Share via

Impossible to create RoleAssignment with api graph

JUFO 81 Reputation points
2023-02-01T14:46:29.56+00:00

Impossible to create RoleAssignment with api graph
It always return:

{
    "error": {
        "code": "No method match route template",
        "message": "No OData route exists that match template ~/singleton/navigation/key/navigation with http verb POST for request /StatelessRoleAdministrationFEService/deviceManagement/roleDefinitions('cabf128f-d8c0-4c6e-bc5d-02aa3e32ceaa')/roleAssignments.",
        "innerError": {
            "date": "2023-02-01T13:24:49",
            "request-id": "41124d63-85bd-4e74-b6a2-cce037e63f20",
            "client-request-id": "xxxx"
        }
    }
}

I've tried v1.0 and beta. I can see RoleAssignments with GET, but POST doesn't work.
The url: https://graph.microsoft.com/beta/deviceManagement/roleDefinitions/cabf128f-d8c0-4c6e-bc5d-02aa3e32ceaa/roleAssignments

My json

{
    "@odata.type": "#microsoft.graph.deviceAndAppManagementRoleAssignment",
    "displayName": "test",
    "description": "",
    "resourceScopes": [],
    "members": []
}

or even

{
  "@odata.type": "#microsoft.graph.roleAssignment",
  "displayName": "Test",
  "description": "Description test",
  "resourceScopes": []
}

It should work because it is as it appears in the documentation. I've tried everything...

Microsoft Security | Intune | Other
Microsoft Security | Microsoft Graph
0 comments
Accepted answer
  1. Crystal-MSFT 53,991 Reputation points Microsoft External Staff
    2023-02-02T02:08:28.8033333+00:00

    @JUFO, Thanks for posting in Q&A.

    Based on my test, I find we can use the following method to create RoleAssignment:

    Request Method: POST

    Request URL: https://graph.microsoft.com/beta/deviceManagement/roleAssignments

    Request body: (displayname is the name of the assignment. enter the id of the admin group under members. enter id of the Scope group under resourceScopes.

    {
    "id": "",
    "description": "",
    "displayName": "test2",
    "members": [
        "5bc76640-a6e4-XXXXXXX-2b0e15371ec4"
    ],
    "resourceScopes": [
        "4ee993ea-16e2-XXXX8-0617424475c7"
    ],
    "******@odata.bind": "https://graph.microsoft.com/beta/deviceManagement/roleDefinitions('abe1ef62-3XXXXXXX-95ce-cc93d74782fe')"
}

    User's image

    Then the roleassignment is created under Intune.

    User's image

    Hope the above information can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JUFO 81 Reputation points
    2023-02-03T13:48:23.3466667+00:00

    Thanks a lot, it is different in documentation.

    And if I want to DELETE that assignment?

    I've tried:

    DELETE https://graph.microsoft.com/beta/deviceManagement/roleAssignments/85ce198b-567a-4923-xxx-c3625094ba69

    But it shows an error.

  2. Stijn Soens 0 Reputation points
    2023-09-25T15:50:43.2833333+00:00

    Been troubleshooting the 'No method match route template' issue for a couple of hours until I found this thread. Updated my json slightly but I can't seem to fix it. Could you help me out?

    {
    "id": "",
    "description": "Test Descr",
    "displayName": "Test Name",
    "members": [
        "6d25f39a-51bf-XXXXXXX-10fc5fea6f5f"
    ],
    "resourceScopes": [],
    "******@odata.bind": "https://graph.microsoft.com/v1.0/deviceManagement/roleDefinitions('486d327f-4cd6-XXXXXXX-93e2fa32b814')"
}
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.