Role Eligibility Schedule Instance

A Role Eligibility Schedule Instance in Azure represents a specific assignment that makes a user or service principal eligible to activate a privileged role within Azure Active Directory. It is part of Privileged Identity Management (PIM) and defines when and how a user can become active in a role, including start and end times. This resource helps enforce just-in-time access, reducing standing privileges and improving security by ensuring elevated permissions are only available when needed.

azure.authorization_role_eligibility_schedule_instance

Fields

TitleIDTypeData TypeDescription
_keycorestring
conditioncorestringThe conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'
condition_versioncorestringVersion of the condition. Currently accepted value is '2.0'
created_oncorestringDateTime when role eligibility schedule was created
end_date_timecorestringThe endDateTime of the role eligibility schedule instance
expanded_propertiescorejsonAdditional properties of principal, scope and role definition
idcorestringThe role eligibility schedule instance ID.
member_typecorestringMembership type of the role eligibility schedule
namecorestringThe role eligibility schedule instance name.
principal_idcorestringThe principal ID.
principal_typecorestringThe principal type of the assigned principal ID.
resource_groupcorestring
role_definition_idcorestringThe role definition ID.
role_eligibility_schedule_idcorestringId of the master role eligibility schedule
scopecorestringThe role eligibility schedule scope.
start_date_timecorestringThe startDateTime of the role eligibility schedule instance
statuscorestringThe status of the role eligibility schedule instance
subscription_idcorestring
subscription_namecorestring
tagscorehstore
typecorestringThe role eligibility schedule instance type.