You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using the azapi to deploy this using "Microsoft.Authorization/roleEligibilityScheduleRequests@2022-04-01-preview" does not resolve the issue due to #22513 that throws an error 400 when redeploying an existing PIM assignment. Furthermore, the API does not support destroy function to remove the assignment through code.
Is there an existing issue for this?
Community Note
Description
I would like to add conditions to my PIM assignment as in https://learn.microsoft.com/en-us/azure/templates/microsoft.authorization/roleeligibilityschedulerequests?pivots=deployment-language-terraform
to restrict certain permissions, e.g. allow access management for high privileged roles.
This feature is currently not supported in
azurerm_pim_eligible_role_assignment
version 3.97.1.Also added as request/note here #23458 (comment)
Using the azapi to deploy this using "Microsoft.Authorization/roleEligibilityScheduleRequests@2022-04-01-preview" does not resolve the issue due to #22513 that throws an error 400 when redeploying an existing PIM assignment. Furthermore, the API does not support destroy function to remove the assignment through code.
New or Affected Resource(s)/Data Source(s)
azurerm_pim_eligible_role_assignment
Potential Terraform Configuration
References
No response
The text was updated successfully, but these errors were encountered: