Delete unifiedRoleAssignment

Namespace: microsoft.graph

Delete a unifiedRoleAssignment object.

This API is available in the following national cloud deployments.

Global service	US Government L4	US Government L5 (DOD)	China operated by 21Vianet
✅	✅	✅	✅

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

For the directory (Microsoft Entra ID) provider

Permission type	Permissions (from least to most privileged)
Delegated (work or school account)	RoleManagement.ReadWrite.Directory
Delegated (personal Microsoft account)	Not supported.
Application	RoleManagement.ReadWrite.Directory

In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported Microsoft Entra role or a custom role with the microsoft.directory/roleAssignments/allProperties/allTasks role permission. Privileged Role Administrator is the least privileged role supported for this operation.

For the Entitlement management provider

Permission type	Permissions (from least to most privileged)
Delegated (work or school account)	EntitlementManagement.ReadWrite.All
Delegated (personal Microsoft account)	Not supported.
Application	EntitlementManagement.ReadWrite.All

HTTP request

Remove a role assignment from the directory provider:

DELETE /roleManagement/directory/roleAssignments/{id}

Remove a role assignment from the entitlement management provider:

DELETE /roleManagement/entitlementManagement/roleAssignments/{id}

Request headers

Name	Description
Authorization	Bearer {token}. Required. Learn more about authentication and authorization.

Request body

Don't supply a request body for this method.

Response

If successful, this method returns 204 No Content response code. It doesn't return anything in the response body.

Example

Request

The following example shows a request.

HTTP

DELETE https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments/lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1

C#

// Code snippets are only available for the latest version. Current version is 5.x

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.RoleManagement.Directory.RoleAssignments["{unifiedRoleAssignment-id}"].DeleteAsync();

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

CLI

mgc role-management directory role-assignments delete --unified-role-assignment-id {unifiedRoleAssignment-id}

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Go

// Code snippets are only available for the latest major version. Current major version is $v1.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  //other-imports
)


// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
graphClient.RoleManagement().Directory().RoleAssignments().ByUnifiedRoleAssignmentId("unifiedRoleAssignment-id").Delete(context.Background(), nil)

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Java

// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

graphClient.roleManagement().directory().roleAssignments().byUnifiedRoleAssignmentId("{unifiedRoleAssignment-id}").delete();

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

await client.api('/roleManagement/directory/roleAssignments/lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1')
	.delete();

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

PHP

<?php
use Microsoft\Graph\GraphServiceClient;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);


$graphServiceClient->roleManagement()->directory()->roleAssignments()->byUnifiedRoleAssignmentId('unifiedRoleAssignment-id')->delete()->wait();

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

PowerShell

Import-Module Microsoft.Graph.Identity.Governance

Remove-MgRoleManagementDirectoryRoleAssignment -UnifiedRoleAssignmentId $unifiedRoleAssignmentId

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Python

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python

await graph_client.role_management.directory.role_assignments.by_unified_role_assignment_id('unifiedRoleAssignment-id').delete()

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Response

The following example shows the response.

HTTP/1.1 204 No Content