governanceResource resource type
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Caution
This version of the Privileged Identity Management (PIM) API for Azure resources will be deprecated soon. Please use the new Azure REST PIM API for Azure resource roles.
Represents Privileged Identity Management (PIM) resources. For Azure resources, it can be a subscription, a resource group, and a resource such as a virtual machine, etc.
Methods
| Method | Return Type | Description |
|---|---|---|
| List | governanceResource collection | List a collection of resources the requestor has access to. |
| Get | governanceResource | Read properties and relationships of a resource entity specified by id. |
| Register | Register an unmanaged Azure subscription or management group to PIM service. |
No POST, PUT, PATCH, DELETE are supported on roleDefinitions entity set for now.
Properties
| Property | Type | Description |
|---|---|---|
| id | String | The id of the resource. It is in GUID format. |
| externalId | String | The external id of the resource, representing its original id in the external system. For example, a subscription resource's external id can be "/subscriptions/c14ae696-5e0c-4e5d-88cc-bef6637737ac". |
| type | String | Required. Resource type. For example, for Azure resources, the type could be "Subscription", "ResourceGroup", "Microsoft.Sql/server", etc. |
| displayName | String | The display name of the resource. |
| status | String | The status of a given resource. For example, it could represent whether the resource is locked or not (values: Active/Locked). Note: This property may be extended in the future to support more scenarios. |
| registeredDateTime | DateTimeOffset | Represents the date time when the resource is registered in PIM. |
| registeredRoot | String | The externalId of the resource's root scope that is registered in PIM. The root scope can be the parent, grandparent, or higher ancestor resources. |
| roleAssignmentCount | Int32 | Optional. The number of role assignments for the given resource. To get the property, explicitly use $select=roleAssignmentCount in the query. |
| roleDefinitionCount | Int32 | Optional. The number of role definitions for the given resource. To get the property, explicitly use $select=roleDefinitionCount in the query. |
| permissions | governancePermission | Optional. It represents the status of the requestor's access to the resource. To get the property, explicitly use $select=permissions in the query. |
Relationships
| Relationship | Type | Description |
|---|---|---|
| roleAssignments | governanceRoleAssignment collection | The collection of role assignments for the resource. |
| roleDefinitions | governanceRoleDefinition collection | The collection of role definitions for the resource. |
| roleAssignmentRequests | governanceRoleAssignmentRequest collection | The collection of role assignment requests for the resource. |
| roleSettings | governanceRoleSetting collection | The collection of role settings for the resource. |
| parent | governanceResource | Read-only. The parent resource. for pimforazurerbac scenario, it can represent the subscription the resource belongs to. |
JSON representation
The following JSON representation shows the resource type.
{
"id": "String (identifier)",
"externalId": "String",
"type": "String",
"displayName": "String",
"status": "String",
"registeredDateTime": "String (timestamp)",
"registeredRoot": "String",
"roleAssignmentCount": 12356,
"roleDefinitionCount": 12356,
"permissions": {
"@odata.type": "microsoft.graph.governancePermission"
}
}