1. Packages
  2. Azure Native v2
  3. API Docs
  4. authorization
  5. RoleAssignment
These are the docs for Azure Native v2. We recommenend using the latest version, Azure Native v3.
Azure Native v2 v2.90.0 published on Thursday, Mar 27, 2025 by Pulumi
pulumi/pulumi-azure-native

azure-native-v2.authorization.RoleAssignment

Explore with Pulumi AI

azure-native-v2 logo
These are the docs for Azure Native v2. We recommenend using the latest version, Azure Native v3.
Azure Native v2 v2.90.0 published on Thursday, Mar 27, 2025 by Pulumi
pulumi/pulumi-azure-native

    Role Assignments Azure REST API version: 2022-04-01. Prior API version in Azure Native 1.x: 2020-10-01-preview.

    Other available API versions: 2017-10-01-preview, 2020-03-01-preview, 2020-04-01-preview.

    Example Usage

    Create role assignment for resource

    Code snippet for C# available in the adjacent code block.
    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var roleAssignment = new AzureNative.Authorization.RoleAssignment("roleAssignment", new()
    {
        PrincipalId = "ce2ce14e-85d7-4629-bdbc-454d0519d987",
        PrincipalType = AzureNative.Authorization.PrincipalType.User,
        RoleAssignmentName = "05c5a614-a7d6-4502-b150-c2fb455033ff",
        RoleDefinitionId = "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
        Scope = "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account",
    });

});
    Code snippet for Go available in the adjacent code block.
    package main

import (
	authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := authorization.NewRoleAssignment(ctx, "roleAssignment", &authorization.RoleAssignmentArgs{
			PrincipalId:        pulumi.String("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
			PrincipalType:      pulumi.String(authorization.PrincipalTypeUser),
			RoleAssignmentName: pulumi.String("05c5a614-a7d6-4502-b150-c2fb455033ff"),
			RoleDefinitionId:   pulumi.String("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
			Scope:              pulumi.String("subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
    Code snippet for Java available in the adjacent code block.
    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.RoleAssignment;
import com.pulumi.azurenative.authorization.RoleAssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var roleAssignment = new RoleAssignment("roleAssignment", RoleAssignmentArgs.builder()
            .principalId("ce2ce14e-85d7-4629-bdbc-454d0519d987")
            .principalType("User")
            .roleAssignmentName("05c5a614-a7d6-4502-b150-c2fb455033ff")
            .roleDefinitionId("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d")
            .scope("subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account")
            .build());

    }
}
    Code snippet for TypeScript available in the adjacent code block.
    import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const roleAssignment = new azure_native.authorization.RoleAssignment("roleAssignment", {
    principalId: "ce2ce14e-85d7-4629-bdbc-454d0519d987",
    principalType: azure_native.authorization.PrincipalType.User,
    roleAssignmentName: "05c5a614-a7d6-4502-b150-c2fb455033ff",
    roleDefinitionId: "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    scope: "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account",
});
    Code snippet for Python available in the adjacent code block.
    import pulumi
import pulumi_azure_native as azure_native

role_assignment = azure_native.authorization.RoleAssignment("roleAssignment",
    principal_id="ce2ce14e-85d7-4629-bdbc-454d0519d987",
    principal_type=azure_native.authorization.PrincipalType.USER,
    role_assignment_name="05c5a614-a7d6-4502-b150-c2fb455033ff",
    role_definition_id="/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    scope="subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account")
    Code snippet for YAML available in the adjacent code block.
    resources:
  roleAssignment:
    type: azure-native:authorization:RoleAssignment
    properties:
      principalId: ce2ce14e-85d7-4629-bdbc-454d0519d987
      principalType: User
      roleAssignmentName: 05c5a614-a7d6-4502-b150-c2fb455033ff
      roleDefinitionId: /subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d
      scope: subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account

    Create role assignment for resource group

    Code snippet for C# available in the adjacent code block.
    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var roleAssignment = new AzureNative.Authorization.RoleAssignment("roleAssignment", new()
    {
        PrincipalId = "ce2ce14e-85d7-4629-bdbc-454d0519d987",
        PrincipalType = AzureNative.Authorization.PrincipalType.User,
        RoleAssignmentName = "05c5a614-a7d6-4502-b150-c2fb455033ff",
        RoleDefinitionId = "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
        Scope = "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg",
    });

