In the request body, supply a JSON representation of a unifiedRoleAssignment object.
You can specify the following properties when creating a unifiedRoleAssignment.
Property
Type
Description
appScopeId
String
Required. Identifier of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by a resource application only.
For the entitlement management provider, use this property to specify a catalog, for example /AccessPackageCatalog/beedadfe-01d5-4025-910b-84abb9369997.
Either appScopeId or directoryScopeId must be specified.
directoryScopeId
String
Required. Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications, unlike app scopes that are defined and understood by a resource application only.
For the directory (Microsoft Entra ID) provider, this property supports the following formats:
/ for tenant-wide scope
/administrativeUnits/{administrativeunit-ID} to scope to an administrative unit
/{application-objectID} to scope to a resource application
For entitlement management provider, / for tenant-wide scope. To scope to an access package catalog, use the appScopeId property.
Either appScopeId or directoryScopeId must be specified.
principalId
String
Required. Identifier of the principal to which the assignment is granted.
roleDefinitionId
String
Identifier of the unifiedRoleDefinition the assignment is for. Read-only. Supports $filter (eq, in).
Response
If successful, this method returns a 201 Created response code and a new unifiedRoleAssignment object in the response body.
Examples
Example 1: Create a role assignment with tenant scope
Request
The following example shows a request. Note the use of the roleTemplateId for roleDefinitionId. roleDefinitionId can be either the service-wide template Id or the directory-specific roleDefinitionId.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new UnifiedRoleAssignment
{
OdataType = "#microsoft.graph.unifiedRoleAssignment",
RoleDefinitionId = "c2cf284d-6c41-4e6b-afac-4b80928c9034",
PrincipalId = "f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
DirectoryScopeId = "/",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.Directory.RoleAssignments.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewUnifiedRoleAssignment()
roleDefinitionId := "c2cf284d-6c41-4e6b-afac-4b80928c9034"
requestBody.SetRoleDefinitionId(&roleDefinitionId)
principalId := "f8ca5a85-489a-49a0-b555-0a6d81e56f0d"
requestBody.SetPrincipalId(&principalId)
directoryScopeId := "/"
requestBody.SetDirectoryScopeId(&directoryScopeId)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleAssignments, err := graphClient.RoleManagement().Directory().RoleAssignments().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleAssignment unifiedRoleAssignment = new UnifiedRoleAssignment();
unifiedRoleAssignment.setOdataType("#microsoft.graph.unifiedRoleAssignment");
unifiedRoleAssignment.setRoleDefinitionId("c2cf284d-6c41-4e6b-afac-4b80928c9034");
unifiedRoleAssignment.setPrincipalId("f8ca5a85-489a-49a0-b555-0a6d81e56f0d");
unifiedRoleAssignment.setDirectoryScopeId("/");
UnifiedRoleAssignment result = graphClient.roleManagement().directory().roleAssignments().post(unifiedRoleAssignment);
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new UnifiedRoleAssignment
{
OdataType = "#microsoft.graph.unifiedRoleAssignment",
RoleDefinitionId = "fe930be7-5e62-47db-91af-98c3a49a38b1",
PrincipalId = "f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
DirectoryScopeId = "/administrativeUnits/5d107bba-d8e2-4e13-b6ae-884be90e5d1a",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.Directory.RoleAssignments.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewUnifiedRoleAssignment()
roleDefinitionId := "fe930be7-5e62-47db-91af-98c3a49a38b1"
requestBody.SetRoleDefinitionId(&roleDefinitionId)
principalId := "f8ca5a85-489a-49a0-b555-0a6d81e56f0d"
requestBody.SetPrincipalId(&principalId)
directoryScopeId := "/administrativeUnits/5d107bba-d8e2-4e13-b6ae-884be90e5d1a"
requestBody.SetDirectoryScopeId(&directoryScopeId)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleAssignments, err := graphClient.RoleManagement().Directory().RoleAssignments().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleAssignment unifiedRoleAssignment = new UnifiedRoleAssignment();
unifiedRoleAssignment.setOdataType("#microsoft.graph.unifiedRoleAssignment");
