Docs Home
Azure Active Directory (Azure AD) v6.4.0 published on Monday, Apr 7, 2025 by Pulumi
azuread.PrivilegedAccessGroupAssignmentSchedule
Explore with Pulumi AI
Azure Active Directory (Azure AD) v6.4.0 published on Monday, Apr 7, 2025 by Pulumi
Manages an active assignment to a privileged access group.
API Permissions
The following API permissions are required in order to use this resource.
When authenticated with a service principal, this resource requires the PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup Microsoft Graph API permissions.
When authenticated with a user principal, this resource requires Global Administrator directory role, or the Privileged Role Administrator role in Identity Governance.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
const example = new azuread.Group("example", {
displayName: "group-name",
securityEnabled: true,
});
const member = new azuread.User("member", {
userPrincipalName: "jdoe@example.com",
displayName: "J. Doe",
mailNickname: "jdoe",
password: "SecretP@sswd99!",
});
const examplePrivilegedAccessGroupAssignmentSchedule = new azuread.PrivilegedAccessGroupAssignmentSchedule("example", {
groupId: pim.id,
principalId: member.id,
assignmentType: "member",
duration: "P30D",
justification: "as requested",
});
import pulumi
import pulumi_azuread as azuread
example = azuread.Group("example",
display_name="group-name",
security_enabled=True)
member = azuread.User("member",
user_principal_name="jdoe@example.com",
display_name="J. Doe",
mail_nickname="jdoe",
password="SecretP@sswd99!")
example_privileged_access_group_assignment_schedule = azuread.PrivilegedAccessGroupAssignmentSchedule("example",
group_id=pim["id"],
principal_id=member.id,
assignment_type="member",
duration="P30D",
justification="as requested")
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := azuread.NewGroup(ctx, "example", &azuread.GroupArgs{
DisplayName: pulumi.String("group-name"),
SecurityEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
member, err := azuread.NewUser(ctx, "member", &azuread.UserArgs{
UserPrincipalName: pulumi.String("jdoe@example.com"),
DisplayName: pulumi.String("J. Doe"),
MailNickname: pulumi.String("jdoe"),
Password: pulumi.String("SecretP@sswd99!"),
})
if err != nil {
return err
}
_, err = azuread.NewPrivilegedAccessGroupAssignmentSchedule(ctx, "example", &azuread.PrivilegedAccessGroupAssignmentScheduleArgs{
GroupId: pulumi.Any(pim.Id),
PrincipalId: member.ID(),
AssignmentType: pulumi.String("member"),
Duration: pulumi.String("P30D"),
Justification: pulumi.String("as requested"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var example = new AzureAD.Group("example", new()
{
DisplayName = "group-name",
SecurityEnabled = true,
});
var member = new AzureAD.User("member", new()
{
UserPrincipalName = "jdoe@example.com",
DisplayName = "J. Doe",
MailNickname = "jdoe",
Password = "SecretP@sswd99!",
});
var examplePrivilegedAccessGroupAssignmentSchedule = new AzureAD.PrivilegedAccessGroupAssignmentSchedule("example", new()
{
GroupId = pim.Id,
PrincipalId = member.Id,
AssignmentType = "member",
Duration = "P30D",
Justification = "as requested",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.Group;
import com.pulumi.azuread.GroupArgs;
import com.pulumi.azuread.User;
import com.pulumi.azuread.UserArgs;
import com.pulumi.azuread.PrivilegedAccessGroupAssignmentSchedule;
import com.pulumi.azuread.PrivilegedAccessGroupAssignmentScheduleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Group("example", GroupArgs.builder()
.displayName("group-name")
.securityEnabled(true)
.build());
var member = new User("member", UserArgs.builder()
.userPrincipalName("jdoe@example.com")
.displayName("J. Doe")
.mailNickname("jdoe")
.password("SecretP@sswd99!")
.build());
var examplePrivilegedAccessGroupAssignmentSchedule = new PrivilegedAccessGroupAssignmentSchedule("examplePrivilegedAccessGroupAssignmentSchedule", PrivilegedAccessGroupAssignmentScheduleArgs.builder()
.groupId(pim.id())
.principalId(member.id())
.assignmentType("member")
.duration("P30D")
.justification("as requested")
.build());
}
}
resources:
example:
type: azuread:Group
properties:
displayName: group-name
securityEnabled: true
member:
type: azuread:User
properties:
userPrincipalName: jdoe@example.com
displayName: J. Doe
mailNickname: jdoe
password: SecretP@sswd99!
