1. Packages
  2. Azure Active Directory (Azure AD)
  3. API Docs
  4. ApplicationPermissionScope
Azure Active Directory (Azure AD) v5.52.0 published on Friday, Jun 14, 2024 by Pulumi

azuread.ApplicationPermissionScope

Explore with Pulumi AI

azuread logo
Azure Active Directory (Azure AD) v5.52.0 published on Friday, Jun 14, 2024 by Pulumi

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as azuread from "@pulumi/azuread";
    import * as random from "@pulumi/random";
    
    const example = new azuread.ApplicationRegistration("example", {displayName: "example"});
    const exampleAdminister = new random.RandomUuid("example_administer", {});
    const exampleApplicationPermissionScope = new azuread.ApplicationPermissionScope("example", {
        applicationId: test.id,
        scopeId: exampleAdminister.id,
        value: "administer",
        adminConsentDescription: "Administer the application",
        adminConsentDisplayName: "Administer",
    });
    
    import pulumi
    import pulumi_azuread as azuread
    import pulumi_random as random
    
    example = azuread.ApplicationRegistration("example", display_name="example")
    example_administer = random.RandomUuid("example_administer")
    example_application_permission_scope = azuread.ApplicationPermissionScope("example",
        application_id=test["id"],
        scope_id=example_administer.id,
        value="administer",
        admin_consent_description="Administer the application",
        admin_consent_display_name="Administer")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
    	"github.com/pulumi/pulumi-random/sdk/v4/go/random"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := azuread.NewApplicationRegistration(ctx, "example", &azuread.ApplicationRegistrationArgs{
    			DisplayName: pulumi.String("example"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleAdminister, err := random.NewRandomUuid(ctx, "example_administer", nil)
    		if err != nil {
    			return err
    		}
    		_, err = azuread.NewApplicationPermissionScope(ctx, "example", &azuread.ApplicationPermissionScopeArgs{
    			ApplicationId:           pulumi.Any(test.Id),
    			ScopeId:                 exampleAdminister.ID(),
    			Value:                   pulumi.String("administer"),
    			AdminConsentDescription: pulumi.String("Administer the application"),
    			AdminConsentDisplayName: pulumi.String("Administer"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureAD = Pulumi.AzureAD;
    using Random = Pulumi.Random;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new AzureAD.ApplicationRegistration("example", new()
        {
            DisplayName = "example",
        });
    
        var exampleAdminister = new Random.RandomUuid("example_administer");
    
        var exampleApplicationPermissionScope = new AzureAD.ApplicationPermissionScope("example", new()
        {
            ApplicationId = test.Id,
            ScopeId = exampleAdminister.Id,
            Value = "administer",
            AdminConsentDescription = "Administer the application",
            AdminConsentDisplayName = "Administer",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azuread.ApplicationRegistration;
    import com.pulumi.azuread.ApplicationRegistrationArgs;
    import com.pulumi.random.RandomUuid;
    import com.pulumi.azuread.ApplicationPermissionScope;
    import com.pulumi.azuread.ApplicationPermissionScopeArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new ApplicationRegistration("example", ApplicationRegistrationArgs.builder()
                .displayName("example")
                .build());
    
            var exampleAdminister = new RandomUuid("exampleAdminister");
    
            var exampleApplicationPermissionScope = new ApplicationPermissionScope("exampleApplicationPermissionScope", ApplicationPermissionScopeArgs.builder()
                .applicationId(test.id())
                .scopeId(exampleAdminister.id())
                .value("administer")
                .adminConsentDescription("Administer the application")
                .adminConsentDisplayName("Administer")
                .build());
    
        }
    }
    
    resources:
      example:
        type: azuread:ApplicationRegistration
        properties:
          displayName: example
      exampleAdminister:
        type: random:RandomUuid
        name: example_administer
      exampleApplicationPermissionScope:
        type: azuread:ApplicationPermissionScope
        name: example
        properties:
          applicationId: ${test.id}
          scopeId: ${exampleAdminister.id}
          value: administer
          adminConsentDescription: Administer the application
          adminConsentDisplayName: Administer
    

    Tip For managing more permissions scopes, create additional instances of this resource

