Docs Home
cyral 4.16.3 published on Monday, Apr 14, 2025 by cyralinc
cyral.Role
Explore with Pulumi AI
Manages roles for Cyral control plane users. See also: Role SSO Groups.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as cyral from "@pulumi/cyral";
//## Role with Custom Permissions Configuration
const someResourceName = new cyral.Role("someResourceName", {permissions: {
approvalManagement: false,
modifyIntegrations: false,
modifyPolicies: true,
modifyRoles: false,
modifySidecarsAndRepositories: true,
modifyUsers: true,
repoCrawler: false,
viewAuditLogs: false,
viewDatamaps: false,
}});
import pulumi
import pulumi_cyral as cyral
### Role with Custom Permissions Configuration
some_resource_name = cyral.Role("someResourceName", permissions={
"approval_management": False,
"modify_integrations": False,
"modify_policies": True,
"modify_roles": False,
"modify_sidecars_and_repositories": True,
"modify_users": True,
"repo_crawler": False,
"view_audit_logs": False,
"view_datamaps": False,
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/cyral/v4/cyral"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// ## Role with Custom Permissions Configuration
_, err := cyral.NewRole(ctx, "someResourceName", &cyral.RoleArgs{
Permissions: &cyral.RolePermissionsArgs{
ApprovalManagement: pulumi.Bool(false),
ModifyIntegrations: pulumi.Bool(false),
ModifyPolicies: pulumi.Bool(true),
ModifyRoles: pulumi.Bool(false),
ModifySidecarsAndRepositories: pulumi.Bool(true),
ModifyUsers: pulumi.Bool(true),
RepoCrawler: pulumi.Bool(false),
ViewAuditLogs: pulumi.Bool(false),
ViewDatamaps: pulumi.Bool(false),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cyral = Pulumi.Cyral;
return await Deployment.RunAsync(() =>
{
//## Role with Custom Permissions Configuration
var someResourceName = new Cyral.Role("someResourceName", new()
{
Permissions = new Cyral.Inputs.RolePermissionsArgs
{
ApprovalManagement = false,
ModifyIntegrations = false,
ModifyPolicies = true,
ModifyRoles = false,
ModifySidecarsAndRepositories = true,
ModifyUsers = true,
RepoCrawler = false,
ViewAuditLogs = false,
ViewDatamaps = false,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cyral.Role;
import com.pulumi.cyral.RoleArgs;
import com.pulumi.cyral.inputs.RolePermissionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
//## Role with Custom Permissions Configuration
var someResourceName = new Role("someResourceName", RoleArgs.builder()
.permissions(RolePermissionsArgs.builder()
.approvalManagement(false)
.modifyIntegrations(false)
.modifyPolicies(true)
.modifyRoles(false)
.modifySidecarsAndRepositories(true)
.modifyUsers(true)
.repoCrawler(false)
.viewAuditLogs(false)
.viewDatamaps(false)
.build())
.build());
}
}
resources:
## Role with Custom Permissions Configuration
someResourceName:
type: cyral:Role
properties:
permissions:
approvalManagement: false
modifyIntegrations: false
modifyPolicies: true
modifyRoles: false
modifySidecarsAndRepositories: true
modifyUsers: true
repoCrawler: false
viewAuditLogs: false
viewDatamaps: false
Create Role Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Role(name: string, args?: RoleArgs, opts?: CustomResourceOptions);@overload
def Role(resource_name: str,
args: Optional[RoleArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Role(resource_name: str,
opts: Optional[ResourceOptions] = None,
name: Optional[str] = None,
permissions: Optional[RolePermissionsArgs] = None)func NewRole(ctx *Context, name string, args *RoleArgs, opts ...ResourceOption) (*Role, error)public Role(string name, RoleArgs? args = null, CustomResourceOptions? opts = null)type: cyral:Role
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. RoleArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var roleResource = new Cyral.Role("roleResource", new()
{
Name = "string",
Permissions = new Cyral.Inputs.RolePermissionsArgs
{
ApprovalManagement = false,
ModifyIntegrations = false,
ModifyPolicies = false,
ModifyRoles = false,
ModifySidecarsAndRepositories = false,
ModifyUsers = false,
RepoCrawler = false,
ViewAuditLogs = false,
ViewDatamaps = false,
ViewIntegrations = false,
ViewPolicies = false,
ViewRoles = false,
ViewUsers = false,
},
});
