Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi Cloud Packages Tutorials
  1. Packages
  2. Aiven Provider
  3. API Docs
  4. OrganizationPermission
Aiven v6.37.0 published on Thursday, Apr 10, 2025 by Pulumi
pulumi/pulumi-aiven

aiven.OrganizationPermission

Explore with Pulumi AI

Aiven v6.37.0 published on Thursday, Apr 10, 2025 by Pulumi
pulumi/pulumi-aiven

Grants roles and permissions to a principal for a resource. Permissions can be granted at the organization, organizational unit, and project level. Unit-level permissions aren’t shown in the Aiven Console.

To assign permissions to multiple users and groups on the same combination of organization ID, resource ID and resource type, don’t use multiple aiven.OrganizationPermission resources. Instead, use multiple permission blocks as in the example usage.

Do not use the aiven.ProjectUser or aiven.OrganizationGroupProject resources with this resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aiven from "@pulumi/aiven";

// Grant access to a specific project
const exampleProjectPermissions = new aiven.OrganizationPermission("example_project_permissions", {
    organizationId: main.id,
    resourceId: exampleProject.project,
    resourceType: "project",
    permissions: [
        {
            permissions: [
                "operator",
                "service:logs:read",
            ],
            principalId: "u123a456b7890c",
            principalType: "user",
        },
        {
            permissions: [
                "project:integrations:write",
                "developer",
            ],
            principalId: exampleGroup.groupId,
            principalType: "user_group",
        },
    ],
});
// Organization-level permissions
const exampleOrgPermissions = new aiven.OrganizationPermission("example_org_permissions", {
    organizationId: main.id,
    resourceId: main.id,
    resourceType: "organization",
    permissions: [
        {
            permissions: [
                "organization:app_users:write",
                "project:audit_logs:read",
            ],
            principalId: "u123a456b7890c",
            principalType: "user",
        },
        {
            permissions: [
                "organization:users:write",
                "organization:groups:write",
                "organization:domains:write",
                "organization:idps:write",
            ],
            principalId: exampleGroupAivenOrganizationUserGroup.groupId,
            principalType: "user_group",
        },
    ],
});
Copy
import pulumi
import pulumi_aiven as aiven

# Grant access to a specific project
example_project_permissions = aiven.OrganizationPermission("example_project_permissions",
    organization_id=main["id"],
    resource_id=example_project["project"],
    resource_type="project",
    permissions=[
        {
            "permissions": [
                "operator",
                "service:logs:read",
            ],
            "principal_id": "u123a456b7890c",
            "principal_type": "user",
        },
        {
            "permissions": [
                "project:integrations:write",
                "developer",
            ],
            "principal_id": example_group["groupId"],
            "principal_type": "user_group",
        },
    ])
# Organization-level permissions
example_org_permissions = aiven.OrganizationPermission("example_org_permissions",
    organization_id=main["id"],
    resource_id=main["id"],
    resource_type="organization",
    permissions=[
        {
            "permissions": [
                "organization:app_users:write",
                "project:audit_logs:read",
            ],
            "principal_id": "u123a456b7890c",
            "principal_type": "user",
        },
        {
            "permissions": [
                "organization:users:write",
                "organization:groups:write",
                "organization:domains:write",
                "organization:idps:write",
            ],
            "principal_id": example_group_aiven_organization_user_group["groupId"],
            "principal_type": "user_group",
        },
    ])
Copy
package main

