This provider is currently in preview.
published on Thursday, May 21, 2026 by Pulumi
This provider is currently in preview.
published on Thursday, May 21, 2026 by Pulumi
Builds an OrganizationRole.permissions descriptor that grants the supplied scopes globally — i.e. on every entity of the matching resource type. This is the simplest descriptor: a flat PermissionDescriptorAllow. Use this helper instead of hand-authoring the descriptor literal so the wire-format __type discriminator stays an implementation detail. For grants scoped to a specific entity, see buildEnvironmentScopedPermissions, buildStackScopedPermissions, or buildInsightsAccountScopedPermissions. The result is directly assignable to OrganizationRole.permissions. To grant scopes on more than one entity in a single role, hand-roll a PermissionDescriptorGroup whose entries list pulls the output of each helper.
Using buildAllowPermissions
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function buildAllowPermissions(args: BuildAllowPermissionsArgs, opts?: InvokeOptions): Promise<BuildAllowPermissionsResult>
function buildAllowPermissionsOutput(args: BuildAllowPermissionsOutputArgs, opts?: InvokeOptions): Output<BuildAllowPermissionsResult>def build_allow_permissions(permissions: Optional[Sequence[str]] = None,
opts: Optional[InvokeOptions] = None) -> BuildAllowPermissionsResult
def build_allow_permissions_output(permissions: pulumi.Input[Optional[Sequence[pulumi.Input[str]]]] = None,
opts: Optional[InvokeOptions] = None) -> Output[BuildAllowPermissionsResult]func BuildAllowPermissions(ctx *Context, args *BuildAllowPermissionsArgs, opts ...InvokeOption) (*BuildAllowPermissionsResult, error)
func BuildAllowPermissionsOutput(ctx *Context, args *BuildAllowPermissionsOutputArgs, opts ...InvokeOption) BuildAllowPermissionsResultOutput> Note: This function is named BuildAllowPermissions in the Go SDK.
public static class BuildAllowPermissions
{
public static Task<BuildAllowPermissionsResult> InvokeAsync(BuildAllowPermissionsArgs args, InvokeOptions? opts = null)
public static Output<BuildAllowPermissionsResult> Invoke(BuildAllowPermissionsInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<BuildAllowPermissionsResult> buildAllowPermissions(BuildAllowPermissionsArgs args, InvokeOptions options)
public static Output<BuildAllowPermissionsResult> buildAllowPermissions(BuildAllowPermissionsArgs args, InvokeOptions options)
fn::invoke:
function: pulumiservice:buildAllowPermissions
arguments:
# arguments dictionarydata "pulumiservice_buildallowpermissions" "name" {
# arguments
}The following arguments are supported:
- Permissions List<string>
- The set of scopes to grant globally (e.g.
stack:read,environment:open,organization:billingManager). Discover valid scope names via thegetOrganizationRoleScopesdata source.
- Permissions []string
- The set of scopes to grant globally (e.g.
stack:read,environment:open,organization:billingManager). Discover valid scope names via thegetOrganizationRoleScopesdata source.
- permissions list(string)
- The set of scopes to grant globally (e.g.
stack:read,environment:open,organization:billingManager). Discover valid scope names via thegetOrganizationRoleScopesdata source.
- permissions List<String>
- The set of scopes to grant globally (e.g.
stack:read,environment:open,organization:billingManager). Discover valid scope names via thegetOrganizationRoleScopesdata source.
- permissions string[]
- The set of scopes to grant globally (e.g.
stack:read,environment:open,organization:billingManager). Discover valid scope names via thegetOrganizationRoleScopesdata source.
- permissions Sequence[str]
- The set of scopes to grant globally (e.g.
stack:read,environment:open,organization:billingManager). Discover valid scope names via thegetOrganizationRoleScopesdata source.
- permissions List<String>
- The set of scopes to grant globally (e.g.
stack:read,environment:open,organization:billingManager). Discover valid scope names via thegetOrganizationRoleScopesdata source.
buildAllowPermissions Result
The following output properties are available:
- Permissions Dictionary<string, object>
- A
PermissionDescriptorAllowgranting the supplied scopes on every entity of the matching resource type, ready to assign toOrganizationRole.permissions.
- Permissions map[string]interface{}
- A
PermissionDescriptorAllowgranting the supplied scopes on every entity of the matching resource type, ready to assign toOrganizationRole.permissions.
- permissions map(any)
- A
PermissionDescriptorAllowgranting the supplied scopes on every entity of the matching resource type, ready to assign toOrganizationRole.permissions.
- permissions Map<String,Object>
- A
PermissionDescriptorAllowgranting the supplied scopes on every entity of the matching resource type, ready to assign toOrganizationRole.permissions.
- permissions {[key: string]: any}
- A
PermissionDescriptorAllowgranting the supplied scopes on every entity of the matching resource type, ready to assign toOrganizationRole.permissions.
- permissions Mapping[str, Any]
- A
PermissionDescriptorAllowgranting the supplied scopes on every entity of the matching resource type, ready to assign toOrganizationRole.permissions.
- permissions Map<Any>
- A
PermissionDescriptorAllowgranting the supplied scopes on every entity of the matching resource type, ready to assign toOrganizationRole.permissions.
Package Details
- Repository
- pulumiservice pulumi/pulumi-pulumiservice
- License
- Apache-2.0
This provider is currently in preview.
published on Thursday, May 21, 2026 by Pulumi