governanceRoleSetting resource type
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Caution
This version of the Privileged Identity Management (PIM) API for Azure resources will be deprecated soon. Please use the new Azure REST PIM API for Azure resource roles.
Represents a set of configurations on each role definition that needs to be evaluated against when role assignments are created or modified. For example, role settings might include "maximum assignment duration" rule, "MFA required on activation" rule, and so on.
Methods
| Method | Return Type | Description |
|---|---|---|
| List | governanceRoleSetting collection | List a collection of role settings on a resource. |
| Get | governanceRoleSetting | Read properties and relationships of a role setting. |
| Update | governanceRoleSetting | Update a role setting object. |
Properties
| Property | Type | Description |
|---|---|---|
| id | String | The id of the roleSetting. |
| resourceId | String | Required. The id of the resource that the role setting is associated with. |
| roleDefinitionId | String | Required. The id of the role definition that the role setting is associated with. |
| isDefault | Boolean | Read-only. Indicate if the roleSetting is a default roleSetting |
| lastUpdatedDateTime | DateTimeOffset | Read-only. The time when the role setting was last updated. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z |
| lastUpdatedBy | String | Read-only. The display name of the administrator who last updated the roleSetting. |
| adminEligibleSettings | governanceRuleSetting collection | The rule settings that are evaluated when an administrator tries to add an eligible role assignment. |
| adminMemberSettings | governanceRuleSetting collection | The rule settings that are evaluated when an administrator tries to add a direct member role assignment. |
| userEligibleSettings | governanceRuleSetting collection | The rule settings that are evaluated when a user tries to add an eligible role assignment. The setting is not supported for now. |
| userMemberSettings | governanceRuleSetting collection | The rule settings that are evaluated when a user tries to activate his role assignment. |
Relationships
| Relationship | Type | Description |
|---|---|---|
| resource | governanceResource | Read-only. The associated resource for this role setting. |
| roleDefinition | governanceRoleDefinition | Read-only. The role definition that is enforced with this role setting. |
JSON representation
The following JSON representation shows the resource type.
{
"id": "String (identifier)",
"resourceId": "String",
"roleDefinitionId": "String",
"isDefault": true,
"lastUpdatedDateTime": "String (timestamp)",
"lastUpdatedBy": "String",
"adminEligibleSettings": [{"@odata.type": "microsoft.graph.governanceRuleSetting"}],
"adminMemberSettings": [{"@odata.type": "microsoft.graph.governanceRuleSetting"}],
"userEligibleSettings": [{"@odata.type": "microsoft.graph.governanceRuleSetting"}],
"userMemberSettings": [{"@odata.type": "microsoft.graph.governanceRuleSetting"}]
}