import (
	"github.com/pulumi/pulumi-aiven/sdk/v6/go/aiven"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// Grant access to a specific project
		_, err := aiven.NewOrganizationPermission(ctx, "example_project_permissions", &aiven.OrganizationPermissionArgs{
			OrganizationId: pulumi.Any(main.Id),
			ResourceId:     pulumi.Any(exampleProject.Project),
			ResourceType:   pulumi.String("project"),
			Permissions: aiven.OrganizationPermissionPermissionArray{
				&aiven.OrganizationPermissionPermissionArgs{
					Permissions: pulumi.StringArray{
						pulumi.String("operator"),
						pulumi.String("service:logs:read"),
					},
					PrincipalId:   pulumi.String("u123a456b7890c"),
					PrincipalType: pulumi.String("user"),
				},
				&aiven.OrganizationPermissionPermissionArgs{
					Permissions: pulumi.StringArray{
						pulumi.String("project:integrations:write"),
						pulumi.String("developer"),
					},
					PrincipalId:   pulumi.Any(exampleGroup.GroupId),
					PrincipalType: pulumi.String("user_group"),
				},
			},
		})
		if err != nil {
			return err
		}
		// Organization-level permissions
		_, err = aiven.NewOrganizationPermission(ctx, "example_org_permissions", &aiven.OrganizationPermissionArgs{
			OrganizationId: pulumi.Any(main.Id),
			ResourceId:     pulumi.Any(main.Id),
			ResourceType:   pulumi.String("organization"),
			Permissions: aiven.OrganizationPermissionPermissionArray{
				&aiven.OrganizationPermissionPermissionArgs{
					Permissions: pulumi.StringArray{
						pulumi.String("organization:app_users:write"),
						pulumi.String("project:audit_logs:read"),
					},
					PrincipalId:   pulumi.String("u123a456b7890c"),
					PrincipalType: pulumi.String("user"),
				},
				&aiven.OrganizationPermissionPermissionArgs{
					Permissions: pulumi.StringArray{
						pulumi.String("organization:users:write"),
						pulumi.String("organization:groups:write"),
						pulumi.String("organization:domains:write"),
						pulumi.String("organization:idps:write"),
					},
					PrincipalId:   pulumi.Any(exampleGroupAivenOrganizationUserGroup.GroupId),
					PrincipalType: pulumi.String("user_group"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aiven = Pulumi.Aiven;

return await Deployment.RunAsync(() => 
{
    // Grant access to a specific project
    var exampleProjectPermissions = new Aiven.OrganizationPermission("example_project_permissions", new()
    {
        OrganizationId = main.Id,
        ResourceId = exampleProject.Project,
        ResourceType = "project",
        Permissions = new[]
        {
            new Aiven.Inputs.OrganizationPermissionPermissionArgs
            {
                Permissions = new[]
                {
                    "operator",
                    "service:logs:read",
                },
                PrincipalId = "u123a456b7890c",
                PrincipalType = "user",
            },
            new Aiven.Inputs.OrganizationPermissionPermissionArgs
            {
                Permissions = new[]
                {
                    "project:integrations:write",
                    "developer",
                },
                PrincipalId = exampleGroup.GroupId,
                PrincipalType = "user_group",
            },
        },
    });

    // Organization-level permissions
    var exampleOrgPermissions = new Aiven.OrganizationPermission("example_org_permissions", new()
    {
        OrganizationId = main.Id,
        ResourceId = main.Id,
        ResourceType = "organization",
        Permissions = new[]
        {
            new Aiven.Inputs.OrganizationPermissionPermissionArgs
            {
                Permissions = new[]
                {
                    "organization:app_users:write",
                    "project:audit_logs:read",
                },
                PrincipalId = "u123a456b7890c",
                PrincipalType = "user",
            },
            new Aiven.Inputs.OrganizationPermissionPermissionArgs
            {
                Permissions = new[]
                {
                    "organization:users:write",
                    "organization:groups:write",
                    "organization:domains:write",
                    "organization:idps:write",
                },
                PrincipalId = exampleGroupAivenOrganizationUserGroup.GroupId,
                PrincipalType = "user_group",
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aiven.OrganizationPermission;
import com.pulumi.aiven.OrganizationPermissionArgs;
import com.pulumi.aiven.inputs.OrganizationPermissionPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // Grant access to a specific project
        var exampleProjectPermissions = new OrganizationPermission("exampleProjectPermissions", OrganizationPermissionArgs.builder()
            .organizationId(main.id())
            .resourceId(exampleProject.project())
            .resourceType("project")
            .permissions(            
                OrganizationPermissionPermissionArgs.builder()
                    .permissions(                    
                        "operator",
                        "service:logs:read")
                    .principalId("u123a456b7890c")
                    .principalType("user")
                    .build(),
                OrganizationPermissionPermissionArgs.builder()
                    .permissions(                    
                        "project:integrations:write",
                        "developer")
                    .principalId(exampleGroup.groupId())
                    .principalType("user_group")
                    .build())
            .build());

        // Organization-level permissions
        var exampleOrgPermissions = new OrganizationPermission("exampleOrgPermissions", OrganizationPermissionArgs.builder()
            .organizationId(main.id())
            .resourceId(main.id())
            .resourceType("organization")
            .permissions(            
                OrganizationPermissionPermissionArgs.builder()
                    .permissions(                    
                        "organization:app_users:write",
                        "project:audit_logs:read")
                    .principalId("u123a456b7890c")
                    .principalType("user")
                    .build(),
                OrganizationPermissionPermissionArgs.builder()
                    .permissions(                    
                        "organization:users:write",
                        "organization:groups:write",
                        "organization:domains:write",
                        "organization:idps:write")
                    .principalId(exampleGroupAivenOrganizationUserGroup.groupId())
                    .principalType("user_group")
                    .build())
            .build());

    }
}
Copy
resources:
  # Grant access to a specific project
  exampleProjectPermissions:
    type: aiven:OrganizationPermission
    name: example_project_permissions
    properties:
      organizationId: ${main.id}
      resourceId: ${exampleProject.project}
      resourceType: project
      permissions:
        - permissions:
            - operator
            - service:logs:read
          principalId: u123a456b7890c
          principalType: user
        - permissions:
            - project:integrations:write
            - developer
          principalId: ${exampleGroup.groupId}
          principalType: user_group
  # Organization-level permissions
  exampleOrgPermissions:
    type: aiven:OrganizationPermission
    name: example_org_permissions
    properties:
      organizationId: ${main.id}
      resourceId: ${main.id}
      resourceType: organization
      permissions:
        - permissions:
            - organization:app_users:write
            - project:audit_logs:read
          principalId: u123a456b7890c
          principalType: user
        - permissions:
            - organization:users:write
            - organization:groups:write
            - organization:domains:write
            - organization:idps:write
          principalId: ${exampleGroupAivenOrganizationUserGroup.groupId}
          principalType: user_group
Copy

Create OrganizationPermission Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new OrganizationPermission(name: string, args: OrganizationPermissionArgs, opts?: CustomResourceOptions);
@overload
def OrganizationPermission(resource_name: str,
                           args: OrganizationPermissionArgs,
                           opts: Optional[ResourceOptions] = None)

@overload
def OrganizationPermission(resource_name: str,
                           opts: Optional[ResourceOptions] = None,
                           organization_id: Optional[str] = None,
                           permissions: Optional[Sequence[OrganizationPermissionPermissionArgs]] = None,
                           resource_id: Optional[str] = None,
                           resource_type: Optional[str] = None)
func NewOrganizationPermission(ctx *Context, name string, args OrganizationPermissionArgs, opts ...ResourceOption) (*OrganizationPermission, error)
public OrganizationPermission(string name, OrganizationPermissionArgs args, CustomResourceOptions? opts = null)
public OrganizationPermission(String name, OrganizationPermissionArgs args)
public OrganizationPermission(String name, OrganizationPermissionArgs args, CustomResourceOptions options)

