Docs
Packages
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.47.1 published on Monday, Jun 24, 2024 by Pulumi
azure-native.documentdb.SqlResourceSqlRoleDefinition
Explore with Pulumi AI
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.47.1 published on Monday, Jun 24, 2024 by Pulumi
An Azure Cosmos DB SQL Role Definition. Azure REST API version: 2023-04-15. Prior API version in Azure Native 1.x: 2021-03-01-preview.
Other available API versions: 2023-09-15, 2023-09-15-preview, 2023-11-15, 2023-11-15-preview, 2024-02-15-preview, 2024-05-15, 2024-05-15-preview.
Example Usage
CosmosDBSqlRoleDefinitionCreateUpdate
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var sqlResourceSqlRoleDefinition = new AzureNative.DocumentDB.SqlResourceSqlRoleDefinition("sqlResourceSqlRoleDefinition", new()
{
AccountName = "myAccountName",
AssignableScopes = new[]
{
"/subscriptions/mySubscriptionId/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/dbs/sales",
"/subscriptions/mySubscriptionId/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/dbs/purchases",
},
Permissions = new[]
{
new AzureNative.DocumentDB.Inputs.PermissionArgs
{
DataActions = new[]
{
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read",
},
NotDataActions = new() { },
},
},
ResourceGroupName = "myResourceGroupName",
RoleDefinitionId = "myRoleDefinitionId",
RoleName = "myRoleName",
Type = AzureNative.DocumentDB.RoleDefinitionType.CustomRole,
});
});
package main
import (
documentdb "github.com/pulumi/pulumi-azure-native-sdk/documentdb/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := documentdb.NewSqlResourceSqlRoleDefinition(ctx, "sqlResourceSqlRoleDefinition", &documentdb.SqlResourceSqlRoleDefinitionArgs{
AccountName: pulumi.String("myAccountName"),
AssignableScopes: pulumi.StringArray{
pulumi.String("/subscriptions/mySubscriptionId/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/dbs/sales"),
pulumi.String("/subscriptions/mySubscriptionId/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/dbs/purchases"),
},
Permissions: documentdb.PermissionArray{
&documentdb.PermissionArgs{
DataActions: pulumi.StringArray{
pulumi.String("Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create"),
pulumi.String("Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read"),
},
NotDataActions: pulumi.StringArray{},
},
},
ResourceGroupName: pulumi.String("myResourceGroupName"),
RoleDefinitionId: pulumi.String("myRoleDefinitionId"),
RoleName: pulumi.String("myRoleName"),
Type: documentdb.RoleDefinitionTypeCustomRole,
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.documentdb.SqlResourceSqlRoleDefinition;
import com.pulumi.azurenative.documentdb.SqlResourceSqlRoleDefinitionArgs;
import com.pulumi.azurenative.documentdb.inputs.PermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var sqlResourceSqlRoleDefinition = new SqlResourceSqlRoleDefinition("sqlResourceSqlRoleDefinition", SqlResourceSqlRoleDefinitionArgs.builder()
.accountName("myAccountName")
.assignableScopes(
"/subscriptions/mySubscriptionId/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/dbs/sales",
"/subscriptions/mySubscriptionId/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/dbs/purchases")
.permissions(PermissionArgs.builder()
.dataActions(
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read")
.notDataActions()
.build())
.resourceGroupName("myResourceGroupName")
.roleDefinitionId("myRoleDefinitionId")
.roleName("myRoleName")
.type("CustomRole")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
sql_resource_sql_role_definition = azure_native.documentdb.SqlResourceSqlRoleDefinition("sqlResourceSqlRoleDefinition",
account_name="myAccountName",
assignable_scopes=[
"/subscriptions/mySubscriptionId/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/dbs/sales",
"/subscriptions/mySubscriptionId/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/dbs/purchases",
],
permissions=[azure_native.documentdb.PermissionArgs(
data_actions=[
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read",
],
not_data_actions=[],
)],
resource_group_name="myResourceGroupName",
role_definition_id="myRoleDefinitionId",
role_name="myRoleName",
type=azure_native.documentdb.RoleDefinitionType.CUSTOM_ROLE)
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const sqlResourceSqlRoleDefinition = new azure_native.documentdb.SqlResourceSqlRoleDefinition("sqlResourceSqlRoleDefinition", {
accountName: "myAccountName",
assignableScopes: [
"/subscriptions/mySubscriptionId/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/dbs/sales",
"/subscriptions/mySubscriptionId/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/dbs/purchases",
