Resource: azuread_access_package_assignment_policy

Manages an assignment policy for an access package within Identity Governance in Azure Active Directory.

API Permissions

The following API permissions are required in order to use this resource.

When authenticated with a service principal, this resource requires the following application role: EntitlementManagement.ReadWrite.All.

When authenticated with a user principal, this resource requires Global Administrator directory role, or one of the Catalog Owner and Access Package Manager role in Identity Governance.

Example Usage

resource "azuread_group" "example" {
  display_name     = "group-name"
  security_enabled = true
}

resource "azuread_access_package_catalog" "example" {
  display_name = "example-catalog"
  description  = "Example catalog"
}

resource "azuread_access_package" "example" {
  catalog_id   = azuread_access_package_catalog.example.id
  display_name = "access-package"
  description  = "Access Package"
}

resource "azuread_access_package_assignment_policy" "example" {
  access_package_id = azuread_access_package.example.id
  display_name      = "assignment-policy"
  description       = "My assignment policy"
  duration_in_days  = 90

  requestor_settings {
    scope_type = "AllExistingDirectoryMemberUsers"
  }

  approval_settings {
    approval_required = true

    approval_stage {
      approval_timeout_in_days = 14

      primary_approver {
        object_id    = azuread_group.example.object_id
        subject_type = "groupMembers"
      }
    }
  }

  assignment_review_settings {
    enabled                        = true
    review_frequency               = "weekly"
    duration_in_days               = 3
    review_type                    = "Self"
    access_review_timeout_behavior = "keepAccess"
  }

  question {
    text {
      default_text = "hello, how are you?"
    }
  }
}

Argument Reference


approval_settings block supports the following:


approval_settings.approval_stage block supports the following


approval_settings.approval_stage.primary_approver and approval_settings.approval_stage.alternative_approver blocks support the following:


assignment_review_settings block supports the following:


assignment_review_settings.reviewer block supports the following:


question block supports the following:


question.text block supports the following:


question.text.localized_text block supports the following:


question.choice block supports the following:


question.choice.display_value block supports the following:


question.choice.display_value.localized_text block supports the following:


requestor_settings block supports the following:


requestor_settings.requestor block supports the following:

Attributes Reference

In addition to all arguments above, the following attributes are exported:

Import

An access package assignment policy can be imported using the ID, e.g.

terraform import azuread_access_package_assignment_policy.example 00000000-0000-0000-0000-000000000000