});
    Code snippet for Go available in the adjacent code block.
    package main

import (
	authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := authorization.NewRoleAssignment(ctx, "roleAssignment", &authorization.RoleAssignmentArgs{
			PrincipalId:        pulumi.String("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
			PrincipalType:      pulumi.String(authorization.PrincipalTypeUser),
			RoleAssignmentName: pulumi.String("05c5a614-a7d6-4502-b150-c2fb455033ff"),
			RoleDefinitionId:   pulumi.String("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
			Scope:              pulumi.String("subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
    Code snippet for Java available in the adjacent code block.
    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.RoleAssignment;
import com.pulumi.azurenative.authorization.RoleAssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var roleAssignment = new RoleAssignment("roleAssignment", RoleAssignmentArgs.builder()
            .principalId("ce2ce14e-85d7-4629-bdbc-454d0519d987")
            .principalType("User")
            .roleAssignmentName("05c5a614-a7d6-4502-b150-c2fb455033ff")
            .roleDefinitionId("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d")
            .scope("subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg")
            .build());

    }
}
    Code snippet for TypeScript available in the adjacent code block.
    import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const roleAssignment = new azure_native.authorization.RoleAssignment("roleAssignment", {
    principalId: "ce2ce14e-85d7-4629-bdbc-454d0519d987",
    principalType: azure_native.authorization.PrincipalType.User,
    roleAssignmentName: "05c5a614-a7d6-4502-b150-c2fb455033ff",
    roleDefinitionId: "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    scope: "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg",
});
    Code snippet for Python available in the adjacent code block.
    import pulumi
import pulumi_azure_native as azure_native

role_assignment = azure_native.authorization.RoleAssignment("roleAssignment",
    principal_id="ce2ce14e-85d7-4629-bdbc-454d0519d987",
    principal_type=azure_native.authorization.PrincipalType.USER,
    role_assignment_name="05c5a614-a7d6-4502-b150-c2fb455033ff",
    role_definition_id="/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    scope="subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg")
    Code snippet for YAML available in the adjacent code block.
    resources:
  roleAssignment:
    type: azure-native:authorization:RoleAssignment
    properties:
      principalId: ce2ce14e-85d7-4629-bdbc-454d0519d987
      principalType: User
      roleAssignmentName: 05c5a614-a7d6-4502-b150-c2fb455033ff
      roleDefinitionId: /subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d
      scope: subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg

    Create role assignment for subscription

    Code snippet for C# available in the adjacent code block.
    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var roleAssignment = new AzureNative.Authorization.RoleAssignment("roleAssignment", new()
    {
        PrincipalId = "ce2ce14e-85d7-4629-bdbc-454d0519d987",
        PrincipalType = AzureNative.Authorization.PrincipalType.User,
        RoleAssignmentName = "05c5a614-a7d6-4502-b150-c2fb455033ff",
        RoleDefinitionId = "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
        Scope = "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2",
    });

});
    Code snippet for Go available in the adjacent code block.
    package main

import (
	authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := authorization.NewRoleAssignment(ctx, "roleAssignment", &authorization.RoleAssignmentArgs{
			PrincipalId:        pulumi.String("ce2ce14e-85d7-4629-bdbc-454d0519d987"),
			PrincipalType:      pulumi.String(authorization.PrincipalTypeUser),
			RoleAssignmentName: pulumi.String("05c5a614-a7d6-4502-b150-c2fb455033ff"),
			RoleDefinitionId:   pulumi.String("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d"),
			Scope:              pulumi.String("subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
    Code snippet for Java available in the adjacent code block.
    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.RoleAssignment;
import com.pulumi.azurenative.authorization.RoleAssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var roleAssignment = new RoleAssignment("roleAssignment", RoleAssignmentArgs.builder()
            .principalId("ce2ce14e-85d7-4629-bdbc-454d0519d987")
            .principalType("User")
            .roleAssignmentName("05c5a614-a7d6-4502-b150-c2fb455033ff")
            .roleDefinitionId("/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d")
            .scope("subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2")
            .build());