examplePrivilegedAccessGroupAssignmentSchedule:
type: azuread:PrivilegedAccessGroupAssignmentSchedule
name: example
properties:
groupId: ${pim.id}
principalId: ${member.id}
assignmentType: member
duration: P30D
justification: as requested
Create PrivilegedAccessGroupAssignmentSchedule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PrivilegedAccessGroupAssignmentSchedule(name: string, args: PrivilegedAccessGroupAssignmentScheduleArgs, opts?: CustomResourceOptions);@overload
def PrivilegedAccessGroupAssignmentSchedule(resource_name: str,
args: PrivilegedAccessGroupAssignmentScheduleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def PrivilegedAccessGroupAssignmentSchedule(resource_name: str,
opts: Optional[ResourceOptions] = None,
assignment_type: Optional[str] = None,
group_id: Optional[str] = None,
principal_id: Optional[str] = None,
duration: Optional[str] = None,
expiration_date: Optional[str] = None,
justification: Optional[str] = None,
permanent_assignment: Optional[bool] = None,
start_date: Optional[str] = None,
ticket_number: Optional[str] = None,
ticket_system: Optional[str] = None)func NewPrivilegedAccessGroupAssignmentSchedule(ctx *Context, name string, args PrivilegedAccessGroupAssignmentScheduleArgs, opts ...ResourceOption) (*PrivilegedAccessGroupAssignmentSchedule, error)public PrivilegedAccessGroupAssignmentSchedule(string name, PrivilegedAccessGroupAssignmentScheduleArgs args, CustomResourceOptions? opts = null)public PrivilegedAccessGroupAssignmentSchedule(String name, PrivilegedAccessGroupAssignmentScheduleArgs args)
public PrivilegedAccessGroupAssignmentSchedule(String name, PrivilegedAccessGroupAssignmentScheduleArgs args, CustomResourceOptions options)
type: azuread:PrivilegedAccessGroupAssignmentSchedule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. PrivilegedAccessGroupAssignmentScheduleArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. PrivilegedAccessGroupAssignmentScheduleArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. PrivilegedAccessGroupAssignmentScheduleArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. PrivilegedAccessGroupAssignmentScheduleArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. PrivilegedAccessGroupAssignmentScheduleArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var privilegedAccessGroupAssignmentScheduleResource = new AzureAD.PrivilegedAccessGroupAssignmentSchedule("privilegedAccessGroupAssignmentScheduleResource", new()
{
AssignmentType = "string",
GroupId = "string",
PrincipalId = "string",
Duration = "string",
ExpirationDate = "string",
Justification = "string",
PermanentAssignment = false,
StartDate = "string",
TicketNumber = "string",
TicketSystem = "string",
});
example, err := azuread.NewPrivilegedAccessGroupAssignmentSchedule(ctx, "privilegedAccessGroupAssignmentScheduleResource", &azuread.PrivilegedAccessGroupAssignmentScheduleArgs{
AssignmentType: pulumi.String("string"),
GroupId: pulumi.String("string"),
PrincipalId: pulumi.String("string"),
Duration: pulumi.String("string"),
ExpirationDate: pulumi.String("string"),
Justification: pulumi.String("string"),
PermanentAssignment: pulumi.Bool(false),
StartDate: pulumi.String("string"),
TicketNumber: pulumi.String("string"),
TicketSystem: pulumi.String("string"),
})
var privilegedAccessGroupAssignmentScheduleResource = new PrivilegedAccessGroupAssignmentSchedule("privilegedAccessGroupAssignmentScheduleResource", PrivilegedAccessGroupAssignmentScheduleArgs.builder()
.assignmentType("string")
.groupId("string")
.principalId("string")
.duration("string")
.expirationDate("string")
.justification("string")
.permanentAssignment(false)
.startDate("string")
.ticketNumber("string")
.ticketSystem("string")
.build());
privileged_access_group_assignment_schedule_resource = azuread.PrivilegedAccessGroupAssignmentSchedule("privilegedAccessGroupAssignmentScheduleResource",
assignment_type="string",
group_id="string",
principal_id="string",
duration="string",
expiration_date="string",
justification="string",
permanent_assignment=False,
start_date="string",
ticket_number="string",
ticket_system="string")
const privilegedAccessGroupAssignmentScheduleResource = new azuread.PrivilegedAccessGroupAssignmentSchedule("privilegedAccessGroupAssignmentScheduleResource", {
assignmentType: "string",
groupId: "string",
principalId: "string",
duration: "string",
expirationDate: "string",
justification: "string",
permanentAssignment: false,
startDate: "string",
ticketNumber: "string",
ticketSystem: "string",
});
type: azuread:PrivilegedAccessGroupAssignmentSchedule
properties:
assignmentType: string
duration: string
expirationDate: string
groupId: string
justification: string
permanentAssignment: false
principalId: string
startDate: string
ticketNumber: string
ticketSystem: string
PrivilegedAccessGroupAssignmentSchedule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The PrivilegedAccessGroupAssignmentSchedule resource accepts the following input properties:
- Assignment
Type stringThis property is required. 