    Usage with azuread.Application resource

    import * as pulumi from "@pulumi/pulumi";
    import * as azuread from "@pulumi/azuread";
    
    const example = new azuread.Application("example", {displayName: "example"});
    const exampleApplicationPermissionScope = new azuread.ApplicationPermissionScope("example", {applicationId: example.id});
    
    import pulumi
    import pulumi_azuread as azuread
    
    example = azuread.Application("example", display_name="example")
    example_application_permission_scope = azuread.ApplicationPermissionScope("example", application_id=example.id)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := azuread.NewApplication(ctx, "example", &azuread.ApplicationArgs{
    			DisplayName: pulumi.String("example"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = azuread.NewApplicationPermissionScope(ctx, "example", &azuread.ApplicationPermissionScopeArgs{
    			ApplicationId: example.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureAD = Pulumi.AzureAD;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new AzureAD.Application("example", new()
        {
            DisplayName = "example",
        });
    
        var exampleApplicationPermissionScope = new AzureAD.ApplicationPermissionScope("example", new()
        {
            ApplicationId = example.Id,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azuread.Application;
    import com.pulumi.azuread.ApplicationArgs;
    import com.pulumi.azuread.ApplicationPermissionScope;
    import com.pulumi.azuread.ApplicationPermissionScopeArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new Application("example", ApplicationArgs.builder()
                .displayName("example")
                .build());
    
            var exampleApplicationPermissionScope = new ApplicationPermissionScope("exampleApplicationPermissionScope", ApplicationPermissionScopeArgs.builder()
                .applicationId(example.id())
                .build());
    
        }
    }
    
    resources:
      example:
        type: azuread:Application
        properties:
          displayName: example
      exampleApplicationPermissionScope:
        type: azuread:ApplicationPermissionScope
        name: example
        properties:
          applicationId: ${example.id}
    

    Create ApplicationPermissionScope Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ApplicationPermissionScope(name: string, args: ApplicationPermissionScopeArgs, opts?: CustomResourceOptions);
    @overload
    def ApplicationPermissionScope(resource_name: str,
                                   args: ApplicationPermissionScopeArgs,
                                   opts: Optional[ResourceOptions] = None)
    
    @overload
    def ApplicationPermissionScope(resource_name: str,
                                   opts: Optional[ResourceOptions] = None,
                                   admin_consent_description: Optional[str] = None,
                                   admin_consent_display_name: Optional[str] = None,
                                   application_id: Optional[str] = None,
                                   scope_id: Optional[str] = None,
                                   value: Optional[str] = None,
                                   type: Optional[str] = None,
                                   user_consent_description: Optional[str] = None,
                                   user_consent_display_name: Optional[str] = None)
    func NewApplicationPermissionScope(ctx *Context, name string, args ApplicationPermissionScopeArgs, opts ...ResourceOption) (*ApplicationPermissionScope, error)
    public ApplicationPermissionScope(string name, ApplicationPermissionScopeArgs args, CustomResourceOptions? opts = null)
    public ApplicationPermissionScope(String name, ApplicationPermissionScopeArgs args)
    public ApplicationPermissionScope(String name, ApplicationPermissionScopeArgs args, CustomResourceOptions options)
    
    type: azuread:ApplicationPermissionScope
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ApplicationPermissionScopeArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ApplicationPermissionScopeArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ApplicationPermissionScopeArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ApplicationPermissionScopeArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ApplicationPermissionScopeArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var applicationPermissionScopeResource = new AzureAD.ApplicationPermissionScope("applicationPermissionScopeResource", new()
    {
        AdminConsentDescription = "string",
        AdminConsentDisplayName = "string",
        ApplicationId = "string",
        ScopeId = "string",
        Value = "string",
        Type = "string",
        UserConsentDescription = "string",
        UserConsentDisplayName = "string",
    });
    
    example, err := azuread.NewApplicationPermissionScope(ctx, "applicationPermissionScopeResource", &azuread.ApplicationPermissionScopeArgs{
    	AdminConsentDescription: pulumi.String("string"),
    	AdminConsentDisplayName: pulumi.String("string"),
    	ApplicationId:           pulumi.String("string"),
    	ScopeId:                 pulumi.String("string"),
    	Value:                   pulumi.String("string"),
    	Type:                    pulumi.String("string"),
    	UserConsentDescription:  pulumi.String("string"),
    	UserConsentDisplayName:  pulumi.String("string"),
    })
    
