unifiedRoleAssignment resource type
Namespace: microsoft.graph
A role assignment is used to grant access to resources. It represents a role definition assigned to a principal (for example, a user or a role-assignable group) at a particular scope.
Inherits from entity.
Methods
| Method | Return Type | Description |
|---|---|---|
| List unifiedRoleAssignments | unifiedRoleAssignment collection | Get a list of the unifiedRoleAssignment objects and their properties. |
| Create unifiedRoleAssignment | unifiedRoleAssignment | Create a new unifiedRoleAssignment object. |
| Get unifiedRoleAssignment | unifiedRoleAssignment | Read the properties and relationships of an unifiedRoleAssignment object. |
| Delete unifiedRoleAssignment | None | Deletes an unifiedRoleAssignment object. |
Properties
| Property | Type | Description |
|---|---|---|
| appScopeId | String | Identifier of the app-specific scope when the assignment scope is app-specific. Either this property or directoryScopeId is required. App scopes are scopes that are defined and understood by this application only. Use / for tenant-wide app scopes. Use directoryScopeId to limit the scope to particular directory objects, for example, administrative units. Supports $filter (eq, in). |
| directoryScopeId | String | Identifier of the directory object representing the scope of the assignment. Either this property or appScopeId is required. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. Use appScopeId to limit the scope to an application only. Supports $filter (eq, in). |
| id | String | The unique identifier for the role assignment. Key, not nullable, Read-only. Inherited from entity. |
| roleDefinitionId | String | Identifier of the role definition the assignment is for. Read only. Supports $filter (eq, in). |
| principalId | String | Identifier of the principal to which the assignment is granted. Supports $filter (eq, in). |
Relationships
| Relationship | Type | Description |
|---|---|---|
| appScope | appScope | Read-only property with details of the app specific scope when the assignment scope is app specific. Containment entity. Supports $expand. |
| directoryScope | directoryObject | The directory object that is the scope of the assignment. Read-only. Supports $expand. |
| principal | directoryObject | Referencing the assigned principal. Read-only. Supports $expand. |
| roleDefinition | unifiedRoleDefinition | The roleDefinition the assignment is for. Supports $expand. roleDefinition.Id will be auto expanded. |
JSON representation
The following is a JSON representation of the resource.
{
"@odata.type": "#microsoft.graph.unifiedRoleAssignment",
"id": "String (identifier)",
"appScopeId": "String",
"condition": "String",
"directoryScopeId": "String",
"principalId": "String",
"roleDefinitionId": "String"
}
Feedback
Submit and view feedback for