import * as pulumi from "@pulumi/pulumi";
/**
 * Builds an `OrganizationRole.permissions` descriptor that grants the supplied scopes globally — i.e. on every entity of the matching resource type. This is the simplest descriptor: a flat `PermissionDescriptorAllow`. Use this helper instead of hand-authoring the descriptor literal so the wire-format `__type` discriminator stays an implementation detail. For grants scoped to a specific entity, see `buildEnvironmentScopedPermissions`, `buildStackScopedPermissions`, or `buildInsightsAccountScopedPermissions`. The result is directly assignable to `OrganizationRole.permissions`. To grant scopes on more than one entity in a single role, hand-roll a `PermissionDescriptorGroup` whose `entries` list pulls the output of each helper.
 */
export declare function buildAllowPermissions(args: BuildAllowPermissionsArgs, opts?: pulumi.InvokeOptions): Promise<BuildAllowPermissionsResult>;
export interface BuildAllowPermissionsArgs {
    /**
     * The set of scopes to grant globally (e.g. `stack:read`, `environment:open`, `organization:billingManager`). Discover valid scope names via the `getOrganizationRoleScopes` data source.
     */
    permissions: string[];
}
export interface BuildAllowPermissionsResult {
    /**
     * A `PermissionDescriptorAllow` granting the supplied scopes on every entity of the matching resource type, ready to assign to `OrganizationRole.permissions`.
     */
    readonly permissions: {
        [key: string]: any;
    };
}
/**
 * Builds an `OrganizationRole.permissions` descriptor that grants the supplied scopes globally — i.e. on every entity of the matching resource type. This is the simplest descriptor: a flat `PermissionDescriptorAllow`. Use this helper instead of hand-authoring the descriptor literal so the wire-format `__type` discriminator stays an implementation detail. For grants scoped to a specific entity, see `buildEnvironmentScopedPermissions`, `buildStackScopedPermissions`, or `buildInsightsAccountScopedPermissions`. The result is directly assignable to `OrganizationRole.permissions`. To grant scopes on more than one entity in a single role, hand-roll a `PermissionDescriptorGroup` whose `entries` list pulls the output of each helper.
 */
export declare function buildAllowPermissionsOutput(args: BuildAllowPermissionsOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<BuildAllowPermissionsResult>;
export interface BuildAllowPermissionsOutputArgs {
    /**
     * The set of scopes to grant globally (e.g. `stack:read`, `environment:open`, `organization:billingManager`). Discover valid scope names via the `getOrganizationRoleScopes` data source.
     */
    permissions: pulumi.Input<pulumi.Input<string>[]>;
}
//# sourceMappingURL=buildAllowPermissions.d.ts.map