unifiedRoleAssignment resource type
Namespace: microsoft.graph
Important
APIs under the /beta
version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Represents a role definition assigned to a principal at a particular scope. Supported principals are users, role-assignable groups, and service principals.
Methods
Method | Return Type | Description |
---|---|---|
List role assignment | unifiedRoleAssignment | Read a list of unifiedRoleAssignment objects and their properties. |
List transitive role assignments | unifiedRoleAssignment collection | Get direct and transitive unifiedRoleAssignments assigned to a specific principal. Specifying principalId is required. |
Get role assignment | unifiedRoleAssignment | Read properties and relationships of unifiedRoleAssignment object. |
Create role assignment | unifiedRoleAssignment | Create a new unifiedRoleAssignment by posting to the roleAssignment collection. |
Delete role assignment | None | Delete unifiedRoleAssignment object. |
Properties
Property | Type | Description |
---|---|---|
appScopeId | String | Identifier of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by a resource application only. For the entitlement management provider, use this property to specify a catalog. For example, /AccessPackageCatalog/beedadfe-01d5-4025-910b-84abb9369997 . Supports $filter (eq , in ). For example /roleManagement/entitlementManagement/roleAssignments?$filter=appScopeId eq '/AccessPackageCatalog/{catalog id}' . |
directoryScopeId | String | Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications, unlike app scopes that are defined and understood by a resource application only. Supports $filter (eq , in ). |
id | String | The unique identifier for the unifiedRoleAssignment. Key, not nullable, Read-only. |
principalId | String | Identifier of the principal to which the assignment is granted. Supported principals are users, role-assignable groups, and service principals. Supports $filter (eq , in ). |
principalOrganizationId | String | Identifier of the home tenant for the principal to which the assignment is granted. |
roleDefinitionId | String | Identifier of the unifiedRoleDefinition the assignment is for. Read-only. Supports $filter (eq , in ). |
resourceScope | String | The scope at which the unifiedRoleAssignment applies. This is / for service-wide. DO NOT USE. This property will be deprecated soon. |
Relationships
Relationship | Type | Description |
---|---|---|
appScope | appScope | Details of the app specific scope when the assignment scope is app specific. Containment entity. Supports $expand for the entitlement provider only. |
directoryScope | directoryObject | The directory object that is the scope of the assignment. Provided so that callers can get the directory object using $expand at the same time as getting the role assignment. Read-only. Supports $expand . |
principal | directoryObject | The assigned principal. Provided so that callers can get the principal using $expand at the same time as getting the role assignment. Read-only. Supports $expand . |
roleDefinition | unifiedRoleDefinition | The roleDefinition the assignment is for. Provided so that callers can get the role definition using $expand at the same time as getting the role assignment. roleDefinition.id will be auto expanded. Supports $expand . |
JSON representation
The following JSON representation shows the resource type.
{
"id": "String (identifier)",
"roleDefinitionId": "String",
"principalId": "String",
"directoryScopeId": "String",
"appScopeId": "String",
"resourceScope": "String"
}
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for