Changes to this property will trigger replacement. - The type of assignment to the group. Can be either
memberorowner. - Group
Id stringThis property is required. Changes to this property will trigger replacement. - The Object ID of the Azure AD group to which the principal will be assigned.
- Principal
Id stringThis property is required. Changes to this property will trigger replacement. - The Object ID of the principal to be assigned to the above group. Can be either a user or a group.
- Duration string
- The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).
- Expiration
Date string - The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).
- Justification string
- The justification for this assignment. May be required by the role policy.
- Permanent
Assignment bool Is this assigment permanently valid.
At least one of
expiration_date,duration, orpermanent_assignmentmust be supplied. The role policy may limit the maximum duration which can be supplied.- Start
Date string - The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.
- Ticket
Number string - The ticket number in the ticket system approving this assignment. May be required by the role policy.
- Ticket
System string - The ticket system containing the ticket number approving this assignment. May be required by the role policy.
- Assignment
Type stringThis property is required. Changes to this property will trigger replacement. - The type of assignment to the group. Can be either
memberorowner. - Group
Id stringThis property is required. Changes to this property will trigger replacement. - The Object ID of the Azure AD group to which the principal will be assigned.
- Principal
Id stringThis property is required. Changes to this property will trigger replacement. - The Object ID of the principal to be assigned to the above group. Can be either a user or a group.
- Duration string
- The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).
- Expiration
Date string - The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).
- Justification string
- The justification for this assignment. May be required by the role policy.
- Permanent
Assignment bool Is this assigment permanently valid.
At least one of
expiration_date,duration, orpermanent_assignmentmust be supplied. The role policy may limit the maximum duration which can be supplied.- Start
Date string - The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.
- Ticket
Number string - The ticket number in the ticket system approving this assignment. May be required by the role policy.
- Ticket
System string - The ticket system containing the ticket number approving this assignment. May be required by the role policy.
- assignment
Type StringThis property is required. Changes to this property will trigger replacement. - The type of assignment to the group. Can be either
memberorowner. - group
Id StringThis property is required. Changes to this property will trigger replacement. - The Object ID of the Azure AD group to which the principal will be assigned.
- principal
Id StringThis property is required. Changes to this property will trigger replacement. - The Object ID of the principal to be assigned to the above group. Can be either a user or a group.
- duration String
- The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).
- expiration
Date String - The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).
- justification String
- The justification for this assignment. May be required by the role policy.
- permanent
Assignment Boolean Is this assigment permanently valid.
At least one of
expiration_date,duration, orpermanent_assignmentmust be supplied. The role policy may limit the maximum duration which can be supplied.- start
Date String - The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.
- ticket
Number String - The ticket number in the ticket system approving this assignment. May be required by the role policy.
- ticket
System String - The ticket system containing the ticket number approving this assignment. May be required by the role policy.
- assignment
Type stringThis property is required. Changes to this property will trigger replacement. - The type of assignment to the group. Can be either
memberorowner. - group
Id stringThis property is required. Changes to this property will trigger replacement. - The Object ID of the Azure AD group to which the principal will be assigned.
- principal
Id stringThis property is required. Changes to this property will trigger replacement. - The Object ID of the principal to be assigned to the above group. Can be either a user or a group.
- duration string
- The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).
- expiration
Date string - The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).
- justification string
- The justification for this assignment. May be required by the role policy.
- permanent
Assignment boolean Is this assigment permanently valid.
At least one of
expiration_date,duration, orpermanent_assignmentmust be supplied. The role policy may limit the maximum duration which can be supplied.- start
Date string - The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.
- ticket
Number string - The ticket number in the ticket system approving this assignment. May be required by the role policy.
- ticket
System string - The ticket system containing the ticket number approving this assignment. May be required by the role policy.
- assignment_
type strThis property is required. Changes to this property will trigger replacement. - The type of assignment to the group. Can be either
memberorowner. - group_
id strThis property is required. Changes to this property will trigger replacement. - The Object ID of the Azure AD group to which the principal will be assigned.
