// Associate permissions to a role. Permissions for an organization
resource "highbond_role_permissions_assignment" "userorganization" {
role_id = highbond_role.main.id
force_updates = true // Create only with force update changes
permissions {
organization {
id = "1001020"
use_bulk_importer = false
manage_asset_types = false
manage_workflows = false
manage_roles = false
read_audit_trail = true
read_audit_trail_details = true
manage_compliance_regulation_locked_field_and_disclaimers = true
}
}
}
// Associate permissions to a role. Permissions for a single asset type
resource "highbond_role_permissions_assignment" "mai2n" {
role_id = highbond_role.user.id
permissions {
asset_type {
id = highbond_asset_type.main.id
create_asset = true
delete_asset = true
read_asset_section_0 = true
read_asset_section_1 = true
read_asset_section_2 = true
read_asset_section_3 = true
read_asset_section_4 = true
read_asset_section_5 = true
read_asset_section_6 = true
read_asset_section_7 = true
read_asset_section_8 = true
read_asset_section_9 = true
update_asset_section_0 = true
update_asset_section_1 = true
update_asset_section_2 = true
update_asset_section_3 = true
update_asset_section_4 = true
update_asset_section_5 = true
update_asset_section_6 = true
update_asset_section_7 = true
update_asset_section_8 = true
update_asset_section_9 = true
read_asset_section_10 = true
read_asset_section_11 = true
read_asset_section_12 = true
read_asset_section_13 = true
read_asset_section_14 = true
read_asset_section_15 = true
read_asset_section_16 = true
read_asset_section_17 = true
read_asset_section_18 = true
read_asset_section_19 = true
update_asset_section_10 = true
update_asset_section_11 = true
update_asset_section_12 = true
update_asset_section_13 = true
update_asset_section_14 = true
update_asset_section_15 = true
update_asset_section_16 = true
update_asset_section_17 = true
update_asset_section_18 = true
update_asset_section_19 = true
read_audit_trail = true
read_audit_trail_details = true
}
}
}
// Associate permissions to a role. Permissions for all asset_type. Can be used as *
resource "highbond_role_permissions_assignment" "assetall" {
role_id = highbond_role.user.id
permissions {
asset_type {
id = "*"
create_asset = true
delete_asset = true
read_asset_section_0 = true
read_asset_section_1 = true
read_asset_section_2 = true
read_asset_section_3 = true
read_asset_section_4 = true
read_asset_section_5 = true
read_asset_section_6 = true
read_asset_section_7 = true
read_asset_section_8 = true
read_asset_section_9 = true
update_asset_section_0 = true
update_asset_section_1 = true
update_asset_section_2 = true
update_asset_section_3 = true
update_asset_section_4 = true
update_asset_section_5 = true
update_asset_section_6 = true
update_asset_section_7 = true
update_asset_section_8 = true
update_asset_section_9 = true
read_asset_section_10 = true
read_asset_section_11 = true
read_asset_section_12 = true
read_asset_section_13 = true
read_asset_section_14 = true
read_asset_section_15 = true
read_asset_section_16 = true
read_asset_section_17 = true
read_asset_section_18 = true
read_asset_section_19 = true
update_asset_section_10 = true
update_asset_section_11 = true
update_asset_section_12 = true
update_asset_section_13 = true
update_asset_section_14 = true
update_asset_section_15 = true
update_asset_section_16 = true
update_asset_section_17 = true
update_asset_section_18 = true
update_asset_section_19 = true
read_audit_trail = true
read_audit_trail_details = true
}
}
}
// Roles with role_type user and asset_type id containing assettypeID and workflowStatusID
resource "highbond_role_permissions_assignment" "assettypeworkflowstatus" {
role_id = highbond_role.main.id
permissions {
asset_type {
id = format("%s%s%s", highbond_asset_type.main2.id, "$", highbond_workflow_status.main.id)
read_asset_section_0 = true
read_asset_section_1 = true
read_asset_section_2 = true
read_asset_section_3 = true
read_asset_section_4 = true
read_asset_section_5 = true
read_asset_section_6 = true
read_asset_section_7 = true
read_asset_section_8 = true
read_asset_section_9 = true
update_asset_section_0 = true
update_asset_section_1 = true
update_asset_section_2 = true
update_asset_section_3 = true
update_asset_section_4 = true
update_asset_section_5 = true
update_asset_section_6 = true
update_asset_section_7 = true
update_asset_section_8 = true
update_asset_section_9 = true
read_asset_section_10 = true
read_asset_section_11 = true
read_asset_section_12 = true
read_asset_section_13 = true
read_asset_section_14 = true
read_asset_section_15 = true
read_asset_section_16 = true