    }
}
    Code snippet for TypeScript available in the adjacent code block.
    import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const roleAssignment = new azure_native.authorization.RoleAssignment("roleAssignment", {
    principalId: "ce2ce14e-85d7-4629-bdbc-454d0519d987",
    principalType: azure_native.authorization.PrincipalType.User,
    roleAssignmentName: "05c5a614-a7d6-4502-b150-c2fb455033ff",
    roleDefinitionId: "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    scope: "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2",
});
    Code snippet for Python available in the adjacent code block.
    import pulumi
import pulumi_azure_native as azure_native

role_assignment = azure_native.authorization.RoleAssignment("roleAssignment",
    principal_id="ce2ce14e-85d7-4629-bdbc-454d0519d987",
    principal_type=azure_native.authorization.PrincipalType.USER,
    role_assignment_name="05c5a614-a7d6-4502-b150-c2fb455033ff",
    role_definition_id="/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d",
    scope="subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2")
    Code snippet for YAML available in the adjacent code block.
    resources:
  roleAssignment:
    type: azure-native:authorization:RoleAssignment
    properties:
      principalId: ce2ce14e-85d7-4629-bdbc-454d0519d987
      principalType: User
      roleAssignmentName: 05c5a614-a7d6-4502-b150-c2fb455033ff
      roleDefinitionId: /subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d
      scope: subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2

    Create RoleAssignment Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    Code snippet for JavaScript/TypeScript available in the adjacent code block.
    new RoleAssignment(name: string, args: RoleAssignmentArgs, opts?: CustomResourceOptions);
    Code snippet for Python available in the adjacent code block.
    @overload
def RoleAssignment(resource_name: str,
                   args: RoleAssignmentArgs,
                   opts: Optional[ResourceOptions] = None)

@overload
def RoleAssignment(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   principal_id: Optional[str] = None,
                   role_definition_id: Optional[str] = None,
                   scope: Optional[str] = None,
                   condition: Optional[str] = None,
                   condition_version: Optional[str] = None,
                   delegated_managed_identity_resource_id: Optional[str] = None,
                   description: Optional[str] = None,
                   principal_type: Optional[Union[str, PrincipalType]] = None,
                   role_assignment_name: Optional[str] = None)
    Code snippet for Go available in the adjacent code block.
    func NewRoleAssignment(ctx *Context, name string, args RoleAssignmentArgs, opts ...ResourceOption) (*RoleAssignment, error)
    Code snippet for C# available in the adjacent code block.
    public RoleAssignment(string name, RoleAssignmentArgs args, CustomResourceOptions? opts = null)
    Code snippet for Java available in the adjacent code block.
    public RoleAssignment(String name, RoleAssignmentArgs args)
public RoleAssignment(String name, RoleAssignmentArgs args, CustomResourceOptions options)
    Code snippet for YAML available in the adjacent code block.
    type: azure-native:authorization:RoleAssignment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

    Parameters

    Code snippet for JavaScript/TypeScript available in the adjacent code block.
    name string
    The unique name of the resource.
    args RoleAssignmentArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    Code snippet for Python available in the adjacent code block.
    resource_name str
    The unique name of the resource.
    args RoleAssignmentArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    Code snippet for Go available in the adjacent code block.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args RoleAssignmentArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    Code snippet for C# available in the adjacent code block.
    name string
    The unique name of the resource.
    args RoleAssignmentArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    Code snippet for Java available in the adjacent code block.
    name String
    The unique name of the resource.
    args RoleAssignmentArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    Code snippet for C# available in the adjacent code block.
    var roleAssignmentResource = new AzureNative.Authorization.RoleAssignment("roleAssignmentResource", new()
{
    PrincipalId = "string",
    RoleDefinitionId = "string",
    Scope = "string",
    Condition = "string",
    ConditionVersion = "string",
    DelegatedManagedIdentityResourceId = "string",
    Description = "string",
    PrincipalType = "string",
    RoleAssignmentName = "string",
});
    Code snippet for Go available in the adjacent code block.
    example, err := authorization.NewRoleAssignment(ctx, "roleAssignmentResource", &authorization.RoleAssignmentArgs{
	PrincipalId:                        "string",
	RoleDefinitionId:                   "string",
	Scope:                              "string",
	Condition:                          "string",
	ConditionVersion:                   "string",
	DelegatedManagedIdentityResourceId: "string",
	Description:                        "string",
	PrincipalType:                      "string",
	RoleAssignmentName:                 "string",
})
    Code snippet for Java available in the adjacent code block.
    var roleAssignmentResource = new com.pulumi.azurenative.authorization.RoleAssignment("roleAssignmentResource", com.pulumi.azurenative.authorization.RoleAssignmentArgs.builder()
    .principalId("string")
    .roleDefinitionId("string")
    .scope("string")
    .condition("string")
    .conditionVersion("string")
    .delegatedManagedIdentityResourceId("string")
    .description("string")
    .principalType("string")
    .roleAssignmentName("string")
    .build());
    Code snippet for Python available in the adjacent code block.
    role_assignment_resource = azure_native.authorization.RoleAssignment("roleAssignmentResource",
    principal_id=string,
    role_definition_id=string,
    scope=string,
    condition=string,
    condition_version=string,
    delegated_managed_identity_resource_id=string,
    description=string,
    principal_type=string,
    role_assignment_name=string)
    Code snippet for TypeScript available in the adjacent code block.
    const roleAssignmentResource = new azure_native.authorization.RoleAssignment("roleAssignmentResource", {
    principalId: "string",
    roleDefinitionId: "string",
    scope: "string",
    condition: "string",
    conditionVersion: "string",
    delegatedManagedIdentityResourceId: "string",
    description: "string",
    principalType: "string",
    roleAssignmentName: "string",
});
    Code snippet for YAML available in the adjacent code block.
    type: azure-native:authorization:RoleAssignment
properties:
    condition: string
    conditionVersion: string
    delegatedManagedIdentityResourceId: string
    description: string
    principalId: string
    principalType: string
    roleAssignmentName: string
    roleDefinitionId: string
    scope: string