],
permissions: [{
dataActions: [
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read",
],
notDataActions: [],
}],
resourceGroupName: "myResourceGroupName",
roleDefinitionId: "myRoleDefinitionId",
roleName: "myRoleName",
type: azure_native.documentdb.RoleDefinitionType.CustomRole,
});
resources:
sqlResourceSqlRoleDefinition:
type: azure-native:documentdb:SqlResourceSqlRoleDefinition
properties:
accountName: myAccountName
assignableScopes:
- /subscriptions/mySubscriptionId/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/dbs/sales
- /subscriptions/mySubscriptionId/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/dbs/purchases
permissions:
- dataActions:
- Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/create
- Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read
notDataActions: []
resourceGroupName: myResourceGroupName
roleDefinitionId: myRoleDefinitionId
roleName: myRoleName
type: CustomRole
Create SqlResourceSqlRoleDefinition Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SqlResourceSqlRoleDefinition(name: string, args: SqlResourceSqlRoleDefinitionArgs, opts?: CustomResourceOptions);@overload
def SqlResourceSqlRoleDefinition(resource_name: str,
args: SqlResourceSqlRoleDefinitionArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SqlResourceSqlRoleDefinition(resource_name: str,
opts: Optional[ResourceOptions] = None,
account_name: Optional[str] = None,
resource_group_name: Optional[str] = None,
assignable_scopes: Optional[Sequence[str]] = None,
permissions: Optional[Sequence[PermissionArgs]] = None,
role_definition_id: Optional[str] = None,
role_name: Optional[str] = None,
type: Optional[RoleDefinitionType] = None)func NewSqlResourceSqlRoleDefinition(ctx *Context, name string, args SqlResourceSqlRoleDefinitionArgs, opts ...ResourceOption) (*SqlResourceSqlRoleDefinition, error)public SqlResourceSqlRoleDefinition(string name, SqlResourceSqlRoleDefinitionArgs args, CustomResourceOptions? opts = null)
public SqlResourceSqlRoleDefinition(String name, SqlResourceSqlRoleDefinitionArgs args)
public SqlResourceSqlRoleDefinition(String name, SqlResourceSqlRoleDefinitionArgs args, CustomResourceOptions options)
type: azure-native:documentdb:SqlResourceSqlRoleDefinition
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SqlResourceSqlRoleDefinitionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SqlResourceSqlRoleDefinitionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SqlResourceSqlRoleDefinitionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SqlResourceSqlRoleDefinitionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SqlResourceSqlRoleDefinitionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var sqlResourceSqlRoleDefinitionResource = new AzureNative.DocumentDB.SqlResourceSqlRoleDefinition("sqlResourceSqlRoleDefinitionResource", new()
{
AccountName = "string",
ResourceGroupName = "string",
AssignableScopes = new[]
{
"string",
},
Permissions = new[]
{
new AzureNative.DocumentDB.Inputs.PermissionArgs
{
DataActions = new[]
{
"string",
},
NotDataActions = new[]
{
"string",
},
},
},
RoleDefinitionId = "string",
RoleName = "string",
Type = AzureNative.DocumentDB.RoleDefinitionType.BuiltInRole,
});
example, err := documentdb.NewSqlResourceSqlRoleDefinition(ctx, "sqlResourceSqlRoleDefinitionResource", &documentdb.SqlResourceSqlRoleDefinitionArgs{
AccountName: pulumi.String("string"),
ResourceGroupName: pulumi.String("string"),
AssignableScopes: pulumi.StringArray{
pulumi.String("string"),
},
Permissions: documentdb.PermissionArray{
&documentdb.PermissionArgs{
DataActions: pulumi.StringArray{
pulumi.String("string"),
},
NotDataActions: pulumi.StringArray{
pulumi.String("string"),
},
},
},
RoleDefinitionId: pulumi.String("string"),
RoleName: pulumi.String("string"),
Type: documentdb.RoleDefinitionTypeBuiltInRole,
})
var sqlResourceSqlRoleDefinitionResource = new SqlResourceSqlRoleDefinition("sqlResourceSqlRoleDefinitionResource", SqlResourceSqlRoleDefinitionArgs.builder()
.accountName("string")
.resourceGroupName("string")
.assignableScopes("string")
.permissions(PermissionArgs.builder()
.dataActions("string")
.notDataActions("string")
.build())
.roleDefinitionId("string")
.roleName("string")
.type("BuiltInRole")
.build());
sql_resource_sql_role_definition_resource = azure_native.documentdb.SqlResourceSqlRoleDefinition("sqlResourceSqlRoleDefinitionResource",
account_name="string",
resource_group_name="string",
assignable_scopes=["string"],
permissions=[azure_native.documentdb.PermissionArgs(
data_actions=["string"],
