| page_title | dbtcloud_group Resource - dbtcloud |
|---|---|
| subcategory | |
| description | Provide a complete set of permissions for a group. This is different from dbtcloud_group_partial_permissions. With this resource type only one resource can be used to manage the permissions for a given group. |
The mapping of permission names from the docs to the permissions to set in Terraform is the following:
| Permission name......... | Permission code |
|---|---|
| Account Admin | account_admin |
| Account Viewer | account_viewer |
| Admin | admin |
| Analyst | analyst |
| Billing Admin | billing_admin |
| Cost Management viewer | cost_management_viewer |
| Cost Management admin | cost_management_admin |
| Database Admin | database_admin |
| Developer | developer |
| Fusion Admin | fusion_admin |
| Git Admin | git_admin |
| Job Admin | job_admin |
| Job Runner | job_runner |
| Job Viewer | job_viewer |
| Manage marketplace apps | manage_marketplace_apps |
| Member | member |
| Metadata Only | metadata_only |
| Notification Manager | notification_manager |
| Owner | owner |
| Project Creator | project_creator |
| Read-Only | readonly |
| Security Admin | security_admin |
| Semantic Layer Only | semantic_layer_only |
| Stakeholder | stakeholder |
| Team Admin | team_admin |
| Webhooks Only | webhooks_only |
Provide a complete set of permissions for a group. This is different from dbtcloud_group_partial_permissions.
With this resource type only one resource can be used to manage the permissions for a given group.
resource "dbtcloud_group" "tf_group_1" {
name = "TF Group 1"
group_permissions {
permission_set = "member"
all_projects = true
}
group_permissions {
permission_set = "developer"
all_projects = false
project_id = dbtcloud_project.dbt_project.id
writable_environment_categories = ["development", "staging"]
}
}name(String) The name of the group. This is used to identify an existing group
assign_by_default(Boolean) Whether the group will be assigned by default to users. The value needs to be the same for all partial permissions for the same group.group_permissions(Block Set) The complete set of permissions to apply to the group. Each block defines one permission set; remove or modify blocks to adjust the group's permissions. (see below for nested schema)sso_mapping_groups(Set of String) Mapping groups from the IdP. At the moment the complete list needs to be provided in each partial permission for the same group.
id(Number) The ID of the group
Required:
all_projects(Boolean) Whether access should be provided for all projects or not.permission_set(String) The permission set to apply (e.g.developer,analyst,account_admin). See the table at the top of this page for the full list of permission codes.
Optional:
project_id(Number) Project ID to apply this permission to for this group.writable_environment_categories(Set of String) What types of environments to apply Write permissions to. Even if Write access is restricted to some environment types, the permission set will have Read access to all environments. The values allowed areall,development,staging,productionandother. Not setting a value (or setting an empty list) means the permission set has no Write access to any environment — only Read access. To grant Write access to all environments, set this to["all"]. Not all permission sets support environment level write settings, onlyanalyst,database_admin,developer,git_adminandteam_admin.
Import is supported using the following syntax:
# using import blocks (requires Terraform >= 1.5)
import {
to = dbtcloud_group.my_group
id = "group_id"
}
import {
to = dbtcloud_group.my_group
id = "12345"
}
# using the older import command
terraform import dbtcloud_group.my_group "group_id"
terraform import dbtcloud_group.my_group 12345