example, err := cyral.NewRole(ctx, "roleResource", &cyral.RoleArgs{
Name: pulumi.String("string"),
Permissions: &cyral.RolePermissionsArgs{
ApprovalManagement: pulumi.Bool(false),
ModifyIntegrations: pulumi.Bool(false),
ModifyPolicies: pulumi.Bool(false),
ModifyRoles: pulumi.Bool(false),
ModifySidecarsAndRepositories: pulumi.Bool(false),
ModifyUsers: pulumi.Bool(false),
RepoCrawler: pulumi.Bool(false),
ViewAuditLogs: pulumi.Bool(false),
ViewDatamaps: pulumi.Bool(false),
ViewIntegrations: pulumi.Bool(false),
ViewPolicies: pulumi.Bool(false),
ViewRoles: pulumi.Bool(false),
ViewUsers: pulumi.Bool(false),
},
})
var roleResource = new Role("roleResource", RoleArgs.builder()
.name("string")
.permissions(RolePermissionsArgs.builder()
.approvalManagement(false)
.modifyIntegrations(false)
.modifyPolicies(false)
.modifyRoles(false)
.modifySidecarsAndRepositories(false)
.modifyUsers(false)
.repoCrawler(false)
.viewAuditLogs(false)
.viewDatamaps(false)
.viewIntegrations(false)
.viewPolicies(false)
.viewRoles(false)
.viewUsers(false)
.build())
.build());
role_resource = cyral.Role("roleResource",
name="string",
permissions={
"approval_management": False,
"modify_integrations": False,
"modify_policies": False,
"modify_roles": False,
"modify_sidecars_and_repositories": False,
"modify_users": False,
"repo_crawler": False,
"view_audit_logs": False,
"view_datamaps": False,
"view_integrations": False,
"view_policies": False,
"view_roles": False,
"view_users": False,
})
const roleResource = new cyral.Role("roleResource", {
name: "string",
permissions: {
approvalManagement: false,
modifyIntegrations: false,
modifyPolicies: false,
modifyRoles: false,
modifySidecarsAndRepositories: false,
modifyUsers: false,
repoCrawler: false,
viewAuditLogs: false,
viewDatamaps: false,
viewIntegrations: false,
viewPolicies: false,
viewRoles: false,
viewUsers: false,
},
});
type: cyral:Role
properties:
name: string
permissions:
approvalManagement: false
modifyIntegrations: false
modifyPolicies: false
modifyRoles: false
modifySidecarsAndRepositories: false
modifyUsers: false
repoCrawler: false
viewAuditLogs: false
viewDatamaps: false
viewIntegrations: false
viewPolicies: false
viewRoles: false
viewUsers: false
Role Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Role resource accepts the following input properties:
- Name string
- The name of the role.
- Permissions
Role
Permissions - A block responsible for configuring the role permissions.
- Name string
- The name of the role.
- Permissions
Role
Permissions Args - A block responsible for configuring the role permissions.
- name String
- The name of the role.
- permissions
Role
Permissions - A block responsible for configuring the role permissions.
- name string
- The name of the role.
- permissions
Role
Permissions - A block responsible for configuring the role permissions.
- name str
- The name of the role.
- permissions
Role
Permissions Args - A block responsible for configuring the role permissions.
- name String
- The name of the role.
- permissions Property Map
- A block responsible for configuring the role permissions.
Outputs
All input properties are implicitly available as output properties. Additionally, the Role resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Role Resource
Get an existing Role resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RoleState, opts?: CustomResourceOptions): Role@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
name: Optional[str] = None,
permissions: Optional[RolePermissionsArgs] = None) -> Rolefunc GetRole(ctx *Context, name string, id IDInput, state *RoleState, opts ...ResourceOption) (*Role, error)public static Role Get(string name, Input<string> id, RoleState? state, CustomResourceOptions? opts = null)public static Role get(String name, Output<String> id, RoleState state, CustomResourceOptions options)resources: _: type: cyral:Role get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Name string
- The name of the role.
- Permissions
Role
Permissions - A block responsible for configuring the role permissions.
- Name string
- The name of the role.
- Permissions
Role
Permissions Args - A block responsible for configuring the role permissions.
