powerplatform_user (Resource)

This resource associates a user to a Power Platform environment. Additional Resources:

• Add users to an environment

• Overview of User Security

Example Usage

terraform {
  required_providers {
    powerplatform = {
      source = "microsoft/power-platform"
    }
    azuread = {
      source = "hashicorp/azuread"
    }
    random = {
      source = "hashicorp/random"
    }
  }
}

provider "powerplatform" {
  use_cli = true
}

provider "azuread" {
  use_cli = true
}

data "azuread_domains" "aad_domains" {
  only_initial = true
}

locals {
  domain_name = data.azuread_domains.aad_domains.domains[0].domain_name
}

resource "random_password" "passwords" {
  min_upper        = 1
  min_lower        = 1
  min_numeric      = 1
  min_special      = 1
  length           = 16
  special          = true
  override_special = "_%@"
}

resource "azuread_user" "test_user" {
  user_principal_name = "user_example@${local.domain_name}"
  display_name        = "user_example"
  mail_nickname       = "user_example"
  password            = random_password.passwords.result
  usage_location      = "US"
}

resource "powerplatform_environment" "dataverse_user_example" {
  display_name     = "user_example"
  location         = "europe"
  environment_type = "Sandbox"
  dataverse = {
    language_code     = "1033"
    currency_code     = "USD"
    security_group_id = "00000000-0000-0000-0000-000000000000"
  }
}

resource "powerplatform_user" "new_user" {
  environment_id = powerplatform_environment.dataverse_user_example.id
  security_roles = [
    "e0d2794e-82f3-e811-a951-000d3a1bcf17", // bot author
  ]
  aad_id         = azuread_user.test_user.id
  disable_delete = false
}

Schema

Required

• aad_id (String) Entra user object id
• environment_id (String) Unique environment id (guid)

Optional

• disable_delete (Boolean) Disable delete. When set to True is expects that (Disable Delte)[https://learn.microsoft.com/power-platform/admin/delete-users?WT.mc_id=ppac_inproduct_settings#soft-delete-users-in-power-platform] feature to be enabled.Removing resource will try to delete the systemuser from Dataverse. This is the default behaviour. If you just want to remove the resource and not delete the user from Dataverse, set this propertyto False
• security_roles (Set of String) Security roles Ids assigned to the user
• timeouts (Attributes) (see below for nested schema)

Read-Only

• business_unit_id (String) Id of the business unit to which the user belongs
• first_name (String) User first name
• id (String) Unique user id (guid)
• last_name (String) User last name
• user_principal_name (String) User principal name

Nested Schema for timeouts

Optional:

• create (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
• delete (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
• read (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
• update (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).