unifiedRoleManagementPolicy resource type

Namespace: microsoft.graph

Specifies the various policies associated with scopes and roles. For policies that apply to Azure RBAC, use the Azure REST PIM API for role management policies.

Currently, all policies and associated rules are read-only.

Inherits from entity.


Method Return type Description
List unifiedRoleManagementPolicies unifiedRoleManagementPolicy collection Get role management policies and their details.
Get unifiedRoleManagementPolicy unifiedRoleManagementPolicy Retrieve the details of a role management policy.
List rules unifiedRoleManagementPolicyRule collection Get the rules defined for a role management policy.
Get unifiedRoleManagementPolicyRule unifiedRoleManagementPolicyRule Retrieve a rule defined for a role management policy.
Update unifiedRoleManagementPolicyRule unifiedRoleManagementPolicyRule Update a rule defined for a role management policy.


Property Type Description
description String Description for the policy.
displayName String Display name for the policy.
id String Unique identifier for the policy.
isOrganizationDefault Boolean This can only be set to true for a single tenant-wide policy which will apply to all scopes and roles. Set the scopeId to / and scopeType to Directory. Supports $filter (eq, ne).
lastModifiedBy identity The identity who last modified the role setting.
lastModifiedDateTime DateTimeOffset The time when the role setting was last modified.
scopeId String The identifier of the scope where the policy is created. Can be / for the tenant or a group ID. Required.
scopeType String The type of the scope where the policy is created. One of Directory, DirectoryRole. Required.


Relationship Type Description
effectiveRules unifiedRoleManagementPolicyRule collection The list of effective rules like approval rules and expiration rules evaluated based on inherited referenced rules. For example, if there is a tenant-wide policy to enforce enabling an approval rule, the effective rule will be to enable approval even if the policy has a rule to disable approval. Supports $expand.
rules unifiedRoleManagementPolicyRule collection The collection of rules like approval rules and expiration rules. Supports $expand.

JSON representation

The following is a JSON representation of the resource.

  "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicy",
  "id": "String (identifier)",
  "displayName": "String",
  "description": "String",
  "isOrganizationDefault": "Boolean",
  "scopeId": "String",
  "scopeType": "String",
  "lastModifiedDateTime": "String (timestamp)",
  "lastModifiedBy": {
    "@odata.type": "microsoft.graph.identity"