import * as pulumi from "@pulumi/pulumi"; /** * Creates a new custom role for an organization. Custom roles define fine-grained permission sets that can be assigned to organization members and teams, enabling precise access control beyond the built-in admin and member roles. Optionally, an associated policy and role binding can be created alongside the role. Role definitions are subject to two limits: a permission descriptor group may contain at most 500 entries (each directly-specified entity counts as one entry), and the total serialized size of the role definition may not exceed 1 MB. Exceeding either limit returns a 400 error. If you need to grant access to more than 500 individually listed resources, use tag-based (ABAC) rules instead. */ export declare class Role extends pulumi.CustomResource { /** * Get an existing Role resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, opts?: pulumi.CustomResourceOptions): Role; /** * Returns true if the given object is an instance of Role. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Role; /** * When the role was created. */ readonly created: pulumi.Output; /** * The identifier for default roles. Empty for custom roles. */ readonly defaultIdentifier: pulumi.Output; /** * A human-readable description of the permission descriptor. */ readonly description: pulumi.Output; /** * The detailed permission descriptor tree. */ readonly details: pulumi.Output; /** * Whether this role is the organization default. */ readonly isOrgDefault: pulumi.Output; /** * When the role was last modified. */ readonly modified: pulumi.Output; /** * The name of the permission descriptor. */ readonly name: pulumi.Output; /** * The ID of the organization this role belongs to. */ readonly orgId: pulumi.Output; /** * The resource type this permission descriptor applies to. */ readonly resourceType: pulumi.Output; /** * The unique identifier for this role. */ readonly roleID: pulumi.Output; /** * The UX purpose of this permission descriptor (e.g. role, policy, set). */ readonly uxPurpose: pulumi.Output; /** * The version of this role. */ readonly version: pulumi.Output; /** * Create a Role resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: RoleArgs, opts?: pulumi.CustomResourceOptions); } /** * The set of arguments for constructing a Role resource. */ export interface RoleArgs { /** * Also create an associated policy and role binding alongside the role */ createPolicyAndRole?: pulumi.Input; /** * A human-readable description of the permission descriptor. */ description?: pulumi.Input; /** * The detailed permission descriptor tree. */ details?: any | undefined; /** * The name of the permission descriptor. */ name?: pulumi.Input; /** * The organization name */ orgName: pulumi.Input; /** * The resource type this permission descriptor applies to. */ resourceType?: pulumi.Input; /** * The role identifier */ roleID?: pulumi.Input; /** * The UX purpose of this permission descriptor (e.g. role, policy, set). */ uxPurpose?: pulumi.Input; } //# sourceMappingURL=role.d.ts.map