unifiedRoleManagementPolicyRuleTarget resource type

Namespace: microsoft.graph

Defines details of the scope that's targeted by role management policy rule. The details can include the principal type, the role assignment type, and actions affecting a role.


Property Type Description
caller String The type of caller that's the target of the policy rule. Allowed values are: None, Admin, EndUser.
enforcedSettings String collection The list of role settings that are enforced and cannot be overridden by child scopes. Use All for all settings.
inheritableSettings String collection The list of role settings that can be inherited by child scopes. Use All for all settings.
level String The role assignment type that's the target of policy rule. Allowed values are: Eligibility, Assignment.
operations String collection The role management operations that are the target of the policy rule. Allowed values are: All, Activate, Deactivate, Assign, Update, Remove, Extend, Renew.


Relationship Type Description
targetObjects directoryObject collection The collection of users, groups, and service principals that are in scope of the policy. If not specified, all objects are in scope of the policy.

JSON representation

The following JSON representation shows the resource type.

  "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyRuleTarget",
  "caller": "String",
  "operations": [
  "level": "String",
  "inheritableSettings": [
  "enforcedSettings": [