» Data Source: azurerm_role_definition

Use this data source to access information about an existing Role Definition.

» Example Usage

data "azurerm_subscription" "primary" {}

resource "azurerm_role_definition" "custom" {
  role_definition_id = "00000000-0000-0000-0000-000000000000"
  name               = "CustomRoleDef"
  scope              = "${data.azurerm_subscription.primary.id}"

  #...
}

data "azurerm_role_definition" "custom" {
  role_definition_id = "${azurerm_role_definition.custom.role_definition_id}"
  scope              = "${data.azurerm_subscription.primary.id}"              # /subscriptions/00000000-0000-0000-0000-000000000000
}

data "azurerm_role_definition" "custom-byname" {
  name  = "${azurerm_role_definition.custom.name}"
  scope = "${data.azurerm_subscription.primary.id}"
}

data "azurerm_builtin_role_definition" "builtin" {
  name = "Contributor"
}

output "custom_role_definition_id" {
  value = "${data.azurerm_role_definition.custom.id}"
}

output "contributor_role_definition_id" {
  value = "${data.azurerm_role_definition.builtin.id}"
}

» Argument Reference

  • name - (Optional) Specifies the Name of either a built-in or custom Role Definition.
  • role_definition_id - (Optional) Specifies the ID of the Role Definition as a UUID/GUID.
  • scope - (Optional) Specifies the Scope at which the Custom Role Definition exists.

» Attributes Reference

  • id - the ID of the built-in Role Definition.
  • description - the Description of the built-in Role.
  • type - the Type of the Role.
  • permissions - a permissions block as documented below.
  • assignable_scopes - One or more assignable scopes for this Role Definition, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.

A permissions block contains:

  • actions - a list of actions supported by this role
  • not_actions - a list of actions which are denied by this role