type: aiven:OrganizationPermission
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. OrganizationPermissionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. OrganizationPermissionArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. OrganizationPermissionArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. OrganizationPermissionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. OrganizationPermissionArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var organizationPermissionResource = new Aiven.OrganizationPermission("organizationPermissionResource", new()
{
    OrganizationId = "string",
    Permissions = new[]
    {
        new Aiven.Inputs.OrganizationPermissionPermissionArgs
        {
            Permissions = new[]
            {
                "string",
            },
            PrincipalId = "string",
            PrincipalType = "string",
            CreateTime = "string",
            UpdateTime = "string",
        },
    },
    ResourceId = "string",
    ResourceType = "string",
});
Copy
example, err := aiven.NewOrganizationPermission(ctx, "organizationPermissionResource", &aiven.OrganizationPermissionArgs{
	OrganizationId: pulumi.String("string"),
	Permissions: aiven.OrganizationPermissionPermissionArray{
		&aiven.OrganizationPermissionPermissionArgs{
			Permissions: pulumi.StringArray{
				pulumi.String("string"),
			},
			PrincipalId:   pulumi.String("string"),
			PrincipalType: pulumi.String("string"),
			CreateTime:    pulumi.String("string"),
			UpdateTime:    pulumi.String("string"),
		},
	},
	ResourceId:   pulumi.String("string"),
	ResourceType: pulumi.String("string"),
})
Copy
var organizationPermissionResource = new OrganizationPermission("organizationPermissionResource", OrganizationPermissionArgs.builder()
    .organizationId("string")
    .permissions(OrganizationPermissionPermissionArgs.builder()
        .permissions("string")
        .principalId("string")
        .principalType("string")
        .createTime("string")
        .updateTime("string")
        .build())
    .resourceId("string")
    .resourceType("string")
    .build());
Copy
organization_permission_resource = aiven.OrganizationPermission("organizationPermissionResource",
    organization_id="string",
    permissions=[{
        "permissions": ["string"],
        "principal_id": "string",
        "principal_type": "string",
        "create_time": "string",
        "update_time": "string",
    }],
    resource_id="string",
    resource_type="string")
Copy
const organizationPermissionResource = new aiven.OrganizationPermission("organizationPermissionResource", {
    organizationId: "string",
    permissions: [{
        permissions: ["string"],
        principalId: "string",
        principalType: "string",
        createTime: "string",
        updateTime: "string",
    }],
    resourceId: "string",
    resourceType: "string",
});
Copy
type: aiven:OrganizationPermission
properties:
    organizationId: string
    permissions:
        - createTime: string
          permissions:
            - string
          principalId: string
          principalType: string
          updateTime: string
    resourceId: string
    resourceType: string
Copy

OrganizationPermission Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The OrganizationPermission resource accepts the following input properties:

OrganizationId This property is required. string
Organization ID.
Permissions This property is required. List<OrganizationPermissionPermission>
Permissions to grant to principals.
ResourceId This property is required. string
Resource ID.
ResourceType This property is required. string
Resource type. The possible values are organization, organization_unit and project.
OrganizationId This property is required. string
Organization ID.
Permissions This property is required. []OrganizationPermissionPermissionArgs
Permissions to grant to principals.
ResourceId This property is required. string
Resource ID.
ResourceType This property is required. string
Resource type. The possible values are organization, organization_unit and project.
organizationId This property is required. String
Organization ID.
permissions This property is required. List<OrganizationPermissionPermission>
Permissions to grant to principals.
resourceId This property is required. String
Resource ID.
resourceType This property is required. String
Resource type. The possible values are organization, organization_unit and project.
organizationId This property is required. string
Organization ID.
permissions This property is required. OrganizationPermissionPermission[]
Permissions to grant to principals.
resourceId This property is required. string
Resource ID.
resourceType This property is required. string
Resource type. The possible values are organization, organization_unit and project.
organization_id This property is required. str
Organization ID.
permissions This property is required. Sequence[OrganizationPermissionPermissionArgs]
Permissions to grant to principals.
resource_id This property is required. str
Resource ID.
resource_type This property is required. str
Resource type. The possible values are organization, organization_unit and project.
organizationId This property is required. String
Organization ID.
permissions This property is required. List<Property Map>
Permissions to grant to principals.
resourceId This property is required. String
Resource ID.
resourceType This property is required. String
Resource type. The possible values are organization, organization_unit and project.

