| page_title | dbtcloud_group Resource - dbtcloud |
|---|---|
| subcategory | |
| description | Provide a complete set of permissions for a group. This is different from dbt_cloud_partial_group_permissions. With this resource type only one resource can be used to manage the permissions for a given group. |
The mapping of permission names from the docs to the permissions to set in Terraform is the following:
| Permission name......... | Permission code |
|---|---|
| Account Admin | account_admin |
| Account Viewer | account_viewer |
| Admin | admin |
| Analyst | analyst |
| Billing Admin | billing_admin |
| Cost Management viewer | cost_management_viewer |
| Cost Management admin | cost_management_admin |
| Database Admin | database_admin |
| Developer | developer |
| Fusion Admin | fusion_admin |
| Git Admin | git_admin |
| Job Admin | job_admin |
| Job Runner | job_runner |
| Job Viewer | job_viewer |
| Manage marketplace apps | manage_marketplace_apps |
| Member | member |
| Metadata Only | metadata_only |
| Owner | owner |
| Project Creator | project_creator |
| Read-Only | readonly |
| Security Admin | security_admin |
| Semantic Layer Only | semantic_layer_only |
| Stakeholder | stakeholder |
| Team Admin | team_admin |
| Webhooks Only | webhooks_only |
Provide a complete set of permissions for a group. This is different from dbt_cloud_partial_group_permissions.
With this resource type only one resource can be used to manage the permissions for a given group.
resource "dbtcloud_group" "tf_group_1" {
name = "TF Group 1"
group_permissions {
permission_set = "member"
all_projects = true
}
group_permissions {
permission_set = "developer"
all_projects = false
project_id = dbtcloud_project.dbt_project.id
writable_environment_categories = ["development", "staging"]
}
}name(String) The name of the group. This is used to identify an existing group
assign_by_default(Boolean) Whether the group will be assigned by default to users. The value needs to be the same for all partial permissions for the same group.group_permissions(Block Set) Partial permissions for the group. Those permissions will be added/removed when config is added/removed. (see below for nested schema)resource_metadata(Dynamic) Metadata for tracking resource identity during account migrations. Stored in Terraform state only and not sent to the API.sso_mapping_groups(Set of String) Mapping groups from the IdP. At the moment the complete list needs to be provided in each partial permission for the same group.
id(Number) The ID of the group
Required:
all_projects(Boolean) Whether access should be provided for all projects or not.permission_set(String) Set of permissions to apply. The permissions allowed are the same as the ones for thedbtcloud_groupresource.
Optional:
project_id(Number) Project ID to apply this permission to for this group.writable_environment_categories(Set of String) What types of environments to apply Write permissions to. Even if Write access is restricted to some environment types, the permission set will have Read access to all environments. The values allowed areall,development,staging,productionandother. Not setting a value is the same as selectingall. Not all permission sets support environment level write settings, onlyanalyst,database_admin,developer,git_adminandteam_admin.
Import is supported using the following syntax:
# using import blocks (requires Terraform >= 1.5)
import {
to = dbtcloud_group.my_group
id = "group_id"
}
import {
to = dbtcloud_group.my_group
id = "12345"
}
# using the older import command
terraform import dbtcloud_group.my_group "group_id"
terraform import dbtcloud_group.my_group 12345