Add option to configure azuread_privileged_access_group_role

[tehho]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

When creating a azuread_privileged_access_group_eligibility_schedule there is no option to modify the "Activation maximum duration (hours)" of the role. Suggesting adding a new resource that modifies the role as specified.

New or Affected Resource(s)

• azuread_privileged_access_group_eligibility_schedule
• azuread_privileged_access_group_role (new resource suggestion)

Potential Terraform Configuration

data "azuread_group" "this" {
  display_name = "<your-group-name>"
}

resource "azuread_group" "this" {
  display_name     = replace("PIM-${data.azuread_group.this.name}", " ", "-")
  description      = "PIM example for ${data.azuread_group.this.display_name}"
  security_enabled = true
}

resource "azuread_privileged_access_group_role" "member" {
  display_name = "member"
  max_duration = "PT1H"
  # follow entra id specification for parameters
}

resource "azuread_privileged_access_group_eligibility_schedule" "this" {
  group_id             = azuread_group.this.id
  principal_id         = data.azuread_group.this.id
  assignment_type      = azuread_privileged_access_group_role.member.display_name
  permanent_assignment = true
  justification        = "as requested"
}

References

• 0000

[tehho]

I think it is azuread_group_role_management_policy that I'm asking for. Silly me not knowing ms graph totally structured resource definitions