Outputs

All input properties are implicitly available as output properties. Additionally, the OrganizationPermission resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing OrganizationPermission Resource

Get an existing OrganizationPermission resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: OrganizationPermissionState, opts?: CustomResourceOptions): OrganizationPermission
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        organization_id: Optional[str] = None,
        permissions: Optional[Sequence[OrganizationPermissionPermissionArgs]] = None,
        resource_id: Optional[str] = None,
        resource_type: Optional[str] = None) -> OrganizationPermission
func GetOrganizationPermission(ctx *Context, name string, id IDInput, state *OrganizationPermissionState, opts ...ResourceOption) (*OrganizationPermission, error)
public static OrganizationPermission Get(string name, Input<string> id, OrganizationPermissionState? state, CustomResourceOptions? opts = null)
public static OrganizationPermission get(String name, Output<String> id, OrganizationPermissionState state, CustomResourceOptions options)
resources:  _:    type: aiven:OrganizationPermission    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
OrganizationId string
Organization ID.
Permissions List<OrganizationPermissionPermission>
Permissions to grant to principals.
ResourceId string
Resource ID.
ResourceType string
Resource type. The possible values are organization, organization_unit and project.
OrganizationId string
Organization ID.
Permissions []OrganizationPermissionPermissionArgs
Permissions to grant to principals.
ResourceId string
Resource ID.
ResourceType string
Resource type. The possible values are organization, organization_unit and project.
organizationId String
Organization ID.
permissions List<OrganizationPermissionPermission>
Permissions to grant to principals.
resourceId String
Resource ID.
resourceType String
Resource type. The possible values are organization, organization_unit and project.
organizationId string
Organization ID.
permissions OrganizationPermissionPermission[]
Permissions to grant to principals.
resourceId string
Resource ID.
resourceType string
Resource type. The possible values are organization, organization_unit and project.
organization_id str
Organization ID.
permissions Sequence[OrganizationPermissionPermissionArgs]
Permissions to grant to principals.
resource_id str
Resource ID.
resource_type str
Resource type. The possible values are organization, organization_unit and project.
organizationId String
Organization ID.
permissions List<Property Map>
Permissions to grant to principals.
resourceId String
Resource ID.
resourceType String
Resource type. The possible values are organization, organization_unit and project.

