» Data Source: azurerm_role_definition
Use this data source to access information about an existing Role Definition.
» Example Usage
data "azurerm_subscription" "primary" {}
resource "azurerm_role_definition" "custom" {
role_definition_id = "00000000-0000-0000-0000-000000000000"
name = "CustomRoleDef"
scope = "${data.azurerm_subscription.primary.id}"
#...
}
data "azurerm_role_definition" "custom" {
role_definition_id = "${azurerm_role_definition.custom.role_definition_id}"
scope = "${data.azurerm_subscription.primary.id}" # /subscriptions/00000000-0000-0000-0000-000000000000
}
data "azurerm_role_definition" "custom-byname" {
name = "${azurerm_role_definition.custom.name}"
scope = "${data.azurerm_subscription.primary.id}"
}
data "azurerm_builtin_role_definition" "builtin" {
name = "Contributor"
}
output "custom_role_definition_id" {
value = "${data.azurerm_role_definition.custom.id}"
}
output "contributor_role_definition_id" {
value = "${data.azurerm_role_definition.builtin.id}"
}
» Argument Reference
-
name- (Optional) Specifies the Name of either a built-in or custom Role Definition.
You can also use this for built-in roles such as Contributor, Owner, Reader and Virtual Machine Contributor
-
role_definition_id- (Optional) Specifies the ID of the Role Definition as a UUID/GUID. -
scope- (Optional) Specifies the Scope at which the Custom Role Definition exists.
NOTE: One of name or role_definition_id must be specified.
» Attributes Reference
-
id- the ID of the built-in Role Definition. -
description- the Description of the built-in Role. -
type- the Type of the Role. -
permissions- apermissionsblock as documented below. -
assignable_scopes- One or more assignable scopes for this Role Definition, such as/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333,/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.
A permissions block contains:
-
actions- a list of actions supported by this role -
not_actions- a list of actions which are denied by this role