not_data_actions=["string"],
)],
role_definition_id="string",
role_name="string",
type=azure_native.documentdb.RoleDefinitionType.BUILT_IN_ROLE)
const sqlResourceSqlRoleDefinitionResource = new azure_native.documentdb.SqlResourceSqlRoleDefinition("sqlResourceSqlRoleDefinitionResource", {
accountName: "string",
resourceGroupName: "string",
assignableScopes: ["string"],
permissions: [{
dataActions: ["string"],
notDataActions: ["string"],
}],
roleDefinitionId: "string",
roleName: "string",
type: azure_native.documentdb.RoleDefinitionType.BuiltInRole,
});
type: azure-native:documentdb:SqlResourceSqlRoleDefinition
properties:
accountName: string
assignableScopes:
- string
permissions:
- dataActions:
- string
notDataActions:
- string
resourceGroupName: string
roleDefinitionId: string
roleName: string
type: BuiltInRole
SqlResourceSqlRoleDefinition Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The SqlResourceSqlRoleDefinition resource accepts the following input properties:
- Account
Name string - Cosmos DB database account name.
- Resource
Group stringName - The name of the resource group. The name is case insensitive.
- Assignable
Scopes List<string> - A set of fully qualified Scopes at or below which Role Assignments may be created using this Role Definition. This will allow application of this Role Definition on the entire database account or any underlying Database / Collection. Must have at least one element. Scopes higher than Database account are not enforceable as assignable Scopes. Note that resources referenced in assignable Scopes need not exist.
- Permissions
List<Pulumi.
Azure Native. Document DB. Inputs. Permission> - The set of operations allowed through this Role Definition.
- Role
Definition stringId - The GUID for the Role Definition.
- Role
Name string - A user-friendly name for the Role Definition. Must be unique for the database account.
- Type
Pulumi.
Azure Native. Document DB. Role Definition Type - Indicates whether the Role Definition was built-in or user created.
- Account
Name string - Cosmos DB database account name.
- Resource
Group stringName - The name of the resource group. The name is case insensitive.
- Assignable
Scopes []string - A set of fully qualified Scopes at or below which Role Assignments may be created using this Role Definition. This will allow application of this Role Definition on the entire database account or any underlying Database / Collection. Must have at least one element. Scopes higher than Database account are not enforceable as assignable Scopes. Note that resources referenced in assignable Scopes need not exist.
- Permissions
[]Permission
Args - The set of operations allowed through this Role Definition.
- Role
Definition stringId - The GUID for the Role Definition.
- Role
Name string - A user-friendly name for the Role Definition. Must be unique for the database account.
- Type
Role
Definition Type - Indicates whether the Role Definition was built-in or user created.
- account
Name String - Cosmos DB database account name.
- resource
Group StringName - The name of the resource group. The name is case insensitive.
- assignable
Scopes List<String> - A set of fully qualified Scopes at or below which Role Assignments may be created using this Role Definition. This will allow application of this Role Definition on the entire database account or any underlying Database / Collection. Must have at least one element. Scopes higher than Database account are not enforceable as assignable Scopes. Note that resources referenced in assignable Scopes need not exist.
- permissions List<Permission>
- The set of operations allowed through this Role Definition.
- role
Definition StringId - The GUID for the Role Definition.
- role
Name String - A user-friendly name for the Role Definition. Must be unique for the database account.
- type
Role
Definition Type - Indicates whether the Role Definition was built-in or user created.
- account
Name string - Cosmos DB database account name.
- resource
Group stringName - The name of the resource group. The name is case insensitive.
- assignable
Scopes string[] - A set of fully qualified Scopes at or below which Role Assignments may be created using this Role Definition. This will allow application of this Role Definition on the entire database account or any underlying Database / Collection. Must have at least one element. Scopes higher than Database account are not enforceable as assignable Scopes. Note that resources referenced in assignable Scopes need not exist.
- permissions Permission[]
- The set of operations allowed through this Role Definition.