Supporting Types

OrganizationPermissionPermission
, OrganizationPermissionPermissionArgs

Permissions This property is required. List<string>
List of roles and permissions to grant. The possible values are admin, developer, operator, organization:app_users:write, organization:audit_logs:read, organization:billing:read, organization:billing:write, organization:domains:write, organization:groups:write, organization:idps:write, organization:networking:read, organization:networking:write, organization:projects:write, organization:users:write, project:audit_logs:read, project:integrations:read, project:integrations:write, project:networking:read, project:networking:write, project:permissions:read, project:services:read, project:services:write, read_only, role:organization:admin, role:services:maintenance, role:services:recover, service:configuration:write, service:data:write, service:logs:read, service:secrets:read and service:users:write.
PrincipalId This property is required. string
ID of the user or group to grant permissions to. Only active users who have accepted an invite to join the organization can be granted permissions.
PrincipalType This property is required. string
The type of principal. The possible values are user and user_group.
CreateTime string
Time created.
UpdateTime string
Time updated.
Permissions This property is required. []string
List of roles and permissions to grant. The possible values are admin, developer, operator, organization:app_users:write, organization:audit_logs:read, organization:billing:read, organization:billing:write, organization:domains:write, organization:groups:write, organization:idps:write, organization:networking:read, organization:networking:write, organization:projects:write, organization:users:write, project:audit_logs:read, project:integrations:read, project:integrations:write, project:networking:read, project:networking:write, project:permissions:read, project:services:read, project:services:write, read_only, role:organization:admin, role:services:maintenance, role:services:recover, service:configuration:write, service:data:write, service:logs:read, service:secrets:read and service:users:write.
PrincipalId This property is required. string
ID of the user or group to grant permissions to. Only active users who have accepted an invite to join the organization can be granted permissions.
PrincipalType This property is required. string
The type of principal. The possible values are user and user_group.
CreateTime string
Time created.
UpdateTime string
Time updated.
permissions This property is required. List<String>
List of roles and permissions to grant. The possible values are admin, developer, operator, organization:app_users:write, organization:audit_logs:read, organization:billing:read, organization:billing:write, organization:domains:write, organization:groups:write, organization:idps:write, organization:networking:read, organization:networking:write, organization:projects:write, organization:users:write, project:audit_logs:read, project:integrations:read, project:integrations:write, project:networking:read, project:networking:write, project:permissions:read, project:services:read, project:services:write, read_only, role:organization:admin, role:services:maintenance, role:services:recover, service:configuration:write, service:data:write, service:logs:read, service:secrets:read and service:users:write.
principalId This property is required. String
ID of the user or group to grant permissions to. Only active users who have accepted an invite to join the organization can be granted permissions.
principalType This property is required. String
The type of principal. The possible values are user and user_group.
createTime String
Time created.
updateTime String
Time updated.
permissions This property is required. string[]
List of roles and permissions to grant. The possible values are admin, developer, operator, organization:app_users:write, organization:audit_logs:read, organization:billing:read, organization:billing:write, organization:domains:write, organization:groups:write, organization:idps:write, organization:networking:read, organization:networking:write, organization:projects:write, organization:users:write, project:audit_logs:read, project:integrations:read, project:integrations:write, project:networking:read, project:networking:write, project:permissions:read, project:services:read, project:services:write, read_only, role:organization:admin, role:services:maintenance, role:services:recover, service:configuration:write, service:data:write, service:logs:read, service:secrets:read and service:users:write.
principalId This property is required. string
ID of the user or group to grant permissions to. Only active users who have accepted an invite to join the organization can be granted permissions.
principalType This property is required. string
The type of principal. The possible values are user and user_group.
createTime string
Time created.
updateTime string
Time updated.
permissions This property is required. Sequence[str]
List of roles and permissions to grant. The possible values are admin, developer, operator, organization:app_users:write, organization:audit_logs:read, organization:billing:read, organization:billing:write, organization:domains:write, organization:groups:write, organization:idps:write, organization:networking:read, organization:networking:write, organization:projects:write, organization:users:write, project:audit_logs:read, project:integrations:read, project:integrations:write, project:networking:read, project:networking:write, project:permissions:read, project:services:read, project:services:write, read_only, role:organization:admin, role:services:maintenance, role:services:recover, service:configuration:write, service:data:write, service:logs:read, service:secrets:read and service:users:write.
principal_id This property is required. str
ID of the user or group to grant permissions to. Only active users who have accepted an invite to join the organization can be granted permissions.
principal_type This property is required. str
The type of principal. The possible values are user and user_group.
create_time str
Time created.
update_time str
Time updated.
permissions This property is required. List<String>
List of roles and permissions to grant. The possible values are admin, developer, operator, organization:app_users:write, organization:audit_logs:read, organization:billing:read, organization:billing:write, organization:domains:write, organization:groups:write, organization:idps:write, organization:networking:read, organization:networking:write, organization:projects:write, organization:users:write, project:audit_logs:read, project:integrations:read, project:integrations:write, project:networking:read, project:networking:write, project:permissions:read, project:services:read, project:services:write, read_only, role:organization:admin, role:services:maintenance, role:services:recover, service:configuration:write, service:data:write, service:logs:read, service:secrets:read and service:users:write.
principalId This property is required. String
ID of the user or group to grant permissions to. Only active users who have accepted an invite to join the organization can be granted permissions.
principalType This property is required. String
The type of principal. The possible values are user and user_group.
createTime String
Time created.
updateTime String
Time updated.

Import

$ pulumi import aiven:index/organizationPermission:OrganizationPermission operator ORGANIZATION_ID/ID
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
Aiven pulumi/pulumi-aiven
License
Apache-2.0
Notes
This Pulumi package is based on the aiven Terraform Provider.
Aiven v6.37.0 published on Thursday, Apr 10, 2025 by Pulumi
pulumi/pulumi-aiven