Hi all, When creating a resource group in Azure, how do I specify which people have access to it (IAM)? // Create an Azure Resource Group var resourceGroup = new ResourceGroup("PulumiTest", new ResourceGroupArgs { Name = "PulumiTest", });

There is a

RoleAssignment

resource. You assign a given role to the scope of the resource group ID.

I take it it's the: 'Pulumi.Azure.Role.Assignment' you are referring to? How do I apply it?

Yes, that one. You set

PrincipalId

to a user or a group,

Scope

to resource group ID like ``/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup``, and the role name/id.

But how do you assign it ? I don't see any properties (in the ResourceGroupArgs) with that name and neither in the CustomResourceOptions

@dry-raincoat-51244 the Assignment resource is the assignment.

So I just need to create a Role.Assignment variable and it will magically be assigned to the resource group?

Not magically: you create an assignment resource which references the resource group scope