| page_title | subcategory | description |
|---|---|---|
aiven_organization_permission Resource - terraform-provider-aiven |
Grants roles and permissions https://aiven.io/docs/platform/concepts/permissions
to a principal for a resource. Permissions can be granted at the organization, organizational unit, and project level.
Unit-level permissions aren't shown in the Aiven Console.
Do not use the aiven_project_user or aiven_organization_group_project resources with this resource. |
Grants roles and permissions to a principal for a resource. Permissions can be granted at the organization, organizational unit, and project level. Unit-level permissions aren't shown in the Aiven Console.
Do not use the aiven_project_user or aiven_organization_group_project resources with this resource.
# Grant access to a specific project
resource "aiven_organization_permission" "example_project_permissions" {
organization_id = data.aiven_organization.main.id
resource_id = data.aiven_project.example_project.id
resource_type = "project"
permissions {
# Grant a user the operator role and
# permission to read service logs
permissions = [
"operator",
"service:logs:read"
]
principal_id = "u123a456b7890c"
principal_type = "user"
}
# Grant a group the write project integrations
# permission and the developer role
permissions {
permissions = [
"project:integrations:write",
"developer"
]
principal_id = data.aiven_organization_user_group.example_group.group_id
principal_type = "user_group"
}
}
# Organization-level permissions
resource "aiven_organization_permission" "example_org_permissions" {
organization_id = data.aiven_organization.main.id
resource_id = data.aiven_organization.main.id
resource_type = "organization"
# Grant a user permission to manage application
# users and view all project audit logs
permissions {
permissions = [
"organization:app_users:write",
"project:audit_logs:read"
]
principal_id = "u123a456b7890c"
principal_type = "user"
}
# Grant a group permission to manage users,
# groups, domains, and identity providers
permissions {
permissions = [
"organization:users:write",
"organization:groups:write",
"organization:domains:write",
"organization:idps:write"
]
principal_id = aiven_organization_user_group.example_group.group_id
principal_type = "user_group"
}
}organization_id(String) Organization ID.permissions(Block Set, Min: 1) Permissions to grant to principals. (see below for nested schema)resource_id(String) Resource ID.resource_type(String) Resource type. The possible values areorganization,organization_unitandproject.
timeouts(Block, Optional) (see below for nested schema)
id(String) The ID of this resource.
Required:
permissions(Set of String) List of roles and permissions to grant. The possible values areadmin,developer,operator,organization:app_users:write,organization:audit_logs:read,organization:billing:read,organization:billing:write,organization:domains:write,organization:groups:write,organization:idps:write,organization:networking:read,organization:networking:write,organization:projects:write,organization:users:write,project:audit_logs:read,project:integrations:read,project:integrations:write,project:networking:read,project:networking:write,project:permissions:read,project:services:read,project:services:write,read_only,role:organization:admin,role:services:maintenance,role:services:recover,service:configuration:write,service:data:write,service:logs:read,service:secrets:readandservice:users:write.principal_id(String) ID of the user or group to grant permissions to. Only active users who have accepted an invite to join the organization can be granted permissions.principal_type(String) The type of principal. The possible values areuseranduser_group.
Read-Only:
create_time(String) Time created.update_time(String) Time updated.
Optional:
create(String)default(String)delete(String)read(String)update(String)
Import is supported using the following syntax:
terraform import aiven_organization_permission.operator ORGANIZATION_ID/ID