- role
Definition stringId - The GUID for the Role Definition.
- role
Name string - A user-friendly name for the Role Definition. Must be unique for the database account.
- type
Role
Definition Type - Indicates whether the Role Definition was built-in or user created.
- account_
name str - Cosmos DB database account name.
- resource_
group_ strname - The name of the resource group. The name is case insensitive.
- assignable_
scopes Sequence[str] - A set of fully qualified Scopes at or below which Role Assignments may be created using this Role Definition. This will allow application of this Role Definition on the entire database account or any underlying Database / Collection. Must have at least one element. Scopes higher than Database account are not enforceable as assignable Scopes. Note that resources referenced in assignable Scopes need not exist.
- permissions
Sequence[Permission
Args] - The set of operations allowed through this Role Definition.
- role_
definition_ strid - The GUID for the Role Definition.
- role_
name str - A user-friendly name for the Role Definition. Must be unique for the database account.
- type
Role
Definition Type - Indicates whether the Role Definition was built-in or user created.
- account
Name String - Cosmos DB database account name.
- resource
Group StringName - The name of the resource group. The name is case insensitive.
- assignable
Scopes List<String> - A set of fully qualified Scopes at or below which Role Assignments may be created using this Role Definition. This will allow application of this Role Definition on the entire database account or any underlying Database / Collection. Must have at least one element. Scopes higher than Database account are not enforceable as assignable Scopes. Note that resources referenced in assignable Scopes need not exist.
- permissions List<Property Map>
- The set of operations allowed through this Role Definition.
- role
Definition StringId - The GUID for the Role Definition.
- role
Name String - A user-friendly name for the Role Definition. Must be unique for the database account.
- type
"Built
In Role" | "Custom Role" - Indicates whether the Role Definition was built-in or user created.
Outputs
All input properties are implicitly available as output properties. Additionally, the SqlResourceSqlRoleDefinition resource produces the following output properties:
Supporting Types
Permission, PermissionArgs
- Data
Actions List<string> - An array of data actions that are allowed.
- Not
Data List<string>Actions - An array of data actions that are denied.
- Data
Actions []string - An array of data actions that are allowed.
- Not
Data []stringActions - An array of data actions that are denied.
- data
Actions List<String> - An array of data actions that are allowed.
- not
Data List<String>Actions - An array of data actions that are denied.
- data
Actions string[] - An array of data actions that are allowed.
- not
Data string[]Actions - An array of data actions that are denied.
- data_
actions Sequence[str] - An array of data actions that are allowed.
- not_
data_ Sequence[str]actions - An array of data actions that are denied.
- data
Actions List<String> - An array of data actions that are allowed.
- not
Data List<String>Actions - An array of data actions that are denied.
PermissionResponse, PermissionResponseArgs
- Data
Actions List<string> - An array of data actions that are allowed.
- Not
Data List<string>Actions - An array of data actions that are denied.
- Data
Actions []string - An array of data actions that are allowed.
- Not
Data []stringActions - An array of data actions that are denied.
- data
Actions List<String> - An array of data actions that are allowed.
- not
Data List<String>Actions - An array of data actions that are denied.
- data
Actions string[] - An array of data actions that are allowed.
- not
Data string[]Actions - An array of data actions that are denied.
- data_
actions Sequence[str] - An array of data actions that are allowed.
- not_
data_ Sequence[str]actions - An array of data actions that are denied.
- data
Actions List<String> - An array of data actions that are allowed.
- not
Data List<String>Actions - An array of data actions that are denied.
RoleDefinitionType, RoleDefinitionTypeArgs
- Built
In Role - BuiltInRole
- Custom
Role - CustomRole
- Role
Definition Type Built In Role - BuiltInRole
- Role
Definition Type Custom Role - CustomRole
- Built
In Role - BuiltInRole
- Custom
Role - CustomRole
- Built
In Role - BuiltInRole
- Custom
Role - CustomRole
- BUILT_IN_ROLE
- BuiltInRole
- CUSTOM_ROLE
- CustomRole
- "Built
In Role" - BuiltInRole
- "Custom
Role" - CustomRole
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:documentdb:SqlResourceSqlRoleDefinition myRoleDefinitionId /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DocumentDB/databaseAccounts/{accountName}/sqlRoleDefinitions/{roleDefinitionId}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.47.1 published on Monday, Jun 24, 2024 by Pulumi