https://pulumi.com logo
#dotnet
Title
# dotnet
d

dry-raincoat-51244

01/22/2020, 12:57 PM
Hi all, When creating a resource group in Azure, how do I specify which people have access to it (IAM)? // Create an Azure Resource Group var resourceGroup = new ResourceGroup("PulumiTest", new ResourceGroupArgs { Name = "PulumiTest", });
t

tall-librarian-49374

01/22/2020, 1:13 PM
There is a
RoleAssignment
resource. You assign a given role to the scope of the resource group ID.
d

dry-raincoat-51244

01/22/2020, 1:28 PM
I take it it's the: 'Pulumi.Azure.Role.Assignment' you are referring to? How do I apply it?
t

tall-librarian-49374

01/22/2020, 1:33 PM
Yes, that one. You set
PrincipalId
to a user or a group,
Scope
to resource group ID like ``/subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup``, and the role name/id.
This grants permissions of the given role to the given principal at the given scope.
d

dry-raincoat-51244

01/23/2020, 2:00 PM
But how do you assign it ? I don't see any properties (in the ResourceGroupArgs) with that name and neither in the CustomResourceOptions
p

powerful-football-81694

01/23/2020, 3:14 PM
@dry-raincoat-51244 the Assignment resource is the assignment.
You assign simply by creating that resource.
👍 1
d

dry-raincoat-51244

01/24/2020, 7:25 AM
So I just need to create a Role.Assignment variable and it will magically be assigned to the resource group?
t

tall-librarian-49374

01/24/2020, 7:39 AM
Not magically: you create an assignment resource which references the resource group scope
It’s like you create a blob container which references a storage account. You don’t assign a container to an account.