Docs
PackagesAzure Active Directory (Azure AD) v5.52.0 published on Friday, Jun 14, 2024 by Pulumi
azuread.ApplicationPermissionScope
Explore with Pulumi AI
Azure Active Directory (Azure AD) v5.52.0 published on Friday, Jun 14, 2024 by Pulumi
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
import * as random from "@pulumi/random";
const example = new azuread.ApplicationRegistration("example", {displayName: "example"});
const exampleAdminister = new random.RandomUuid("example_administer", {});
const exampleApplicationPermissionScope = new azuread.ApplicationPermissionScope("example", {
applicationId: test.id,
scopeId: exampleAdminister.id,
value: "administer",
adminConsentDescription: "Administer the application",
adminConsentDisplayName: "Administer",
});
import pulumi
import pulumi_azuread as azuread
import pulumi_random as random
example = azuread.ApplicationRegistration("example", display_name="example")
example_administer = random.RandomUuid("example_administer")
example_application_permission_scope = azuread.ApplicationPermissionScope("example",
application_id=test["id"],
scope_id=example_administer.id,
value="administer",
admin_consent_description="Administer the application",
admin_consent_display_name="Administer")
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
"github.com/pulumi/pulumi-random/sdk/v4/go/random"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := azuread.NewApplicationRegistration(ctx, "example", &azuread.ApplicationRegistrationArgs{
DisplayName: pulumi.String("example"),
})
if err != nil {
return err
}
exampleAdminister, err := random.NewRandomUuid(ctx, "example_administer", nil)
if err != nil {
return err
}
_, err = azuread.NewApplicationPermissionScope(ctx, "example", &azuread.ApplicationPermissionScopeArgs{
ApplicationId: pulumi.Any(test.Id),
ScopeId: exampleAdminister.ID(),
Value: pulumi.String("administer"),
AdminConsentDescription: pulumi.String("Administer the application"),
AdminConsentDisplayName: pulumi.String("Administer"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
using Random = Pulumi.Random;
return await Deployment.RunAsync(() =>
{
var example = new AzureAD.ApplicationRegistration("example", new()
{
DisplayName = "example",
});
var exampleAdminister = new Random.RandomUuid("example_administer");
var exampleApplicationPermissionScope = new AzureAD.ApplicationPermissionScope("example", new()
{
ApplicationId = test.Id,
ScopeId = exampleAdminister.Id,
Value = "administer",
AdminConsentDescription = "Administer the application",
AdminConsentDisplayName = "Administer",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.ApplicationRegistration;
import com.pulumi.azuread.ApplicationRegistrationArgs;
import com.pulumi.random.RandomUuid;
import com.pulumi.azuread.ApplicationPermissionScope;
import com.pulumi.azuread.ApplicationPermissionScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ApplicationRegistration("example", ApplicationRegistrationArgs.builder()
.displayName("example")
.build());
var exampleAdminister = new RandomUuid("exampleAdminister");
var exampleApplicationPermissionScope = new ApplicationPermissionScope("exampleApplicationPermissionScope", ApplicationPermissionScopeArgs.builder()
.applicationId(test.id())
.scopeId(exampleAdminister.id())
.value("administer")
.adminConsentDescription("Administer the application")
.adminConsentDisplayName("Administer")
.build());
}
}
resources:
example:
type: azuread:ApplicationRegistration
properties:
displayName: example
exampleAdminister:
type: random:RandomUuid
name: example_administer
exampleApplicationPermissionScope:
type: azuread:ApplicationPermissionScope
name: example
properties:
applicationId: ${test.id}
scopeId: ${exampleAdminister.id}
value: administer
adminConsentDescription: Administer the application
adminConsentDisplayName: Administer
Tip For managing more permissions scopes, create additional instances of this resource
Usage with azuread.Application resource
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
const example = new azuread.Application("example", {displayName: "example"});
const exampleApplicationPermissionScope = new azuread.ApplicationPermissionScope("example", {applicationId: example.id});
import pulumi
import pulumi_azuread as azuread
example = azuread.Application("example", display_name="example")
example_application_permission_scope = azuread.ApplicationPermissionScope("example", application_id=example.id)
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := azuread.NewApplication(ctx, "example", &azuread.ApplicationArgs{
DisplayName: pulumi.String("example"),
})
if err != nil {
return err
}
_, err = azuread.NewApplicationPermissionScope(ctx, "example", &azuread.ApplicationPermissionScopeArgs{
