Manage azure role settings

[Keith-EMP]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Requesting the ability to manage azure role settings from terraform. The ability to set things such as "Activation maximum duration (hours)", "On activation, require", "Require justification on activation", etc from the roles settings page. This will help with modifying built-in or custom roles to match our policies and not have to manually edit each one in the console.

New or Affected Resource(s)

• azuread

[manicminer]

Thanks for requesting this @Keith-EMP. We already support assignment policies for entitlement management, is this what you're looking for?

[Keith-EMP]

I don't think thats it. I am talking about the role settings in azure ad (entra). the settings for activating PIM such as "On activation, require" or "Activation maximum duration (hours)" settings. I have been using graph api for this but would like terraform options as it's much cleaner and easier to manage. graph api partial URL for example: /policies/roleManagementPolicies/{id}/rules/Expiration_EndUser_Assignment

[drdamour]

think hashicorp/terraform-provider-azurerm#23295 is a proposal for this functionality

[manicminer]

Fixed by #1327

[bryansan-msft]

@manicminer This issue is requesting for policy settings for EntraID Roles. #1327 is for EntraId Groups and hashicorp/terraform-provider-azurerm#25900 is for Azure Roles.

This issue should be reopened as there is not a terraform resource to modify policy settings for EntraId Roles

[bryansan-msft]

Just opened #1390 as this one shouldnt have been closed