We recommend using Azure Native.
azure.authorization.getRoleDefinition
Explore with Pulumi AI
Use this data source to access information about an existing Role Definition.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const primary = azure.core.getSubscription({});
const customRoleDefinition = new azure.authorization.RoleDefinition("custom", {
    roleDefinitionId: "00000000-0000-0000-0000-000000000000",
    name: "CustomRoleDef",
    scope: primary.then(primary => primary.id),
});
const custom = pulumi.all([customRoleDefinition.roleDefinitionId, primary]).apply(([roleDefinitionId, primary]) => azure.authorization.getRoleDefinitionOutput({
    roleDefinitionId: roleDefinitionId,
    scope: primary.id,
}));
const custom_byname = pulumi.all([customRoleDefinition.name, primary]).apply(([name, primary]) => azure.authorization.getRoleDefinitionOutput({
    name: name,
    scope: primary.id,
}));
const builtin = azure.authorization.getRoleDefinition({
    name: "Contributor",
});
export const customRoleDefinitionId = custom.apply(custom => custom.id);
export const contributorRoleDefinitionId = builtin.then(builtin => builtin.id);
import pulumi
import pulumi_azure as azure
primary = azure.core.get_subscription()
custom_role_definition = azure.authorization.RoleDefinition("custom",
    role_definition_id="00000000-0000-0000-0000-000000000000",
    name="CustomRoleDef",
    scope=primary.id)
custom = custom_role_definition.role_definition_id.apply(lambda role_definition_id: azure.authorization.get_role_definition_output(role_definition_id=role_definition_id,
    scope=primary.id))
custom_byname = custom_role_definition.name.apply(lambda name: azure.authorization.get_role_definition_output(name=name,
    scope=primary.id))
builtin = azure.authorization.get_role_definition(name="Contributor")
pulumi.export("customRoleDefinitionId", custom.id)
pulumi.export("contributorRoleDefinitionId", builtin.id)
package main
import (
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		primary, err := core.LookupSubscription(ctx, &core.LookupSubscriptionArgs{}, nil)
		if err != nil {
			return err
		}
		customRoleDefinition, err := authorization.NewRoleDefinition(ctx, "custom", &authorization.RoleDefinitionArgs{
			RoleDefinitionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
			Name:             pulumi.String("CustomRoleDef"),
			Scope:            pulumi.String(primary.Id),
		})
		if err != nil {
			return err
		}
		custom := customRoleDefinition.RoleDefinitionId.ApplyT(func(roleDefinitionId string) (authorization.GetRoleDefinitionResult, error) {
			return authorization.GetRoleDefinitionResult(interface{}(authorization.LookupRoleDefinitionOutput(ctx, authorization.GetRoleDefinitionOutputArgs{
				RoleDefinitionId: roleDefinitionId,
				Scope:            primary.Id,
			}, nil))), nil
		}).(authorization.GetRoleDefinitionResultOutput)
		_ = customRoleDefinition.Name.ApplyT(func(name string) (authorization.GetRoleDefinitionResult, error) {
			return authorization.GetRoleDefinitionResult(interface{}(authorization.LookupRoleDefinitionOutput(ctx, authorization.GetRoleDefinitionOutputArgs{
				Name:  name,
				Scope: primary.Id,
			}, nil))), nil
		}).(authorization.GetRoleDefinitionResultOutput)
		builtin, err := authorization.LookupRoleDefinition(ctx, &authorization.LookupRoleDefinitionArgs{
			Name: pulumi.StringRef("Contributor"),
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("customRoleDefinitionId", custom.ApplyT(func(custom authorization.GetRoleDefinitionResult) (*string, error) {
			return &custom.Id, nil
		}).(pulumi.StringPtrOutput))
		ctx.Export("contributorRoleDefinitionId", builtin.Id)
		return nil
	})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() => 
{
    var primary = Azure.Core.GetSubscription.Invoke();
    var customRoleDefinition = new Azure.Authorization.RoleDefinition("custom", new()
    {
        RoleDefinitionId = "00000000-0000-0000-0000-000000000000",
        Name = "CustomRoleDef",
        Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
    });
    var custom = Azure.Authorization.GetRoleDefinition.Invoke(new()
    {
        RoleDefinitionId = customRoleDefinition.RoleDefinitionId,
        Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
    });
    var custom_byname = Azure.Authorization.GetRoleDefinition.Invoke(new()
    {
        Name = customRoleDefinition.Name,
        Scope = primary.Apply(getSubscriptionResult => getSubscriptionResult.Id),
    });
    var builtin = Azure.Authorization.GetRoleDefinition.Invoke(new()
    {
        Name = "Contributor",
    });
    return new Dictionary<string, object?>
    {
        ["customRoleDefinitionId"] = custom.Apply(getRoleDefinitionResult => getRoleDefinitionResult.Id),
        ["contributorRoleDefinitionId"] = builtin.Apply(getRoleDefinitionResult => getRoleDefinitionResult.Id),
    };
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
import com.pulumi.azure.authorization.RoleDefinition;
import com.pulumi.azure.authorization.RoleDefinitionArgs;
import com.pulumi.azure.authorization.AuthorizationFunctions;
import com.pulumi.azure.authorization.inputs.GetRoleDefinitionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var primary = CoreFunctions.getSubscription();
        var customRoleDefinition = new RoleDefinition("customRoleDefinition", RoleDefinitionArgs.builder()
            .roleDefinitionId("00000000-0000-0000-0000-000000000000")
            .name("CustomRoleDef")
            .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
            .build());
        final var custom = AuthorizationFunctions.getRoleDefinition(GetRoleDefinitionArgs.builder()
            .roleDefinitionId(customRoleDefinition.roleDefinitionId())
            .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
            .build());
        final var custom-byname = AuthorizationFunctions.getRoleDefinition(GetRoleDefinitionArgs.builder()
            .name(customRoleDefinition.name())
            .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
            .build());
        final var builtin = AuthorizationFunctions.getRoleDefinition(GetRoleDefinitionArgs.builder()
            .name("Contributor")
            .build());
        ctx.export("customRoleDefinitionId", custom.applyValue(getRoleDefinitionResult -> getRoleDefinitionResult).applyValue(custom -> custom.applyValue(getRoleDefinitionResult -> getRoleDefinitionResult.id())));
        ctx.export("contributorRoleDefinitionId", builtin.applyValue(getRoleDefinitionResult -> getRoleDefinitionResult.id()));
    }
}
resources:
  customRoleDefinition:
    type: azure:authorization:RoleDefinition
    name: custom
    properties:
      roleDefinitionId: 00000000-0000-0000-0000-000000000000
      name: CustomRoleDef
      scope: ${primary.id}
variables:
  primary:
    fn::invoke:
      function: azure:core:getSubscription
      arguments: {}
  custom:
    fn::invoke:
      function: azure:authorization:getRoleDefinition
      arguments:
        roleDefinitionId: ${customRoleDefinition.roleDefinitionId}
        scope: ${primary.id}
  custom-byname:
    fn::invoke:
      function: azure:authorization:getRoleDefinition
      arguments:
        name: ${customRoleDefinition.name}
        scope: ${primary.id}
  builtin:
    fn::invoke:
      function: azure:authorization:getRoleDefinition
      arguments:
        name: Contributor
outputs:
  customRoleDefinitionId: ${custom.id}
  contributorRoleDefinitionId: ${builtin.id}
Using getRoleDefinition
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getRoleDefinition(args: GetRoleDefinitionArgs, opts?: InvokeOptions): Promise<GetRoleDefinitionResult>
function getRoleDefinitionOutput(args: GetRoleDefinitionOutputArgs, opts?: InvokeOptions): Output<GetRoleDefinitionResult>def get_role_definition(name: Optional[str] = None,
                        role_definition_id: Optional[str] = None,
                        scope: Optional[str] = None,
                        opts: Optional[InvokeOptions] = None) -> GetRoleDefinitionResult
def get_role_definition_output(name: Optional[pulumi.Input[str]] = None,
                        role_definition_id: Optional[pulumi.Input[str]] = None,
                        scope: Optional[pulumi.Input[str]] = None,
                        opts: Optional[InvokeOptions] = None) -> Output[GetRoleDefinitionResult]func LookupRoleDefinition(ctx *Context, args *LookupRoleDefinitionArgs, opts ...InvokeOption) (*LookupRoleDefinitionResult, error)
func LookupRoleDefinitionOutput(ctx *Context, args *LookupRoleDefinitionOutputArgs, opts ...InvokeOption) LookupRoleDefinitionResultOutput> Note: This function is named LookupRoleDefinition in the Go SDK.
