편집

다음을 통해 공유


unifiedRoleAssignment resource type

Namespace: microsoft.graph

Represents a role definition assigned to a principal at a particular scope. Supported principals are users, role-assignable groups, and service principals.

Inherits from entity.

Methods

Method Return Type Description
List unifiedRoleAssignment collection Get a list of the unifiedRoleAssignment objects and their properties.
Create unifiedRoleAssignment Create a new unifiedRoleAssignment object.
Get unifiedRoleAssignment Read the properties and relationships of an unifiedRoleAssignment object.
Delete None Deletes an unifiedRoleAssignment object.

Properties

Property Type Description
appScopeId String Identifier of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by a resource application only. For the entitlement management provider, use this property to specify a catalog. For example, /AccessPackageCatalog/beedadfe-01d5-4025-910b-84abb9369997. Supports $filter (eq, in). For example, /roleManagement/entitlementManagement/roleAssignments?$filter=appScopeId eq '/AccessPackageCatalog/{catalog id}'.
directoryScopeId String Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications, unlike app scopes that are defined and understood by a resource application only. Supports $filter (eq, in).
id String The unique identifier for the unifiedRoleAssignment. Key, not nullable, Read-only.
principalId String Identifier of the principal to which the assignment is granted. Supported principals are users, role-assignable groups, and service principals. Supports $filter (eq, in).
roleDefinitionId String Identifier of the unifiedRoleDefinition the assignment is for. Read-only. Supports $filter (eq, in).

Relationships

Relationship Type Description
appScope appScope Read-only property with details of the app specific scope when the assignment scope is app specific. Containment entity. Supports $expand for the entitlement provider only.
directoryScope directoryObject The directory object that is the scope of the assignment. Read-only. Supports $expand for the directory provider.
principal directoryObject Referencing the assigned principal. Read-only. Supports $expand except for the Exchange provider.
roleDefinition unifiedRoleDefinition The roleDefinition the assignment is for. Supports $expand.

JSON representation

The following JSON representation shows the resource type.

{
  "@odata.type": "#microsoft.graph.unifiedRoleAssignment",
  "id": "String (identifier)",
  "appScopeId": "String",
  "directoryScopeId": "String",
  "principalId": "String",
  "roleDefinitionId": "String"
}