Resource: azuread_privileged_access_group_assignment_schedule

Manages an active assignment to a privileged access group.

API Permissions

The following API permissions are required in order to use this resource.

When authenticated with a service principal, this resource requires the PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup Microsoft Graph API permissions.

When authenticated with a user principal, this resource requires Global Administrator directory role, or the Privileged Role Administrator role in Identity Governance.

Example Usage

resource "azuread_group" "example" {
  display_name     = "group-name"
  security_enabled = true
}

resource "azuread_user" "member" {
  user_principal_name = "jdoe@hashicorp.com"
  display_name        = "J. Doe"
  mail_nickname       = "jdoe"
  password            = "SecretP@sswd99!"
}

resource "azuread_privileged_access_group_assignment_schedule" "example" {
  group_id        = azuread_group.pim.id
  principal_id    = azuread_user.member.id
  assignment_type = "member"
  duration        = "P30D"
  justification   = "as requested"
}

Argument Reference

At least one of expiration_date, duration, or permanent_assignment must be supplied. The role policy may limit the maximum duration which can be supplied.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

Import

An assignment schedule can be imported using the schedule ID, e.g.

terraform import azuread_privileged_access_group_assignment_schedule.example 00000000-0000-0000-0000-000000000000_member_00000000-0000-0000-0000-000000000000