Docs Home
Azure Active Directory (Azure AD) v6.4.0 published on Monday, Apr 7, 2025 by Pulumi
azuread.getGroupRoleManagementPolicy
Explore with Pulumi AI
Azure Active Directory (Azure AD) v6.4.0 published on Monday, Apr 7, 2025 by Pulumi
Use this data source to retrieve a role policy for an Azure AD group.
API Permissions
The following API permissions are required in order to use this resource.
When authenticated with a service principal, this resource requires the RoleManagementPolicy.Read.AzureADGroup Microsoft Graph API permissions.
When authenticated with a user principal, this resource requires Global Administrator directory role, or the Privileged Role Administrator role in Identity Governance.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
const example = new azuread.Group("example", {
displayName: "group-name",
securityEnabled: true,
});
const ownersPolicy = azuread.getGroupRoleManagementPolicyOutput({
groupId: example.id,
roleId: "owner",
});
import pulumi
import pulumi_azuread as azuread
example = azuread.Group("example",
display_name="group-name",
security_enabled=True)
owners_policy = azuread.get_group_role_management_policy_output(group_id=example.id,
role_id="owner")
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := azuread.NewGroup(ctx, "example", &azuread.GroupArgs{
DisplayName: pulumi.String("group-name"),
SecurityEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
_ = azuread.LookupGroupRoleManagementPolicyOutput(ctx, azuread.GetGroupRoleManagementPolicyOutputArgs{
GroupId: example.ID(),
RoleId: pulumi.String("owner"),
}, nil)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var example = new AzureAD.Group("example", new()
{
DisplayName = "group-name",
SecurityEnabled = true,
});
var ownersPolicy = AzureAD.GetGroupRoleManagementPolicy.Invoke(new()
{
GroupId = example.Id,
RoleId = "owner",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.Group;
import com.pulumi.azuread.GroupArgs;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetGroupRoleManagementPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Group("example", GroupArgs.builder()
.displayName("group-name")
.securityEnabled(true)
.build());
final var ownersPolicy = AzureadFunctions.getGroupRoleManagementPolicy(GetGroupRoleManagementPolicyArgs.builder()
.groupId(example.id())
.roleId("owner")
.build());
}
}
resources:
example:
type: azuread:Group
properties:
displayName: group-name
securityEnabled: true
variables:
ownersPolicy:
fn::invoke:
function: azuread:getGroupRoleManagementPolicy
arguments:
groupId: ${example.id}
roleId: owner
Using getGroupRoleManagementPolicy
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getGroupRoleManagementPolicy(args: GetGroupRoleManagementPolicyArgs, opts?: InvokeOptions): Promise<GetGroupRoleManagementPolicyResult>
function getGroupRoleManagementPolicyOutput(args: GetGroupRoleManagementPolicyOutputArgs, opts?: InvokeOptions): Output<GetGroupRoleManagementPolicyResult>def get_group_role_management_policy(group_id: Optional[str] = None,
role_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetGroupRoleManagementPolicyResult
def get_group_role_management_policy_output(group_id: Optional[pulumi.Input[str]] = None,
role_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetGroupRoleManagementPolicyResult]func LookupGroupRoleManagementPolicy(ctx *Context, args *LookupGroupRoleManagementPolicyArgs, opts ...InvokeOption) (*LookupGroupRoleManagementPolicyResult, error)
func LookupGroupRoleManagementPolicyOutput(ctx *Context, args *LookupGroupRoleManagementPolicyOutputArgs, opts ...InvokeOption) LookupGroupRoleManagementPolicyResultOutput> Note: This function is named LookupGroupRoleManagementPolicy in the Go SDK.
public static class GetGroupRoleManagementPolicy
{
public static Task<GetGroupRoleManagementPolicyResult> InvokeAsync(GetGroupRoleManagementPolicyArgs args, InvokeOptions? opts = null)
public static Output<GetGroupRoleManagementPolicyResult> Invoke(GetGroupRoleManagementPolicyInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetGroupRoleManagementPolicyResult> getGroupRoleManagementPolicy(GetGroupRoleManagementPolicyArgs args, InvokeOptions options)
public static Output<GetGroupRoleManagementPolicyResult> getGroupRoleManagementPolicy(GetGroupRoleManagementPolicyArgs args, InvokeOptions options)
fn::invoke:
function: azuread:index/getGroupRoleManagementPolicy:getGroupRoleManagementPolicy
arguments:
# arguments dictionaryThe following arguments are supported:
getGroupRoleManagementPolicy Result
The following output properties are available:
- Description string
- (String) The description of this policy.
- Display
Name string - (String) The display name of this policy.
- Group
Id string - Id string
- The provider-assigned unique ID for this managed resource.
- Role
Id string
- Description string
- (String) The description of this policy.
- Display
Name string - (String) The display name of this policy.
- Group
Id string - Id string
- The provider-assigned unique ID for this managed resource.
- Role
Id string
- description String
- (String) The description of this policy.
- display
Name String - (String) The display name of this policy.
- group
Id String - id String
- The provider-assigned unique ID for this managed resource.
- role
Id String
- description string
- (String) The description of this policy.
- display
Name string - (String) The display name of this policy.
- group
Id string - id string
- The provider-assigned unique ID for this managed resource.
- role
Id string
- description str
- (String) The description of this policy.
- display_
name str - (String) The display name of this policy.
- group_
id str - id str
- The provider-assigned unique ID for this managed resource.
- role_
id str
- description String
- (String) The description of this policy.
- display
Name String - (String) The display name of this policy.
- group
Id String - id String
- The provider-assigned unique ID for this managed resource.
- role
Id String
Package Details
- Repository
- Azure Active Directory (Azure AD) pulumi/pulumi-azuread
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azureadTerraform Provider.
Azure Active Directory (Azure AD) v6.4.0 published on Monday, Apr 7, 2025 by Pulumi