Role Assignment Schedule Instance

Role Assignment Schedule Instance in Azure represents a specific occurrence of a role assignment that is governed by Privileged Identity Management (PIM). It defines when and how a role is active for a user or principal, including start and end times, scope, and eligibility. This resource helps manage just-in-time access and enforces least privilege by ensuring roles are only active when needed.

azure.authorization_role_assignment_schedule_instance

Fields

TitleIDTypeData TypeDescription
_keycorestring
assignment_typecorestringAssignment type of the role assignment schedule
conditioncorestringThe conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
condition_versioncorestringVersion of the condition. Currently accepted value is '2.0'
created_oncorestringDateTime when role assignment schedule was created
end_date_timecorestringThe endDateTime of the role assignment schedule instance
expanded_propertiescorejsonAdditional properties of principal, scope and role definition
idcorestringThe role assignment schedule instance ID.
linked_role_eligibility_schedule_idcorestringroleEligibilityScheduleId used to activate
linked_role_eligibility_schedule_instance_idcorestringroleEligibilityScheduleInstanceId linked to this roleAssignmentScheduleInstance
member_typecorestringMembership type of the role assignment schedule
namecorestringThe role assignment schedule instance name.
origin_role_assignment_idcorestringRole Assignment Id in external system
principal_idcorestringThe principal ID.
principal_typecorestringThe principal type of the assigned principal ID.
resource_groupcorestring
role_assignment_schedule_idcorestringId of the master role assignment schedule
role_definition_idcorestringThe role definition ID.
scopecorestringThe role assignment schedule scope.
start_date_timecorestringThe startDateTime of the role assignment schedule instance
statuscorestringThe status of the role assignment schedule instance.
subscription_idcorestring
subscription_namecorestring
tagscorehstore
typecorestringThe role assignment schedule instance type.