    RoleAssignment Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    Code snippet for Python available in the adjacent code block.

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The RoleAssignment resource accepts the following input properties:

    Code snippet for C# available in the adjacent code block.
    PrincipalId string
    The principal ID.
    RoleDefinitionId string
    The role definition ID.
    Scope string
    The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    Condition string
    The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
    ConditionVersion string
    Version of the condition. Currently the only accepted value is '2.0'
    DelegatedManagedIdentityResourceId string
    Id of the delegated managed identity resource
    Description string
    Description of role assignment
    PrincipalType string | Pulumi.AzureNative.Authorization.PrincipalType
    The principal type of the assigned principal ID.
    RoleAssignmentName string
    The name of the role assignment. It can be any valid GUID.
    Code snippet for Go available in the adjacent code block.
    PrincipalId string
    The principal ID.
    RoleDefinitionId string
    The role definition ID.
    Scope string
    The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    Condition string
    The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
    ConditionVersion string
    Version of the condition. Currently the only accepted value is '2.0'
    DelegatedManagedIdentityResourceId string
    Id of the delegated managed identity resource
    Description string
    Description of role assignment
    PrincipalType string | PrincipalType
    The principal type of the assigned principal ID.
    RoleAssignmentName string
    The name of the role assignment. It can be any valid GUID.
    Code snippet for Java available in the adjacent code block.
    principalId String
    The principal ID.
    roleDefinitionId String
    The role definition ID.
    scope String
    The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    condition String
    The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
    conditionVersion String
    Version of the condition. Currently the only accepted value is '2.0'
    delegatedManagedIdentityResourceId String
    Id of the delegated managed identity resource
    description String
    Description of role assignment
    principalType String | PrincipalType
    The principal type of the assigned principal ID.
    roleAssignmentName String
    The name of the role assignment. It can be any valid GUID.
    Code snippet for JavaScript/TypeScript available in the adjacent code block.
    principalId string
    The principal ID.
    roleDefinitionId string
    The role definition ID.
    scope string
    The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    condition string
    The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
    conditionVersion string
    Version of the condition. Currently the only accepted value is '2.0'
    delegatedManagedIdentityResourceId string
    Id of the delegated managed identity resource
    description string
    Description of role assignment
    principalType string | PrincipalType
    The principal type of the assigned principal ID.
    roleAssignmentName string
    The name of the role assignment. It can be any valid GUID.
    Code snippet for Python available in the adjacent code block.
    principal_id str
    The principal ID.
    role_definition_id str
    The role definition ID.
    scope str
    The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    condition str
    The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
    condition_version str
    Version of the condition. Currently the only accepted value is '2.0'
    delegated_managed_identity_resource_id str
    Id of the delegated managed identity resource
    description str
    Description of role assignment
    principal_type str | PrincipalType
    The principal type of the assigned principal ID.
    role_assignment_name str
    The name of the role assignment. It can be any valid GUID.
    Code snippet for YAML available in the adjacent code block.
    principalId String
    The principal ID.
    roleDefinitionId String
    The role definition ID.
    scope String
    The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    condition String
    The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
    conditionVersion String
    Version of the condition. Currently the only accepted value is '2.0'
    delegatedManagedIdentityResourceId String
    Id of the delegated managed identity resource
    description String
    Description of role assignment
    principalType String | "User" | "Group" | "ServicePrincipal" | "ForeignGroup" | "Device"
    The principal type of the assigned principal ID.
    roleAssignmentName String
    The name of the role assignment. It can be any valid GUID.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the RoleAssignment resource produces the following output properties:

    Code snippet for C# available in the adjacent code block.
    CreatedBy string
    Id of the user who created the assignment
    CreatedOn string
    Time it was created
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    The role assignment name.
    Type string
    The role assignment type.
    UpdatedBy string
    Id of the user who updated the assignment
    UpdatedOn string
    Time it was updated
    Code snippet for Go available in the adjacent code block.
    CreatedBy string
    Id of the user who created the assignment
    CreatedOn string
    Time it was created
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    The role assignment name.
    Type string
    The role assignment type.
    UpdatedBy string
    Id of the user who updated the assignment
    UpdatedOn string
    Time it was updated
    Code snippet for Java available in the adjacent code block.
    createdBy String
    Id of the user who created the assignment
    createdOn String
    Time it was created
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    The role assignment name.
    type String
    The role assignment type.
    updatedBy String
    Id of the user who updated the assignment
    updatedOn String
    Time it was updated
    Code snippet for JavaScript/TypeScript available in the adjacent code block.
    createdBy string
    Id of the user who created the assignment
    createdOn string
    Time it was created
    id string
    The provider-assigned unique ID for this managed resource.
    name string
    The role assignment name.
    type string
    The role assignment type.
    updatedBy string
    Id of the user who updated the assignment
    updatedOn string
    Time it was updated
    Code snippet for Python available in the adjacent code block.
    created_by str
    Id of the user who created the assignment
    created_on str
    Time it was created
    id str
    The provider-assigned unique ID for this managed resource.
    name str
    The role assignment name.
    type str
    The role assignment type.
    updated_by str
    Id of the user who updated the assignment
    updated_on str
    Time it was updated
    Code snippet for YAML available in the adjacent code block.
    createdBy String
    Id of the user who created the assignment
    createdOn String
    Time it was created
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    The role assignment name.
    type String
    The role assignment type.
    updatedBy String
    Id of the user who updated the assignment
    updatedOn String
    Time it was updated

    Supporting Types

    PrincipalType, PrincipalTypeArgs

    Code snippet for C# available in the adjacent code block.
    User
    User
    Group
    Group
    ServicePrincipal
    ServicePrincipal
    ForeignGroup
    ForeignGroup
    Device
    Device
    Code snippet for Go available in the adjacent code block.
    PrincipalTypeUser
    User
    PrincipalTypeGroup
    Group
    PrincipalTypeServicePrincipal
    ServicePrincipal
    PrincipalTypeForeignGroup
    ForeignGroup
    PrincipalTypeDevice
    Device
    Code snippet for Java available in the adjacent code block.
    User
    User
    Group
    Group
    ServicePrincipal
    ServicePrincipal
    ForeignGroup
    ForeignGroup
    Device
    Device
    Code snippet for JavaScript/TypeScript available in the adjacent code block.
    User
    User
    Group
    Group
    ServicePrincipal
    ServicePrincipal
    ForeignGroup
    ForeignGroup
    Device
    Device
    Code snippet for Python available in the adjacent code block.
    USER
    User
    GROUP
    Group
    SERVICE_PRINCIPAL
    ServicePrincipal
    FOREIGN_GROUP
    ForeignGroup
    DEVICE
    Device
    Code snippet for YAML available in the adjacent code block.
    "User"
    User
    "Group"
    Group
    "ServicePrincipal"
    ServicePrincipal
    "ForeignGroup"
    ForeignGroup
    "Device"
    Device

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:authorization:RoleAssignment 05c5a614-a7d6-4502-b150-c2fb455033ff /{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    azure-native-v2 pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native-v2 logo
    These are the docs for Azure Native v2. We recommenend using the latest version, Azure Native v3.
    Azure Native v2 v2.90.0 published on Thursday, Mar 27, 2025 by Pulumi
    pulumi/pulumi-azure-native