- principal_
id strThis property is required. Changes to this property will trigger replacement. - The Object ID of the principal to be assigned to the above group. Can be either a user or a group.
- duration str
- The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).
- expiration_
date str - The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).
- justification str
- The justification for this assignment. May be required by the role policy.
- permanent_
assignment bool Is this assigment permanently valid.
At least one of
expiration_date,duration, orpermanent_assignmentmust be supplied. The role policy may limit the maximum duration which can be supplied.- start_
date str - The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.
- ticket_
number str - The ticket number in the ticket system approving this assignment. May be required by the role policy.
- ticket_
system str - The ticket system containing the ticket number approving this assignment. May be required by the role policy.
- assignment
Type StringThis property is required. Changes to this property will trigger replacement. - The type of assignment to the group. Can be either
memberorowner. - group
Id StringThis property is required. Changes to this property will trigger replacement. - The Object ID of the Azure AD group to which the principal will be assigned.
- principal
Id StringThis property is required. Changes to this property will trigger replacement. - The Object ID of the principal to be assigned to the above group. Can be either a user or a group.
- duration String
- The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).
- expiration
Date String - The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).
- justification String
- The justification for this assignment. May be required by the role policy.
- permanent
Assignment Boolean Is this assigment permanently valid.
At least one of
expiration_date,duration, orpermanent_assignmentmust be supplied. The role policy may limit the maximum duration which can be supplied.- start
Date String - The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.
- ticket
Number String - The ticket number in the ticket system approving this assignment. May be required by the role policy.
- ticket
System String - The ticket system containing the ticket number approving this assignment. May be required by the role policy.
Outputs
All input properties are implicitly available as output properties. Additionally, the PrivilegedAccessGroupAssignmentSchedule resource produces the following output properties:
Look up Existing PrivilegedAccessGroupAssignmentSchedule Resource
Get an existing PrivilegedAccessGroupAssignmentSchedule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PrivilegedAccessGroupAssignmentScheduleState, opts?: CustomResourceOptions): PrivilegedAccessGroupAssignmentSchedule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
assignment_type: Optional[str] = None,
duration: Optional[str] = None,
expiration_date: Optional[str] = None,
group_id: Optional[str] = None,
justification: Optional[str] = None,
permanent_assignment: Optional[bool] = None,
principal_id: Optional[str] = None,
start_date: Optional[str] = None,
status: Optional[str] = None,
ticket_number: Optional[str] = None,
ticket_system: Optional[str] = None) -> PrivilegedAccessGroupAssignmentSchedulefunc GetPrivilegedAccessGroupAssignmentSchedule(ctx *Context, name string, id IDInput, state *PrivilegedAccessGroupAssignmentScheduleState, opts ...ResourceOption) (*PrivilegedAccessGroupAssignmentSchedule, error)public static PrivilegedAccessGroupAssignmentSchedule Get(string name, Input<string> id, PrivilegedAccessGroupAssignmentScheduleState? state, CustomResourceOptions? opts = null)public static PrivilegedAccessGroupAssignmentSchedule get(String name, Output<String> id, PrivilegedAccessGroupAssignmentScheduleState state, CustomResourceOptions options)resources: _: type: azuread:PrivilegedAccessGroupAssignmentSchedule get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Assignment
Type - The type of assignment to the group. Can be either
memberorowner. - Duration string
- The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).
- Expiration
Date string - The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).
- Group
Id - The Object ID of the Azure AD group to which the principal will be assigned.
- Justification string
- The justification for this assignment. May be required by the role policy.
- Permanent
Assignment bool Is this assigment permanently valid.
At least one of
expiration_date,duration, orpermanent_assignmentmust be supplied. The role policy may limit the maximum duration which can be supplied.- Principal
Id - The Object ID of the principal to be assigned to the above group. Can be either a user or a group.
- Start
Date string - The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.
- Status string
- (String) The provisioning status of this request.
- Ticket
Number string - The ticket number in the ticket system approving this assignment. May be required by the role policy.
- Ticket
System string - The ticket system containing the ticket number approving this assignment. May be required by the role policy.
- Assignment
Type - The type of assignment to the group. Can be either
memberorowner. - Duration string
- The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).
- Expiration
Date string - The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).
- Group
Id - The Object ID of the Azure AD group to which the principal will be assigned.
- Justification string
- The justification for this assignment. May be required by the role policy.
- Permanent
Assignment bool Is this assigment permanently valid.