- name String
- The name of the role.
- permissions
Role
Permissions - A block responsible for configuring the role permissions.
- name string
- The name of the role.
- permissions
Role
Permissions - A block responsible for configuring the role permissions.
- name str
- The name of the role.
- permissions
Role
Permissions Args - A block responsible for configuring the role permissions.
- name String
- The name of the role.
- permissions Property Map
- A block responsible for configuring the role permissions.
Supporting Types
RolePermissions, RolePermissionsArgs
, RolePermissionsArgs
- Approval
Management bool - Allows approving or denying approval requests on Cyral Control Plane. Defaults to
false. - Modify
Integrations bool - Allows modifying integrations on Cyral Control Plane. Defaults to
false. - Modify
Policies bool - Allows modifying policies on Cyral Control Plane. Defaults to
false. - Modify
Roles bool - Allows modifying roles on Cyral Control Plane. Defaults to
false. - Modify
Sidecars boolAnd Repositories - Allows modifying sidecars and repositories on Cyral Control Plane. Defaults to
false. - Modify
Users bool - Allows modifying users on Cyral Control Plane. Defaults to
false. - Repo
Crawler bool - Allows running the Cyral repo crawler data classifier and user discovery. Defaults to
false. - View
Audit boolLogs - Allows viewing audit logs on Cyral Control Plane. Defaults to
false. - View
Datamaps bool - Allows viewing datamaps on Cyral Control Plane. Defaults to
false. - View
Integrations bool - Allows viewing integrations on Cyral Control Plane. Defaults to
false. - View
Policies bool - Allows viewing policies on Cyral Control Plane. Defaults to
false. - View
Roles bool - Allows viewing roles on Cyral Control Plane. Defaults to
false. - View
Users bool - Allows viewing users on Cyral Control Plane. Defaults to
false.
- Approval
Management bool - Allows approving or denying approval requests on Cyral Control Plane. Defaults to
false. - Modify
Integrations bool - Allows modifying integrations on Cyral Control Plane. Defaults to
false. - Modify
Policies bool - Allows modifying policies on Cyral Control Plane. Defaults to
false. - Modify
Roles bool - Allows modifying roles on Cyral Control Plane. Defaults to
false. - Modify
Sidecars boolAnd Repositories - Allows modifying sidecars and repositories on Cyral Control Plane. Defaults to
false. - Modify
Users bool - Allows modifying users on Cyral Control Plane. Defaults to
false. - Repo
Crawler bool - Allows running the Cyral repo crawler data classifier and user discovery. Defaults to
false. - View
Audit boolLogs - Allows viewing audit logs on Cyral Control Plane. Defaults to
false. - View
Datamaps bool - Allows viewing datamaps on Cyral Control Plane. Defaults to
false. - View
Integrations bool - Allows viewing integrations on Cyral Control Plane. Defaults to
false. - View
Policies bool - Allows viewing policies on Cyral Control Plane. Defaults to
false. - View
Roles bool - Allows viewing roles on Cyral Control Plane. Defaults to
false. - View
Users bool - Allows viewing users on Cyral Control Plane. Defaults to
false.
- approval
Management Boolean - Allows approving or denying approval requests on Cyral Control Plane. Defaults to
false. - modify
Integrations Boolean - Allows modifying integrations on Cyral Control Plane. Defaults to
false. - modify
Policies Boolean - Allows modifying policies on Cyral Control Plane. Defaults to
false. - modify
Roles Boolean - Allows modifying roles on Cyral Control Plane. Defaults to
false. - modify
Sidecars BooleanAnd Repositories - Allows modifying sidecars and repositories on Cyral Control Plane. Defaults to
false. - modify
Users Boolean - Allows modifying users on Cyral Control Plane. Defaults to
false. - repo
Crawler Boolean - Allows running the Cyral repo crawler data classifier and user discovery. Defaults to
false. - view
Audit BooleanLogs - Allows viewing audit logs on Cyral Control Plane. Defaults to
false. - view
Datamaps Boolean - Allows viewing datamaps on Cyral Control Plane. Defaults to
false. - view
Integrations Boolean - Allows viewing integrations on Cyral Control Plane. Defaults to
false. - view
Policies Boolean - Allows viewing policies on Cyral Control Plane. Defaults to
false. - view
Roles Boolean - Allows viewing roles on Cyral Control Plane. Defaults to
false. - view
Users Boolean - Allows viewing users on Cyral Control Plane. Defaults to
false.