    var applicationPermissionScopeResource = new ApplicationPermissionScope("applicationPermissionScopeResource", ApplicationPermissionScopeArgs.builder()
        .adminConsentDescription("string")
        .adminConsentDisplayName("string")
        .applicationId("string")
        .scopeId("string")
        .value("string")
        .type("string")
        .userConsentDescription("string")
        .userConsentDisplayName("string")
        .build());
    
    application_permission_scope_resource = azuread.ApplicationPermissionScope("applicationPermissionScopeResource",
        admin_consent_description="string",
        admin_consent_display_name="string",
        application_id="string",
        scope_id="string",
        value="string",
        type="string",
        user_consent_description="string",
        user_consent_display_name="string")
    
    const applicationPermissionScopeResource = new azuread.ApplicationPermissionScope("applicationPermissionScopeResource", {
        adminConsentDescription: "string",
        adminConsentDisplayName: "string",
        applicationId: "string",
        scopeId: "string",
        value: "string",
        type: "string",
        userConsentDescription: "string",
        userConsentDisplayName: "string",
    });
    
    type: azuread:ApplicationPermissionScope
    properties:
        adminConsentDescription: string
        adminConsentDisplayName: string
        applicationId: string
        scopeId: string
        type: string
        userConsentDescription: string
        userConsentDisplayName: string
        value: string
    

    ApplicationPermissionScope Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The ApplicationPermissionScope resource accepts the following input properties:

    AdminConsentDescription string
    Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
    AdminConsentDisplayName string
    Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
    ApplicationId string
    The resource ID of the application registration. Changing this forces a new resource to be created.
    ScopeId string
    The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.
    Value string

    The value that is used for the scp claim in OAuth access tokens.

    Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.

    Type string
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.
    UserConsentDescription string
    Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
    UserConsentDisplayName string
    Display name for the delegated permission that appears in the end user consent experience
    AdminConsentDescription string
    Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
    AdminConsentDisplayName string
    Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
    ApplicationId string
    The resource ID of the application registration. Changing this forces a new resource to be created.
    ScopeId string
    The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.
    Value string

    The value that is used for the scp claim in OAuth access tokens.

    Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.

    Type string
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.
    UserConsentDescription string
    Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
    UserConsentDisplayName string
    Display name for the delegated permission that appears in the end user consent experience
    adminConsentDescription String
    Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
    adminConsentDisplayName String
    Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
    applicationId String
    The resource ID of the application registration. Changing this forces a new resource to be created.
    scopeId String
    The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.
    value String

    The value that is used for the scp claim in OAuth access tokens.

    Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.

    type String
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.
    userConsentDescription String
    Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
    userConsentDisplayName String
    Display name for the delegated permission that appears in the end user consent experience
    adminConsentDescription string
    Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
    adminConsentDisplayName string
    Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
    applicationId string
    The resource ID of the application registration. Changing this forces a new resource to be created.
    scopeId string
    The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.
    value string

    The value that is used for the scp claim in OAuth access tokens.

    Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.

    type string
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.
    userConsentDescription string
    Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
    userConsentDisplayName string
    Display name for the delegated permission that appears in the end user consent experience
    admin_consent_description str
    Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
    admin_consent_display_name str
    Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
    application_id str
    The resource ID of the application registration. Changing this forces a new resource to be created.
    scope_id str
    The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.
    value str

    The value that is used for the scp claim in OAuth access tokens.

    Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.

    type str
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.
    user_consent_description str
    Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
    user_consent_display_name str
    Display name for the delegated permission that appears in the end user consent experience
    adminConsentDescription String
    Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
    adminConsentDisplayName String
    Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
    applicationId String
    The resource ID of the application registration. Changing this forces a new resource to be created.
    scopeId String
    The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.
    value String

    The value that is used for the scp claim in OAuth access tokens.

    Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.

    type String
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.
    userConsentDescription String
    Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
    userConsentDisplayName String
    Display name for the delegated permission that appears in the end user consent experience

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ApplicationPermissionScope resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing ApplicationPermissionScope Resource

    Get an existing ApplicationPermissionScope resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ApplicationPermissionScopeState, opts?: CustomResourceOptions): ApplicationPermissionScope
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            admin_consent_description: Optional[str] = None,
            admin_consent_display_name: Optional[str] = None,
            application_id: Optional[str] = None,
            scope_id: Optional[str] = None,
            type: Optional[str] = None,
            user_consent_description: Optional[str] = None,
            user_consent_display_name: Optional[str] = None,
            value: Optional[str] = None) -> ApplicationPermissionScope
    func GetApplicationPermissionScope(ctx *Context, name string, id IDInput, state *ApplicationPermissionScopeState, opts ...ResourceOption) (*ApplicationPermissionScope, error)
    public static ApplicationPermissionScope Get(string name, Input<string> id, ApplicationPermissionScopeState? state, CustomResourceOptions? opts = null)
    public static ApplicationPermissionScope get(String name, Output<String> id, ApplicationPermissionScopeState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AdminConsentDescription string
    Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
    AdminConsentDisplayName string
    Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
    ApplicationId string
    The resource ID of the application registration. Changing this forces a new resource to be created.
    ScopeId string
    The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.
    Type string
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.
    UserConsentDescription string
    Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
    UserConsentDisplayName string
    Display name for the delegated permission that appears in the end user consent experience
    Value string

    The value that is used for the scp claim in OAuth access tokens.

    Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.

    AdminConsentDescription string
    Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
    AdminConsentDisplayName string
    Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
    ApplicationId string
    The resource ID of the application registration. Changing this forces a new resource to be created.
    ScopeId string
    The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.
    Type string
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.
    UserConsentDescription string
    Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
    UserConsentDisplayName string
    Display name for the delegated permission that appears in the end user consent experience
    Value string

    The value that is used for the scp claim in OAuth access tokens.

    Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.

    adminConsentDescription String
    Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
    adminConsentDisplayName String
    Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
    applicationId String
    The resource ID of the application registration. Changing this forces a new resource to be created.
    scopeId String
    The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.
    type String
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.
    userConsentDescription String
    Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
    userConsentDisplayName String
    Display name for the delegated permission that appears in the end user consent experience
    value String

    The value that is used for the scp claim in OAuth access tokens.

    Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.

    adminConsentDescription string
    Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
    adminConsentDisplayName string
    Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
    applicationId string
    The resource ID of the application registration. Changing this forces a new resource to be created.
    scopeId string
    The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.
    type string
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.
    userConsentDescription string
    Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
    userConsentDisplayName string
    Display name for the delegated permission that appears in the end user consent experience
    value string

    The value that is used for the scp claim in OAuth access tokens.

    Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.

    admin_consent_description str
    Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
    admin_consent_display_name str
    Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
    application_id str
    The resource ID of the application registration. Changing this forces a new resource to be created.
    scope_id str
    The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.
    type str
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.
    user_consent_description str
    Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
    user_consent_display_name str
    Display name for the delegated permission that appears in the end user consent experience
    value str

    The value that is used for the scp claim in OAuth access tokens.

    Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.

    adminConsentDescription String
    Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users.
    adminConsentDisplayName String
    Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users.
    applicationId String
    The resource ID of the application registration. Changing this forces a new resource to be created.
    scopeId String
    The unique identifier of the permission scope. Must be a valid UUID. Changing this forces a new resource to be created.
    type String
    Whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator should be required for consent to the permissions.
    userConsentDescription String
    Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf.
    userConsentDisplayName String
    Display name for the delegated permission that appears in the end user consent experience
    value String

    The value that is used for the scp claim in OAuth access tokens.

    Roles and Permission Scopes In Azure Active Directory, application roles and permission scopes exported by an application share the same namespace and cannot contain duplicate values.

    Import

    Application App Roles can be imported using the object ID of the application and the ID of the permission scope, in the following format.

    $ pulumi import azuread:index/applicationPermissionScope:ApplicationPermissionScope example /applications/00000000-0000-0000-0000-000000000000/permissionScopes/11111111-1111-1111-1111-111111111111
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Azure Active Directory (Azure AD) pulumi/pulumi-azuread
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azuread Terraform Provider.
    azuread logo
    Azure Active Directory (Azure AD) v5.52.0 published on Friday, Jun 14, 2024 by Pulumi