Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,343 questions
Create roleAssignmentScheduleRequests fail with RoleNotFound error.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 7.000000000000001%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
KlemenS
5
Reputation points
If we create role definition using HTTP API (same also if using MS Graph Python SDK; client credential OAUTH auth):
https://graph.microsoft.com/v1.0/roleManagement/directory/roleDefinitions
{
"description": "Role description",
"displayName": "RoleDefinitionTest",
"rolePermissions":
[
{
"allowedResourceActions":
[
"microsoft.directory/applications/basic/read"
]
}
],
"isEnabled": true
}
Note: Role permission can be anything, the action up is just as an example.
And try to assign a new eligible (or active) role schedule request:
https://graph.microsoft.com/v1.0/roleManagement/directory/roleEligibilityScheduleRequests
{
"action": "adminAssign",
"justification": "Assign test...",
"roleDefinitionId": <ROLEDEFINITIONTEST_UUID>,
"directoryScopeId": "/",
"principalId": <SOME_USER__UUID>,
"scheduleInfo": {
"startDateTime": "2022-04-10T00:00:00Z",
"expiration": {
"type": "afterDateTime",
"endDateTime": "2024-10-10T00:00:00Z"
}
}
}
The request fails with error like:
{
"error": {
"code": "RoleNotFound",
"message": "The role is not found.",
"innerError": {
"date": "2024-06-30T12:44:58",
"request-id": "f81f6d94-77ea-4865-bb34-8201341f5a72",
"client-request-id": "f81f6d94-77ea-4865-bb34-8201341f5a72"
}
}
}
If running same using Powershell MS Graph SDK, it passes. Also if accesing the created role definition throught Entra Admin console and trying just to add some assigments, and then run roleEligibilityScheduleRequests again after some time, the same request passes ok.
Is this expected to work? Is there some other role action needed to be executed prior running roleEligibilityScheduleRequests?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT 36,891 Reputation points Microsoft Employee2024-07-09T22:19:38.9866667+00:00 I reached out to a colleague on the PIM team about this, but it may be due to missing prefixes or information in the IDs.
Sign in to comment
Sign in to answer