unifiedRoleAssignment.setRoleDefinitionId("fe930be7-5e62-47db-91af-98c3a49a38b1");
unifiedRoleAssignment.setPrincipalId("f8ca5a85-489a-49a0-b555-0a6d81e56f0d");
unifiedRoleAssignment.setDirectoryScopeId("/administrativeUnits/5d107bba-d8e2-4e13-b6ae-884be90e5d1a");
UnifiedRoleAssignment result = graphClient.roleManagement().directory().roleAssignments().post(unifiedRoleAssignment);
Example 3 : Create a role assignment with application scope
Request
The following example assigns a principal the Application Administrator role at application scope. The object ID of the application registration is 661e1310-bd76-4795-89a7-8f3c8f855bfc.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new UnifiedRoleAssignment
{
OdataType = "#microsoft.graph.unifiedRoleAssignment",
PrincipalId = "6b937a9d-c731-465b-a844-2d5b5368c161",
RoleDefinitionId = "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3",
DirectoryScopeId = "/661e1310-bd76-4795-89a7-8f3c8f855bfc",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.Directory.RoleAssignments.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewUnifiedRoleAssignment()
principalId := "6b937a9d-c731-465b-a844-2d5b5368c161"
requestBody.SetPrincipalId(&principalId)
roleDefinitionId := "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3"
requestBody.SetRoleDefinitionId(&roleDefinitionId)
directoryScopeId := "/661e1310-bd76-4795-89a7-8f3c8f855bfc"
requestBody.SetDirectoryScopeId(&directoryScopeId)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleAssignments, err := graphClient.RoleManagement().Directory().RoleAssignments().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleAssignment unifiedRoleAssignment = new UnifiedRoleAssignment();
unifiedRoleAssignment.setOdataType("#microsoft.graph.unifiedRoleAssignment");
unifiedRoleAssignment.setPrincipalId("6b937a9d-c731-465b-a844-2d5b5368c161");
unifiedRoleAssignment.setRoleDefinitionId("9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3");
unifiedRoleAssignment.setDirectoryScopeId("/661e1310-bd76-4795-89a7-8f3c8f855bfc");
UnifiedRoleAssignment result = graphClient.roleManagement().directory().roleAssignments().post(unifiedRoleAssignment);
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new UnifiedRoleAssignment
{
PrincipalId = "679a9213-c497-48a4-830a-8d3d25d94ddc",
RoleDefinitionId = "ae79f266-94d4-4dab-b730-feca7e132178",
AppScopeId = "/AccessPackageCatalog/beedadfe-01d5-4025-910b-84abb9369997",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.EntitlementManagement.RoleAssignments.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewUnifiedRoleAssignment()
principalId := "679a9213-c497-48a4-830a-8d3d25d94ddc"
requestBody.SetPrincipalId(&principalId)
roleDefinitionId := "ae79f266-94d4-4dab-b730-feca7e132178"
requestBody.SetRoleDefinitionId(&roleDefinitionId)
appScopeId := "/AccessPackageCatalog/beedadfe-01d5-4025-910b-84abb9369997"
requestBody.SetAppScopeId(&appScopeId)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleAssignments, err := graphClient.RoleManagement().EntitlementManagement().RoleAssignments().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleAssignment unifiedRoleAssignment = new UnifiedRoleAssignment();
unifiedRoleAssignment.setPrincipalId("679a9213-c497-48a4-830a-8d3d25d94ddc");
unifiedRoleAssignment.setRoleDefinitionId("ae79f266-94d4-4dab-b730-feca7e132178");
unifiedRoleAssignment.setAppScopeId("/AccessPackageCatalog/beedadfe-01d5-4025-910b-84abb9369997");
UnifiedRoleAssignment result = graphClient.roleManagement().entitlementManagement().roleAssignments().post(unifiedRoleAssignment);
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\UnifiedRoleAssignment;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new UnifiedRoleAssignment();
$requestBody->setPrincipalId('679a9213-c497-48a4-830a-8d3d25d94ddc');
$requestBody->setRoleDefinitionId('ae79f266-94d4-4dab-b730-feca7e132178');
$requestBody->setAppScopeId('/AccessPackageCatalog/beedadfe-01d5-4025-910b-84abb9369997');
$result = $graphServiceClient->roleManagement()->entitlementManagement()->roleAssignments()->post($requestBody)->wait();
Připravujeme: V průběhu roku 2024 budeme postupně vyřazovat problémy z GitHub coby mechanismus zpětné vazby pro obsah a nahrazovat ho novým systémem zpětné vazby. Další informace naleznete v tématu: https://aka.ms/ContentUserFeedback.