getEffectivePermissions function
Namespace: microsoft.graph
Important: APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported.
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
Permission type | Permissions (from most to least privileged) |
---|---|
Delegated (work or school account) | |
Role-based access control (RBAC) | DeviceManagementRBAC.ReadWrite.All, DeviceManagementRBAC.Read.All |
Delegated (personal Microsoft account) | Not supported. |
Application | |
Role-based access control (RBAC) | DeviceManagementRBAC.ReadWrite.All, DeviceManagementRBAC.Read.All |
This API is available in the following national cloud deployments.
Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
---|---|---|---|
✅ | ✅ | ✅ | ✅ |
HTTP Request
GET /deviceManagement/getEffectivePermissions
Request headers
Header | Value |
---|---|
Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
Accept | application/json |
Request body
In the request URL, provide the following query parameters with values. The following table shows the parameters that can be used with this function.
Property | Type | Description |
---|---|---|
scope | String |
Response
If successful, this function returns a 200 OK
response code and a rolePermission collection in the response body.
Example
Request
Here is an example of the request.
GET https://graph.microsoft.com/beta/deviceManagement/getEffectivePermissions(scope='parameterValue')
Response
Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 471
{
"value": [
{
"@odata.type": "microsoft.graph.rolePermission",
"actions": [
"Actions value"
],
"resourceActions": [
{
"@odata.type": "microsoft.graph.resourceAction",
"allowedResourceActions": [
"Allowed Resource Actions value"
],
"notAllowedResourceActions": [
"Not Allowed Resource Actions value"
]
}
]
}
]
}