read_asset_section_17 = true
read_asset_section_18 = true
read_asset_section_19 = true
update_asset_section_10 = true
update_asset_section_11 = true
update_asset_section_12 = true
update_asset_section_13 = true
update_asset_section_14 = true
update_asset_section_15 = true
update_asset_section_16 = true
update_asset_section_17 = true
update_asset_section_18 = true
update_asset_section_19 = true
read_audit_trail = true
read_audit_trail_details = true
}
}
}
role_id (String) Unique identifier for the roleforce_updates (Boolean) Allows overriding top-level 'create_only' option.permissions (Block List) List of role permission information (see below for nested schema)id (String) The ID of this resource.role_type (String) Type of Role, defined on creation, cannot be updatedpermissionsOptional:
asset_type (Block List) Object with key of asset type ID and value of a permission mapping. Use key * to associate permissions with all asset types. Can only be on roleType of user (see below for nested schema)organization (Block List) Object with key of organization ID and value of permission mapping. Can only be on roleType of platform (see below for nested schema)permissions.asset_typeRequired:
id (String) The value of Asset Type IDOptional:
create_asset (Boolean) Create Asset Premissiondelete_asset (Boolean) Delete Asset Permissionread_asset_section_0 (Boolean) Read Asset Section 0 Permissionread_asset_section_1 (Boolean) Read Asset Section 1 Permissionread_asset_section_10 (Boolean) Read Asset Section 10 Permissionread_asset_section_11 (Boolean) Read Asset Section 11 Permissionread_asset_section_12 (Boolean) Read Asset Section 12 Permissionread_asset_section_13 (Boolean) Read Asset Section 13 Permissionread_asset_section_14 (Boolean) Read Asset Section 14 Permissionread_asset_section_15 (Boolean) Read Asset Section 15 Permissionread_asset_section_16 (Boolean) Read Asset Section 16 Permissionread_asset_section_17 (Boolean) Read Asset Section 17 Permissionread_asset_section_18 (Boolean) Read Asset Section 18 Permissionread_asset_section_19 (Boolean) Read Asset Section 19 Permissionread_asset_section_2 (Boolean) Read Asset Section 2 Permissionread_asset_section_3 (Boolean) Read Asset Section 3 Permissionread_asset_section_4 (Boolean) Read Asset Section 4 Permissionread_asset_section_5 (Boolean) Read Asset Section 5 Permissionread_asset_section_6 (Boolean) Read Asset Section 6 Permissionread_asset_section_7 (Boolean) Read Asset Section 7 Permissionread_asset_section_8 (Boolean) Read Asset Section 8 Permissionread_asset_section_9 (Boolean) Read Asset Section 9 Permissionread_audit_trail (Boolean) Read Audit Trail Permissionread_audit_trail_details (Boolean) Read Audit Trail Details Permissionupdate_asset_section_0 (Boolean) Update Asset Section 0 Permissionupdate_asset_section_1 (Boolean) Update Asset Section 1 Permissionupdate_asset_section_10 (Boolean) Update Asset Section 10 Permissionupdate_asset_section_11 (Boolean) Update Asset Section 11 Permissionupdate_asset_section_12 (Boolean) Update Asset Section 12 Permissionupdate_asset_section_13 (Boolean) Update Asset Section 13 Permissionupdate_asset_section_14 (Boolean) Update Asset Section 14 Permissionupdate_asset_section_15 (Boolean) Update Asset Section 15 Permissionupdate_asset_section_16 (Boolean) Update Asset Section 16 Permissionupdate_asset_section_17 (Boolean) Update Asset Section 17 Permissionupdate_asset_section_18 (Boolean) Update Asset Section 18 Permissionupdate_asset_section_19 (Boolean) Update Asset Section 19 Permissionupdate_asset_section_2 (Boolean) Update Asset Section 2 Permissionupdate_asset_section_3 (Boolean) Update Asset Section 3 Permissionupdate_asset_section_4 (Boolean) Update Asset Section 4 Permissionupdate_asset_section_5 (Boolean) Update Asset Section 5 Permissionupdate_asset_section_6 (Boolean) Update Asset Section 6 Permissionupdate_asset_section_7 (Boolean) Update Asset Section 7 Permissionupdate_asset_section_8 (Boolean) Update Asset Section 8 Permissionupdate_asset_section_9 (Boolean) Update Asset Section 9 Permissionpermissions.organizationRequired:
id (String) The ID of the organizationOptional:
manage_asset_types (Boolean) Manage Asset Types Permissionmanage_compliance_regulation_locked_field_and_disclaimers (Boolean) Manage Compliance Regulation Locked Field and Disclaimers Permissionmanage_roles (Boolean) Manage roles Permissionmanage_workflows (Boolean) Manage Workflows Permissionread_audit_trail (Boolean) Read Audit Trail Permissionread_audit_trail_details (Boolean) Read Audit Trail Details Permissionuse_bulk_importer (Boolean) Use Bulk Importer Permission