public static class GetRoleDefinition 
{
    public static Task<GetRoleDefinitionResult> InvokeAsync(GetRoleDefinitionArgs args, InvokeOptions? opts = null)
    public static Output<GetRoleDefinitionResult> Invoke(GetRoleDefinitionInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetRoleDefinitionResult> getRoleDefinition(GetRoleDefinitionArgs args, InvokeOptions options)
public static Output<GetRoleDefinitionResult> getRoleDefinition(GetRoleDefinitionArgs args, InvokeOptions options)
fn::invoke:
  function: azure:authorization/getRoleDefinition:getRoleDefinition
  arguments:
    # arguments dictionaryThe following arguments are supported:
- Name string
- Specifies the Name of either a built-in or custom Role Definition. - You can also use this for built-in roles such as - Contributor,- Owner,- Readerand- Virtual Machine Contributor
- RoleDefinition stringId 
- Specifies the ID of the Role Definition as a UUID/GUID.
- Scope string
- Specifies the Scope at which the Custom Role Definition exists. - Note: One of - nameor- role_definition_idmust be specified.
- Name string
- Specifies the Name of either a built-in or custom Role Definition. - You can also use this for built-in roles such as - Contributor,- Owner,- Readerand- Virtual Machine Contributor
- RoleDefinition stringId 
- Specifies the ID of the Role Definition as a UUID/GUID.
- Scope string
- Specifies the Scope at which the Custom Role Definition exists. - Note: One of - nameor- role_definition_idmust be specified.
- name String
- Specifies the Name of either a built-in or custom Role Definition. - You can also use this for built-in roles such as - Contributor,- Owner,- Readerand- Virtual Machine Contributor
- roleDefinition StringId 
- Specifies the ID of the Role Definition as a UUID/GUID.
- scope String
- Specifies the Scope at which the Custom Role Definition exists. - Note: One of - nameor- role_definition_idmust be specified.
- name string
- Specifies the Name of either a built-in or custom Role Definition. - You can also use this for built-in roles such as - Contributor,- Owner,- Readerand- Virtual Machine Contributor
- roleDefinition stringId 
- Specifies the ID of the Role Definition as a UUID/GUID.
- scope string
- Specifies the Scope at which the Custom Role Definition exists. - Note: One of - nameor- role_definition_idmust be specified.
- name str
- Specifies the Name of either a built-in or custom Role Definition. - You can also use this for built-in roles such as - Contributor,- Owner,- Readerand- Virtual Machine Contributor
- role_definition_ strid 
- Specifies the ID of the Role Definition as a UUID/GUID.
- scope str
- Specifies the Scope at which the Custom Role Definition exists. - Note: One of - nameor- role_definition_idmust be specified.
- name String
- Specifies the Name of either a built-in or custom Role Definition. - You can also use this for built-in roles such as - Contributor,- Owner,- Readerand- Virtual Machine Contributor
- roleDefinition StringId 
- Specifies the ID of the Role Definition as a UUID/GUID.
- scope String
- Specifies the Scope at which the Custom Role Definition exists. - Note: One of - nameor- role_definition_idmust be specified.
getRoleDefinition Result
The following output properties are available:
- AssignableScopes List<string>
- One or more assignable scopes for this Role Definition, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333,/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.
