getEffectivePermissions function
Namespace: microsoft.graph
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Retrieves the effective permissions of the currently authenticated user
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
Permission type | Permissions (from least to most privileged) |
---|---|
Delegated (work or school account) | DeviceManagementRBAC.Read.All, DeviceManagementRBAC.ReadWrite.All |
Delegated (personal Microsoft account) | Not supported. |
Application | DeviceManagementRBAC.Read.All, DeviceManagementRBAC.ReadWrite.All |
HTTP Request
GET /deviceManagement/getEffectivePermissions
Request headers
Header | Value |
---|---|
Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
Accept | application/json |
Request body
In the request URL, provide the following query parameters with values. The following table shows the parameters that can be used with this function.
Property | Type | Description |
---|---|---|
scope | String | Not yet documented |
Response
If successful, this function returns a 200 OK
response code and a rolePermission collection in the response body.
Example
Request
Here is an example of the request.
GET https://graph.microsoft.com/v1.0/deviceManagement/getEffectivePermissions
Response
Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 416
{
"value": [
{
"@odata.type": "microsoft.graph.rolePermission",
"resourceActions": [
{
"@odata.type": "microsoft.graph.resourceAction",
"allowedResourceActions": [
"Allowed Resource Actions value"
],
"notAllowedResourceActions": [
"Not Allowed Resource Actions value"
]
}
]
}
]
}