# Reference for the teleport\_scoped\_role\_assignment Terraform resource

This page describes the supported values of the teleport\_scoped\_role\_assignment resource of the Teleport Terraform provider.

## Example Usage

```
# Teleport Scoped Role Assignment resource
#
# Assigns an existing scoped role to a user at a specific scope.
# The referenced scoped role must already exist.

# resource "teleport_scoped_role" "example" {
#   version = "v1"
#   metadata = {
#     name = "example-scoped-role"
#   }

#   scope = "/staging"

#   spec = {
#     assignable_scopes = ["/staging/aa"]
#     rules = [{
#       resources = ["scoped_token"]
#       verbs     = ["read", "list"]
#     }]
#   }
# }

resource "teleport_scoped_role_assignment" "example" {
  version = "v1"
  # sub_kind must be dynamic when creating scoped role assignments.
  sub_kind = "dynamic"
  metadata = {
    name = "test-scoped-role-assignment"
  }

  scope = "/staging"

  spec = {
    user = "will"
    assignments = [{
      role  = "example-scoped-role"
      scope = "/staging/aa"
    }]
  }
}

```

## Schema

### Required

- `metadata` (Attributes) Metadata contains the resource metadata. (see [below for nested schema](#nested-schema-for-metadata))
- `scope` (String) Scope is the scope of the role assignment resource.
- `spec` (Attributes) Spec is the role assignment specification. (see [below for nested schema](#nested-schema-for-spec))
- `sub_kind` (String) SubKind is the resource sub-kind.
- `version` (String) Version is the resource version.

### Nested Schema for `metadata`

Required:

- `name` (String) name is an object name.

Optional:

- `description` (String) description is object description.
- `expires` (String) expires is a global expiry time header can be set on any resource in the system.
- `labels` (Map of String) labels is a set of labels.

### Nested Schema for `spec`

Required:

- `assignments` (Attributes List) Assignments is a list of individual role @ scope assignments. (see [below for nested schema](#nested-schema-for-specassignments))

Optional:

- `bot_name` (String) Name of the Bot to whom all contained assignments apply. Mutually exclusive with `user`.
- `bot_scope` (String) Scope of the Bot to whom all contained assignments apply. Required if `bot_name` is set. If specified, assignment scopes must be equal or descendent of this scope.
- `user` (String) User is the user to whom all contained assignments apply. Mutually exclusive with `bot_name`.

### Nested Schema for `spec.assignments`

Optional:

- `role` (String) Roles is the name of the role that is assigned by this assignment.
- `scope` (String) Scope is the scope to which the role is assigned. This must be a member/child of the scope of the \[ScopedRoleAssignment] in which this assignment is contained.