At least one of
expiration_date,duration, orpermanent_assignmentmust be supplied. The role policy may limit the maximum duration which can be supplied.- Principal
Id - The Object ID of the principal to be assigned to the above group. Can be either a user or a group.
- Start
Date string - The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.
- Status string
- (String) The provisioning status of this request.
- Ticket
Number string - The ticket number in the ticket system approving this assignment. May be required by the role policy.
- Ticket
System string - The ticket system containing the ticket number approving this assignment. May be required by the role policy.
- assignment
Type - The type of assignment to the group. Can be either
memberorowner. - duration String
- The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).
- expiration
Date String - The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).
- group
Id - The Object ID of the Azure AD group to which the principal will be assigned.
- justification String
- The justification for this assignment. May be required by the role policy.
- permanent
Assignment Boolean Is this assigment permanently valid.
At least one of
expiration_date,duration, orpermanent_assignmentmust be supplied. The role policy may limit the maximum duration which can be supplied.- principal
Id - The Object ID of the principal to be assigned to the above group. Can be either a user or a group.
- start
Date String - The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.
- status String
- (String) The provisioning status of this request.
- ticket
Number String - The ticket number in the ticket system approving this assignment. May be required by the role policy.
- ticket
System String - The ticket system containing the ticket number approving this assignment. May be required by the role policy.
- assignment
Type - The type of assignment to the group. Can be either
memberorowner. - duration string
- The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).
- expiration
Date string - The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).
- group
Id - The Object ID of the Azure AD group to which the principal will be assigned.
- justification string
- The justification for this assignment. May be required by the role policy.
- permanent
Assignment boolean Is this assigment permanently valid.
At least one of
expiration_date,duration, orpermanent_assignmentmust be supplied. The role policy may limit the maximum duration which can be supplied.- principal
Id - The Object ID of the principal to be assigned to the above group. Can be either a user or a group.
- start
Date string - The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.
- status string
- (String) The provisioning status of this request.
- ticket
Number string - The ticket number in the ticket system approving this assignment. May be required by the role policy.
- ticket
System string - The ticket system containing the ticket number approving this assignment. May be required by the role policy.
- assignment_
type - The type of assignment to the group. Can be either
memberorowner. - duration str
- The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).
- expiration_
date str - The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).
- group_
id - The Object ID of the Azure AD group to which the principal will be assigned.
- justification str
- The justification for this assignment. May be required by the role policy.
- permanent_
assignment bool Is this assigment permanently valid.
At least one of
expiration_date,duration, orpermanent_assignmentmust be supplied. The role policy may limit the maximum duration which can be supplied.- principal_
id - The Object ID of the principal to be assigned to the above group. Can be either a user or a group.
- start_
date str - The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.
- status str
- (String) The provisioning status of this request.
- ticket_
number str - The ticket number in the ticket system approving this assignment. May be required by the role policy.
- ticket_
system str - The ticket system containing the ticket number approving this assignment. May be required by the role policy.
- assignment
Type - The type of assignment to the group. Can be either
memberorowner. - duration String
- The duration that this assignment is valid for, formatted as an ISO8601 duration (e.g. P30D for 30 days, PT3H for three hours).
- expiration
Date String - The date that this assignment expires, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z).
- group
Id - The Object ID of the Azure AD group to which the principal will be assigned.
- justification String
- The justification for this assignment. May be required by the role policy.
- permanent
Assignment Boolean Is this assigment permanently valid.
At least one of
expiration_date,duration, orpermanent_assignmentmust be supplied. The role policy may limit the maximum duration which can be supplied.- principal
Id - The Object ID of the principal to be assigned to the above group. Can be either a user or a group.
- start
Date String - The date from which this assignment is valid, formatted as an RFC3339 date string (e.g. 2018-01-01T01:02:03Z). If not provided, the assignment is immediately valid.
- status String
- (String) The provisioning status of this request.
- ticket
Number String - The ticket number in the ticket system approving this assignment. May be required by the role policy.
- ticket
System String - The ticket system containing the ticket number approving this assignment. May be required by the role policy.
Import
An assignment schedule can be imported using the schedule ID, e.g.
$ pulumi import azuread:index/privilegedAccessGroupAssignmentSchedule:PrivilegedAccessGroupAssignmentSchedule example 00000000-0000-0000-0000-000000000000_member_00000000-0000-0000-0000-000000000000
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Active Directory (Azure AD) pulumi/pulumi-azuread
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azureadTerraform Provider.
Azure Active Directory (Azure AD) v6.4.0 published on Monday, Apr 7, 2025 by Pulumi