ApplicationId: example.ID(),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var example = new AzureAD.Application("example", new()
{
DisplayName = "example",
});
var exampleApplicationPermissionScope = new AzureAD.ApplicationPermissionScope("example", new()
{
ApplicationId = example.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.Application;
import com.pulumi.azuread.ApplicationArgs;
import com.pulumi.azuread.ApplicationPermissionScope;
import com.pulumi.azuread.ApplicationPermissionScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Application("example", ApplicationArgs.builder()
.displayName("example")
.build());
var exampleApplicationPermissionScope = new ApplicationPermissionScope("exampleApplicationPermissionScope", ApplicationPermissionScopeArgs.builder()
.applicationId(example.id())
.build());
}
}
resources:
example:
type: azuread:Application
properties:
displayName: example
exampleApplicationPermissionScope:
type: azuread:ApplicationPermissionScope
name: example
properties:
applicationId: ${example.id}
Create ApplicationPermissionScope Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ApplicationPermissionScope(name: string, args: ApplicationPermissionScopeArgs, opts?: CustomResourceOptions);@overload
def ApplicationPermissionScope(resource_name: str,
args: ApplicationPermissionScopeArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ApplicationPermissionScope(resource_name: str,
opts: Optional[ResourceOptions] = None,
admin_consent_description: Optional[str] = None,
admin_consent_display_name: Optional[str] = None,
application_id: Optional[str] = None,
scope_id: Optional[str] = None,
value: Optional[str] = None,
type: Optional[str] = None,
user_consent_description: Optional[str] = None,
user_consent_display_name: Optional[str] = None)func NewApplicationPermissionScope(ctx *Context, name string, args ApplicationPermissionScopeArgs, opts ...ResourceOption) (*ApplicationPermissionScope, error)public ApplicationPermissionScope(string name, ApplicationPermissionScopeArgs args, CustomResourceOptions? opts = null)
public ApplicationPermissionScope(String name, ApplicationPermissionScopeArgs args)
public ApplicationPermissionScope(String name, ApplicationPermissionScopeArgs args, CustomResourceOptions options)
type: azuread:ApplicationPermissionScope
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ApplicationPermissionScopeArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ApplicationPermissionScopeArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ApplicationPermissionScopeArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ApplicationPermissionScopeArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ApplicationPermissionScopeArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var applicationPermissionScopeResource = new AzureAD.ApplicationPermissionScope("applicationPermissionScopeResource", new()
{
AdminConsentDescription = "string",
AdminConsentDisplayName = "string",
ApplicationId = "string",
ScopeId = "string",
Value = "string",
Type = "string",
UserConsentDescription = "string",
UserConsentDisplayName = "string",
});
example, err := azuread.NewApplicationPermissionScope(ctx, "applicationPermissionScopeResource", &azuread.ApplicationPermissionScopeArgs{
AdminConsentDescription: pulumi.String("string"),
AdminConsentDisplayName: pulumi.String("string"),
ApplicationId: pulumi.String("string"),
ScopeId: pulumi.String("string"),
Value: pulumi.String("string"),
Type: pulumi.String("string"),
UserConsentDescription: pulumi.String("string"),
UserConsentDisplayName: pulumi.String("string"),
})
var applicationPermissionScopeResource = new ApplicationPermissionScope("applicationPermissionScopeResource", ApplicationPermissionScopeArgs.builder()
.adminConsentDescription("string")
.adminConsentDisplayName("string")
.applicationId("string")
.scopeId("string")
.value("string")
.type("string")
.userConsentDescription("string")
.userConsentDisplayName("string")
.build());
application_permission_scope_resource = azuread.ApplicationPermissionScope("applicationPermissionScopeResource",
admin_consent_description="string",
admin_consent_display_name="string",
application_id="string",
scope_id="string",
value="string",
type="string",
user_consent_description="string",
user_consent_display_name="string")
const applicationPermissionScopeResource = new azuread.ApplicationPermissionScope("applicationPermissionScopeResource", {
adminConsentDescription: "string",
adminConsentDisplayName: "string",
applicationId: "string",
scopeId: "string",
value: "string",
type: "string",
userConsentDescription: "string",
userConsentDisplayName: "string",
});
type: azuread:ApplicationPermissionScope
properties:
adminConsentDescription: string
adminConsentDisplayName: string
applicationId: string
scopeId: string
type: string
userConsentDescription: string