- Description string
- The Description of the built-in Role.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Permissions
List<GetRole Definition Permission> 
- A permissionsblock as documented below.
- RoleDefinition stringId 
- Type string
- The Type of the Role.
- Scope string
- AssignableScopes []string
- One or more assignable scopes for this Role Definition, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333,/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.
- Description string
- The Description of the built-in Role.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Permissions
[]GetRole Definition Permission 
- A permissionsblock as documented below.
- RoleDefinition stringId 
- Type string
- The Type of the Role.
- Scope string
- assignableScopes List<String>
- One or more assignable scopes for this Role Definition, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333,/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.
- description String
- The Description of the built-in Role.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- permissions
List<GetRole Definition Permission> 
- A permissionsblock as documented below.
- roleDefinition StringId 
- type String
- The Type of the Role.
- scope String
- assignableScopes string[]
- One or more assignable scopes for this Role Definition, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333,/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.
- description string
- The Description of the built-in Role.
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- permissions
GetRole Definition Permission[] 
- A permissionsblock as documented below.
- roleDefinition stringId 
- type string
- The Type of the Role.
- scope string
- assignable_scopes Sequence[str]
- One or more assignable scopes for this Role Definition, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333,/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.
- description str
- The Description of the built-in Role.
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- permissions
Sequence[GetRole Definition Permission] 
- A permissionsblock as documented below.
- role_definition_ strid 
- type str
- The Type of the Role.
- scope str
- assignableScopes List<String>
- One or more assignable scopes for this Role Definition, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333,/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.
- description String
- The Description of the built-in Role.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- permissions List<Property Map>
- A permissionsblock as documented below.
- roleDefinition StringId 
- type String
- The Type of the Role.
- scope String
Supporting Types
GetRoleDefinitionPermission   
- Actions List<string>
- A list of actions supported by this role.
- Condition string
- The conditions on this role definition, which limits the resources it can be assigned to.
- ConditionVersion string
- The version of the condition.
- NotActions List<string>
- A list of actions which are denied by this role.
- DataActions List<string>
- A list of data actions allowed by this role.
- NotData List<string>Actions 
- A list of data actions which are denied by this role.
- Actions []string
- A list of actions supported by this role.
- Condition string
- The conditions on this role definition, which limits the resources it can be assigned to.
- ConditionVersion string
- The version of the condition.
- NotActions []string
- A list of actions which are denied by this role.
- DataActions []string
- A list of data actions allowed by this role.
- NotData []stringActions 
- A list of data actions which are denied by this role.
- actions List<String>
- A list of actions supported by this role.
- condition String
- The conditions on this role definition, which limits the resources it can be assigned to.
- conditionVersion String
- The version of the condition.
- notActions List<String>
- A list of actions which are denied by this role.
- dataActions List<String>
- A list of data actions allowed by this role.
- notData List<String>Actions 
- A list of data actions which are denied by this role.
- actions string[]
- A list of actions supported by this role.
- condition string
- The conditions on this role definition, which limits the resources it can be assigned to.
- conditionVersion string
- The version of the condition.
- notActions string[]
- A list of actions which are denied by this role.
- dataActions string[]
- A list of data actions allowed by this role.
- notData string[]Actions 
- A list of data actions which are denied by this role.
- actions Sequence[str]
- A list of actions supported by this role.
- condition str
- The conditions on this role definition, which limits the resources it can be assigned to.
- condition_version str
- The version of the condition.
- not_actions Sequence[str]
- A list of actions which are denied by this role.
- data_actions Sequence[str]
- A list of data actions allowed by this role.
- not_data_ Sequence[str]actions 
- A list of data actions which are denied by this role.
- actions List<String>
- A list of actions supported by this role.
- condition String
- The conditions on this role definition, which limits the resources it can be assigned to.
- conditionVersion String
- The version of the condition.
- notActions List<String>
- A list of actions which are denied by this role.
- dataActions List<String>
- A list of data actions allowed by this role.
- notData List<String>Actions 
- A list of data actions which are denied by this role.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the azurermTerraform Provider.