- approval
Management boolean - Allows approving or denying approval requests on Cyral Control Plane. Defaults to
false. - modify
Integrations boolean - Allows modifying integrations on Cyral Control Plane. Defaults to
false. - modify
Policies boolean - Allows modifying policies on Cyral Control Plane. Defaults to
false. - modify
Roles boolean - Allows modifying roles on Cyral Control Plane. Defaults to
false. - modify
Sidecars booleanAnd Repositories - Allows modifying sidecars and repositories on Cyral Control Plane. Defaults to
false. - modify
Users boolean - Allows modifying users on Cyral Control Plane. Defaults to
false. - repo
Crawler boolean - Allows running the Cyral repo crawler data classifier and user discovery. Defaults to
false. - view
Audit booleanLogs - Allows viewing audit logs on Cyral Control Plane. Defaults to
false. - view
Datamaps boolean - Allows viewing datamaps on Cyral Control Plane. Defaults to
false. - view
Integrations boolean - Allows viewing integrations on Cyral Control Plane. Defaults to
false. - view
Policies boolean - Allows viewing policies on Cyral Control Plane. Defaults to
false. - view
Roles boolean - Allows viewing roles on Cyral Control Plane. Defaults to
false. - view
Users boolean - Allows viewing users on Cyral Control Plane. Defaults to
false.
- approval_
management bool - Allows approving or denying approval requests on Cyral Control Plane. Defaults to
false. - modify_
integrations bool - Allows modifying integrations on Cyral Control Plane. Defaults to
false. - modify_
policies bool - Allows modifying policies on Cyral Control Plane. Defaults to
false. - modify_
roles bool - Allows modifying roles on Cyral Control Plane. Defaults to
false. - modify_
sidecars_ booland_ repositories - Allows modifying sidecars and repositories on Cyral Control Plane. Defaults to
false. - modify_
users bool - Allows modifying users on Cyral Control Plane. Defaults to
false. - repo_
crawler bool - Allows running the Cyral repo crawler data classifier and user discovery. Defaults to
false. - view_
audit_ boollogs - Allows viewing audit logs on Cyral Control Plane. Defaults to
false. - view_
datamaps bool - Allows viewing datamaps on Cyral Control Plane. Defaults to
false. - view_
integrations bool - Allows viewing integrations on Cyral Control Plane. Defaults to
false. - view_
policies bool - Allows viewing policies on Cyral Control Plane. Defaults to
false. - view_
roles bool - Allows viewing roles on Cyral Control Plane. Defaults to
false. - view_
users bool - Allows viewing users on Cyral Control Plane. Defaults to
false.
- approval
Management Boolean - Allows approving or denying approval requests on Cyral Control Plane. Defaults to
false. - modify
Integrations Boolean - Allows modifying integrations on Cyral Control Plane. Defaults to
false. - modify
Policies Boolean - Allows modifying policies on Cyral Control Plane. Defaults to
false. - modify
Roles Boolean - Allows modifying roles on Cyral Control Plane. Defaults to
false. - modify
Sidecars BooleanAnd Repositories - Allows modifying sidecars and repositories on Cyral Control Plane. Defaults to
false. - modify
Users Boolean - Allows modifying users on Cyral Control Plane. Defaults to
false. - repo
Crawler Boolean - Allows running the Cyral repo crawler data classifier and user discovery. Defaults to
false. - view
Audit BooleanLogs - Allows viewing audit logs on Cyral Control Plane. Defaults to
false. - view
Datamaps Boolean - Allows viewing datamaps on Cyral Control Plane. Defaults to
false. - view
Integrations Boolean - Allows viewing integrations on Cyral Control Plane. Defaults to
false. - view
Policies Boolean - Allows viewing policies on Cyral Control Plane. Defaults to
false. - view
Roles Boolean - Allows viewing roles on Cyral Control Plane. Defaults to
false. - view
Users Boolean - Allows viewing users on Cyral Control Plane. Defaults to
false.
Package Details
- Repository
- cyral cyralinc/terraform-provider-cyral
- License
- Notes
- This Pulumi package is based on the
cyralTerraform Provider.