userConsentDisplayName: string
value: string
ApplicationPermissionScope Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ApplicationPermissionScope resource accepts the following input properties:
- Admin
Consent stringDescription - Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
- Admin
Consent stringDisplay Name - Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
- Application
Id string - The resource ID of the application registration. Changing this forces a new resource to be created.
- Scope
Id string - The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.
- Value string
The value that is used for the
scpclaim in OAuth access tokens.Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.
- Type string
- Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.
- User
Consent stringDescription - Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
- User
Consent stringDisplay Name - Display name for the delegated permission that appears in the end user consent experience
- Admin
Consent stringDescription - Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
- Admin
Consent stringDisplay Name - Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
- Application
Id string - The resource ID of the application registration. Changing this forces a new resource to be created.
- Scope
Id string - The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.
- Value string
The value that is used for the
scpclaim in OAuth access tokens.Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.
- Type string
- Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.
- User
Consent stringDescription - Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
- User
Consent stringDisplay Name - Display name for the delegated permission that appears in the end user consent experience
- admin
Consent StringDescription - Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
- admin
Consent StringDisplay Name - Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
- application
Id String - The resource ID of the application registration. Changing this forces a new resource to be created.
- scope
Id String - The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.
- value String
The value that is used for the
scpclaim in OAuth access tokens.Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.
- type String
- Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.
- user
Consent StringDescription - Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
- user
Consent StringDisplay Name - Display name for the delegated permission that appears in the end user consent experience
- admin
Consent stringDescription - Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
- admin
Consent stringDisplay Name - Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
- application
Id string - The resource ID of the application registration. Changing this forces a new resource to be created.
- scope
Id string - The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.
- value string
The value that is used for the
scpclaim in OAuth access tokens.Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.
- type string
- Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.
- user
Consent stringDescription - Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
- user
Consent stringDisplay Name - Display name for the delegated permission that appears in the end user consent experience
- admin_
consent_ strdescription - Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
- admin_
consent_ strdisplay_ name - Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
- application_
id str - The resource ID of the application registration. Changing this forces a new resource to be created.
- scope_
id str - The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.
- value str
The value that is used for the
scpclaim in OAuth access tokens.Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.
- type str
- Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.
- user_
consent_ strdescription - Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
- user_
consent_ strdisplay_ name - Display name for the delegated permission that appears in the end user consent experience
- admin
Consent StringDescription - Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
- admin
Consent StringDisplay Name - Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
- application
Id String - The resource ID of the application registration. Changing this forces a new resource to be created.
- scope
Id String - The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.
- value String
The value that is used for the
scpclaim in OAuth access tokens.Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.
- type String
- Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.
