unifiedRoleAssignment resource type

Namespace: microsoft.graph

A role assignment is used to grant access to resources. It represents a role definition assigned to a principal (for example, a user or a role-assignable group) at a particular scope.

Inherits from entity.


Method Return Type Description
List unifiedRoleAssignments unifiedRoleAssignment collection Get a list of the unifiedRoleAssignment objects and their properties.
Create unifiedRoleAssignment unifiedRoleAssignment Create a new unifiedRoleAssignment object.
Get unifiedRoleAssignment unifiedRoleAssignment Read the properties and relationships of an unifiedRoleAssignment object.
Delete unifiedRoleAssignment None Deletes an unifiedRoleAssignment object.


Property Type Description
appScopeId String Identifier of the app-specific scope when the assignment scope is app-specific. Either this property or directoryScopeId is required. App scopes are scopes that are defined and understood by this application only. Use / for tenant-wide app scopes. Use directoryScopeId to limit the scope to particular directory objects, for example, administrative units. Supports $filter (eq, in).
directoryScopeId String Identifier of the directory object representing the scope of the assignment. Either this property or appScopeId is required. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. Use appScopeId to limit the scope to an application only. Supports $filter (eq, in).
id String The unique identifier for the role assignment. Key, not nullable, Read-only. Inherited from entity.
roleDefinitionId String Identifier of the role definition the assignment is for. Read only. Supports $filter (eq, in).
principalId String Identifier of the principal to which the assignment is granted. Supports $filter (eq, in).


Relationship Type Description
appScope appScope Read-only property with details of the app specific scope when the assignment scope is app specific. Containment entity. Supports $expand.
directoryScope directoryObject The directory object that is the scope of the assignment. Read-only. Supports $expand.
principal directoryObject Referencing the assigned principal. Read-only. Supports $expand.
roleDefinition unifiedRoleDefinition The roleDefinition the assignment is for. Supports $expand. roleDefinition.Id will be auto expanded.

JSON representation

The following is a JSON representation of the resource.

  "@odata.type": "#microsoft.graph.unifiedRoleAssignment",
  "id": "String (identifier)",
  "appScopeId": "String",
  "condition": "String",
  "directoryScopeId": "String",
  "principalId": "String",
  "roleDefinitionId": "String"