unifiedRoleAssignmentMultiple resource type
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
A unifiedRoleAssignmentMultiple is used to grant access to resources, as part of Microsoft 365 role-based access control (RBAC). It represents a role definition assigned to an array of principals (typically users) over an array of scopes.
You can create a role assignment with multiple principals and multiple scopes.
You must provide either directoryScopeIds or appScopeIds.
The following RBAC providers are currently supported:
- Cloud PC
- Microsoft Intune
Methods
| Method | Return Type | Description |
|---|---|---|
| List | unifiedRoleAssignmentMultiple collection | Read a list of unifiedRoleAssignmentMultiple objects and their properties. |
| Create | unifiedRoleAssignmentMultiple | Create a new unifiedRoleAssignmentMultiple by posting to the roleAssignment collection. |
| Get | unifiedRoleAssignmentMultiple | Read properties and relationships of unifiedRoleAssignmentMultiple object. |
| Update | unifiedRoleAssignmentMultiple | Update an existing unifiedRoleAssignmentMultiple object. |
| Delete | None | Delete unifiedRoleAssignmentMultiple object. |
Properties
| Property | Type | Description |
|---|---|---|
| appScopeIds | String collection | Ids of the app specific scopes when the assignment scopes are app specific. The scopes of an assignment determine the set of resources for which the principal has access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. App scopes are scopes that are defined and understood by this application only. |
| description | String | Description of the role assignment. |
| directoryScopeIds | String collection | Ids of the directory objects that represent the scopes of the assignment. The scopes of an assignment determine the set of resources for which the principals have been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only. |
| displayName | String | Name of the role assignment. Required. |
| id | String | The unique identifier for the unifiedRoleAssignmentMultiple object. Key, not nullable, Read-only. |
| principalIds | String collection | Identifiers of the principals to which the assignment is granted. Supports $filter (any operator only). |
| roleDefinitionId | String | Identifier of the unifiedRoleDefinition the assignment is for. |
Relationships
| Relationship | Type | Description |
|---|---|---|
| appScopes | appScope collection | Read-only collection with details of the app specific scopes when the assignment scopes are app specific. Containment entity. Read-only. |
| directoryScopes | directoryObject collection | Read-only collection that references the directory objects that are scope of the assignment. Provided so that callers can get the directory objects using $expand at the same time as getting the role assignment. Read-only. Supports $expand. |
| principals | directoryObject collection | Read-only collection that references the assigned principals. Provided so that callers can get the principals using $expand at the same time as getting the role assignment. Read-only. Supports $expand. |
| roleDefinition | unifiedRoleDefinition | Specifies the roleDefinition that the assignment is for. Provided so that callers can get the role definition using $expand at the same time as getting the role assignment. Supports $filter (eq operator on id, isBuiltIn, and displayName, and startsWith operator on displayName) and $expand. |
JSON representation
The following JSON representation shows the resource type.
{
"appScopeIds": ["string"],
"appScopes": [{"@odata.type": "microsoft.graph.appScope"}],
"description": "String",
"directoryScopeIds": ["String"],
"directoryScopes": [{"@odata.type": "microsoft.graph.directoryObject"}],
"displayName": "String",
"id": "String (identifier)",
"principalIds": ["String"],
"principals": [{"@odata.type": "microsoft.graph.directoryObject"}],
"roleDefinition": {"@odata.type": "microsoft.graph.unifiedRoleDefinition"},
"roleDefinitionId": "String"
}