- user
Consent StringDescription - Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
- user
Consent StringDisplay Name - Display name for the delegated permission that appears in the end user consent experience
Outputs
All input properties are implicitly available as output properties. Additionally, the ApplicationPermissionScope resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ApplicationPermissionScope Resource
Get an existing ApplicationPermissionScope resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ApplicationPermissionScopeState, opts?: CustomResourceOptions): ApplicationPermissionScope@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
admin_consent_description: Optional[str] = None,
admin_consent_display_name: Optional[str] = None,
application_id: Optional[str] = None,
scope_id: Optional[str] = None,
type: Optional[str] = None,
user_consent_description: Optional[str] = None,
user_consent_display_name: Optional[str] = None,
value: Optional[str] = None) -> ApplicationPermissionScopefunc GetApplicationPermissionScope(ctx *Context, name string, id IDInput, state *ApplicationPermissionScopeState, opts ...ResourceOption) (*ApplicationPermissionScope, error)public static ApplicationPermissionScope Get(string name, Input<string> id, ApplicationPermissionScopeState? state, CustomResourceOptions? opts = null)public static ApplicationPermissionScope get(String name, Output<String> id, ApplicationPermissionScopeState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Admin
Consent stringDescription - Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
- Admin
Consent stringDisplay Name - Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
- Application
Id string - The resource ID of the application registration. Changing this forces a new resource to be created.
- Scope
Id string - The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.
- Type string
- Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.
- User
Consent stringDescription - Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
- User
Consent stringDisplay Name - Display name for the delegated permission that appears in the end user consent experience
- Value string
The value that is used for the
scpclaim in OAuth access tokens.Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.
- Admin
Consent stringDescription - Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
- Admin
Consent stringDisplay Name - Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
- Application
Id string - The resource ID of the application registration. Changing this forces a new resource to be created.
- Scope
Id string - The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.
- Type string
- Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.
- User
Consent stringDescription - Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
- User
Consent stringDisplay Name - Display name for the delegated permission that appears in the end user consent experience
- Value string
The value that is used for the
scpclaim in OAuth access tokens.Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.
- admin
Consent StringDescription - Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
- admin
Consent StringDisplay Name - Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
- application
Id String - The resource ID of the application registration. Changing this forces a new resource to be created.
- scope
Id String - The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.
- type String
- Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.
- user
Consent StringDescription - Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
- user
Consent StringDisplay Name - Display name for the delegated permission that appears in the end user consent experience
- value String
The value that is used for the
scpclaim in OAuth access tokens.Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.
- admin
Consent stringDescription - Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
- admin
Consent stringDisplay Name - Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
- application
Id string - The resource ID of the application registration. Changing this forces a new resource to be created.
- scope
Id string - The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.
- type string
- Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.
- user
Consent stringDescription - Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
- user
Consent stringDisplay Name - Display name for the delegated permission that appears in the end user consent experience
- value string
The value that is used for the
scpclaim in OAuth access tokens.Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.
- admin_
consent_ strdescription - Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
- admin_
consent_ strdisplay_ name - Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
- application_
id str - The resource ID of the application registration. Changing this forces a new resource to be created.
- scope_
id str - The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.
- type str
- Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.
- user_
consent_ strdescription - Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
- user_
consent_ strdisplay_ name - Display name for the delegated permission that appears in the end user consent experience
- value str
The value that is used for the
scpclaim in OAuth access tokens.Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.
- admin
Consent StringDescription - Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
- admin
Consent StringDisplay Name - Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
- application
Id String - The resource ID of the application registration. Changing this forces a new resource to be created.
- scope
Id String - The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.
- type String
- Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.
- user
Consent StringDescription - Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
- user
Consent StringDisplay Name - Display name for the delegated permission that appears in the end user consent experience
- value String
The value that is used for the
scpclaim in OAuth access tokens.Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.
Import
Application App Roles can be imported using the object ID of the application and the ID of the permission scope, in the following format.
$ pulumi import azuread:index/applicationPermissionScope:ApplicationPermissionScope example /applications/00000000-0000-0000-0000-000000000000/permissionScopes/11111111-1111-1111-1111-111111111111
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Active Directory (Azure AD) pulumi/pulumi-azuread
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azureadTerraform Provider.
Azure Active Directory (Azure AD) v5.52.0 published on Friday, Jun 14, 2024 by Pulumi