unifiedRoleAssignmentMultiple resource type
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
A unifiedRoleAssignmentMultiple is used to grant access to resources, as part of Microsoft 365 RBAC role management. It represents a role definition assigned to an array of principals (typically a user) over an array of scopes.
You can create a role assignment with multiple principals and multiple scopes.
You must provide either directoryScopeIds or appScopeIds.
The following RBAC providers are currently supported:
- Cloud PC
- Microsoft Intune
Methods
| Method | Return Type | Description |
|---|---|---|
| List roleAssignments | unifiedRoleAssignmentMultiple collection | Read a list of unifiedRoleAssignmentMultiple objects and their properties. |
| Create unifiedRoleAssignmentMultiple | unifiedRoleAssignmentMultiple | Create a new unifiedRoleAssignmentMultiple by posting to the roleAssignment collection. |
| Get unifiedRoleAssignmentMultiple | unifiedRoleAssignmentMultiple | Read properties and relationships of unifiedRoleAssignmentMultiple object. |
| Update unifiedRoleAssignmentMultiple | unifiedRoleAssignmentMultiple | Update an existing unifiedRoleAssignmentMultiple object. |
| Delete unifiedRoleAssignmentMultiple | None | Delete unifiedRoleAssignmentMultiple object. |
Properties
| Property | Type | Description |
|---|---|---|
| appScopeIds | String collection | Ids of the app specific scopes when the assignment scopes are app specific. The scopes of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. App scopes are scopes that are defined and understood by this application only. |
| description | String | Description of the role assignment. |
| directoryScopeIds | String collection | Ids of the directory objects representing the scopes of the assignment. The scopes of an assignment determine the set of resources for which the principals have been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only. |
| displayName | String | Name of the role assignment. Required. |
| id | String | The unique identifier for the unifiedRoleAssignmentMultiple. Key, not nullable, Read-only. |
| roleDefinitionId | String | Identifier of the unifiedRoleDefinition the assignment is for. |
| principalIds | String collection | Identifiers of the principals to which the assignment is granted. Supports $filter (any operator only). |
Relationships
| Relationship | Type | Description |
|---|---|---|
| appScopes | appScope collection | Read-only collection with details of the app specific scopes when the assignment scopes are app specific. Containment entity. Read-only. |
| directoryScopes | directoryObject collection | Read-only collection referencing the directory objects that are scope of the assignment. Provided so that callers can get the directory objects using $expand at the same time as getting the role assignment. Read-only. Supports $expand. |
| principals | directoryObject collection | Read-only collection referencing the assigned principals. Provided so that callers can get the principals using $expand at the same time as getting the role assignment. Read-only. Supports $expand. |
| roleDefinition | unifiedRoleDefinition | Specifies the roleDefinition that the assignment is for. Provided so that callers can get the role definition using $expand at the same time as getting the role assignment. Supports $filter (eq operator on id, isBuiltIn, and displayName, and startsWith operator on displayName) and $expand. |
JSON representation
The following is a JSON representation of the resource.
{
"id": "String (identifier)",
"displayName": "String",
"description": "String",
"roleDefinitionId": "String",
"roleDefinition": {"@odata.type": "microsoft.graph.unifiedRoleDefinition"},
"principalIds": ["string"],
"principals": [{"@odata.type": "microsoft.graph.directoryObject"}],
"directoryScopeIds": ["string"],
"directoryScopes": [{"@odata.type": "microsoft.graph.directoryObject"}],
"appScopeIds": ["string"],
"appScopes": [{"@odata.type": "microsoft.graph.appScope"}],
}
Feedback
Submit and view feedback for