[Required on Create] The type of the owner of the resource.

[Required on Create] The ID of the owner of the resource.

[Required on Create] Enum representing the permission boundary type.

• PREDEFINED: [Read-only] A predefined permission boundary. These permission boundaries are created by Wristband.
• CUSTOM: A custom permission boundary that was created by an end user.
• TENANT_INCLUSION_LIST: The boundary consists of all tenants in the resource list. (For multi-tenant apps only)
• TENANT_EXCLUSION_LIST: The boundary consists of all tenants under an application not specified in the resource list. (For multi-tenant apps only)

[Required on Create] The name of the permission boundary. Name must be unique (case-insensitive) within an application. Predefined boundary names are prefixed with predefined:. Non-predefined, application-level boundary names are prefixed with app:<app_domain_name>:name.

[Required on Create] The display name of the permission boundary.

The value of the role boundary. This value must be unique (case-insensitive) per application and adhere to the following constraints:

• Value is required when the type is either PREDEFINED OR CUSTOM.
• Value must be null when the type is either TENANT_INCLUSION_LIST or TENANT_EXCLUSION_LIST.
• For the PREDEFINED type, the value must be one of APPLICATION, TENANT, or SELF.
• For the CUSTOM type, the value can be anything.

Optional description of the permission boundary.

[Required on Create] Enum representing the tenants that this permission boundary should be visible to.

• ALL: The permission boundary is visible to all tenants, and it can be assigned to any tenant-owned role or permission group. Useful for application boundaries that can be assigned to tenant-owned roles or permission groups.
• NONE: The permission boundary is not visible to any tenants, and it cannot be assigned to any tenant-owned roles or permission groups. Useful for internal application boundaries that tenants should not be aware of.