Edit

getEffectivePermissions function

  • Article
  • 2 minutes to read

Namespace: microsoft.graph

Important: APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported.

Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.

Not yet documented

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from most to least privileged)
Delegated (work or school account)
    Role-based access control (RBAC) DeviceManagementRBAC.ReadWrite.All, DeviceManagementRBAC.Read.All
Delegated (personal Microsoft account) Not supported.
Application
    Role-based access control (RBAC) DeviceManagementRBAC.ReadWrite.All, DeviceManagementRBAC.Read.All

HTTP Request

GET /deviceManagement/getEffectivePermissions

Request headers

Header Value
Authorization Bearer <token> Required.
Accept application/json

Request body

In the request URL, provide the following query parameters with values. The following table shows the parameters that can be used with this function.

Property Type Description
scope String Not yet documented

Response

If successful, this function returns a 200 OK response code and a rolePermission collection in the response body.

Example

Request

Here is an example of the request.

GET https://graph.microsoft.com/beta/deviceManagement/getEffectivePermissions(scope='parameterValue')

Response

Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 471

{
  "value": [
    {
      "@odata.type": "microsoft.graph.rolePermission",
      "actions": [
        "Actions value"
      ],
      "resourceActions": [
        {
          "@odata.type": "microsoft.graph.resourceAction",
          "allowedResourceActions": [
            "Allowed Resource Actions value"
          ],
          "notAllowedResourceActions": [
            "Not Allowed Resource Actions value"
          ]
        }
      ]
    }
  ]
}