Add a scopedRoleMember
Article
09/27/2023
9 contributors
Feedback
In this article
Namespace: microsoft.graph
Assign an Azure Active Directory (Azure AD) role with administrative unit scope. For a list of roles that can be assigned with administrative unit scope, see Assign Azure AD roles with administrative unit scope .
This API is supported in the following national cloud deployments .
Global service
US Government L4
US Government L5 (DOD)
China operated by 21Vianet
✅
✅
✅
✅
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions .
Permission type
Permissions (from least to most privileged)
Delegated (work or school account)
RoleManagement.ReadWrite.Directory
Delegated (personal Microsoft account)
Not supported.
Application
RoleManagement.ReadWrite.Directory
To assign Azure AD roles with an administrative unit scope, the calling principal must be assigned one of the following Azure AD roles :
Privileged Role Administrator
Global Administrator
HTTP request
POST /directory/administrativeUnits/{id}/scopedRoleMembers
Name
Description
Authorization
Bearer {token}. Required.
Content-type
application/json. Required.
Request body
In the request body, supply a JSON representation of scopedRoleMembership object.
Response
If successful, this method returns 201 Created response code and scopedRoleMembership object in the response body.
Example
Request
Here is an example of the request.
POST https://graph.microsoft.com/v1.0/directory/administrativeUnits/{id}/scopedRoleMembers
Content-type: application/json
{
"roleId": "roleId-value",
"roleMemberInfo": {
"id": "id-value"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
var graphClient = new GraphServiceClient(requestAdapter);
var requestBody = new ScopedRoleMembership
{
RoleId = "roleId-value",
RoleMemberInfo = new Identity
{
Id = "id-value",
},
};
var result = await graphClient.Directory.AdministrativeUnits["{administrativeUnit-id}"].ScopedRoleMembers.PostAsync(requestBody);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc directory administrative-units scoped-role-members create --administrative-unit-id {administrativeUnit-id} --body '{\
"roleId": "roleId-value",\
"roleMemberInfo": {\
"id": "id-value"\
}\
}\
'
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewScopedRoleMembership()
roleId := "roleId-value"
requestBody.SetRoleId(&roleId)
roleMemberInfo := graphmodels.NewIdentity()
id := "id-value"
roleMemberInfo.SetId(&id)
requestBody.SetRoleMemberInfo(roleMemberInfo)
scopedRoleMembers, err := graphClient.Directory().AdministrativeUnits().ByAdministrativeUnitId("administrativeUnit-id").ScopedRoleMembers().Post(context.Background(), requestBody, nil)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
ScopedRoleMembership scopedRoleMembership = new ScopedRoleMembership();
scopedRoleMembership.roleId = "roleId-value";
Identity roleMemberInfo = new Identity();
roleMemberInfo.id = "id-value";
scopedRoleMembership.roleMemberInfo = roleMemberInfo;
graphClient.directory().administrativeUnits("{id}").scopedRoleMembers()
.buildRequest()
.post(scopedRoleMembership);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
const options = {
authProvider,
};
const client = Client.init(options);
const scopedRoleMembership = {
roleId: 'roleId-value',
roleMemberInfo: {
id: 'id-value'
}
};
await client.api('/directory/administrativeUnits/{id}/scopedRoleMembers')
.post(scopedRoleMembership);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
<?php
// THIS SNIPPET IS A PREVIEW VERSION OF THE SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new ScopedRoleMembership();
$requestBody->setRoleId('roleId-value');
$roleMemberInfo = new Identity();
$roleMemberInfo->setId('id-value');
$requestBody->setRoleMemberInfo($roleMemberInfo);
$result = $graphServiceClient->directory()->administrativeUnits()->byAdministrativeUnitId('administrativeUnit-id')->scopedRoleMembers()->post($requestBody)->wait();
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
Import-Module Microsoft.Graph.Identity.DirectoryManagement
$params = @{
roleId = "roleId-value"
roleMemberInfo = @{
id = "id-value"
}
}
New-MgDirectoryAdministrativeUnitScopedRoleMember -AdministrativeUnitId $administrativeUnitId -BodyParameter $params
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
# THE PYTHON SDK IS IN PREVIEW. FOR NON-PRODUCTION USE ONLY
graph_client = GraphServiceClient(request_adapter)
request_body = ScopedRoleMembership(
role_id = "roleId-value",
role_member_info = Identity(
id = "id-value",
),
)
result = await graph_client.directory.administrative_units.by_administrative_unit_id('administrativeUnit-id').scoped_role_members.post(body = request_body)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
In the request body, supply a JSON representation of scopedRoleMembership object.
Response
Here is an example of the response. Note: The response object shown here might be shortened for readability.
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#scopedRoleMemberships/$entity",
"administrativeUnitId": "administrativeUnitId-value",
"roleId": "roleId-value",
"roleMemberInfo": {
"id": "id-value",
"displayName": "displayName-value",
"userPrincipalName": "userPrincipalName-value"
},
"id": "id-value"
}