AppRoleAssignment.ReadWrite.All
Allows the app to manage permission grants for application permissions to any API (including Microsoft Graph) and application assignments for any app, on behalf of the signed-in user.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
Delegate Permission
|
|
Id |
84bccea3-f856-4a8a-967b-dbe0a3d53a64 |
Consent Type |
Admin |
Display String |
Manage app permission grants and app role assignments |
Description |
Allows the app to manage permission grants for application permissions to any API (including Microsoft Graph) and application assignments for any app, on behalf of the signed-in user. |
Application Permission
|
|
Id |
06b708a9-e830-4db3-a914-8e69da51d44f |
Display String |
Manage app permission grants and app role assignments |
Description |
Allows the app to manage permission grants for application permissions to any API (including Microsoft Graph) and application assignments for any app, without a signed-in user. |
Resources
Property |
Type |
Description |
appRoleId |
Guid |
The identifier (id) for the app role which is assigned to the principal. This app role must be exposed in the appRoles property on the resource application's service principal (resourceId). If the resource application has not declared any app roles, a default app role ID of 00000000-0000-0000-0000-000000000000 can be specified to signal that the principal is assigned to the resource app without any specific app roles. Required on create. |
createdDateTime |
DateTimeOffset |
The time when the app role assignment was created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z . Read-only. |
deletedDateTime |
DateTimeOffset |
The date and time when the app role assignment was deleted. Always null for an appRoleAssignment object that hasn't been deleted. Inherited from directoryObject. |
id |
String |
A unique identifier for the appRoleAssignment key. Not nullable. Read-only. |
principalDisplayName |
String |
The display name of the user, group, or service principal that was granted the app role assignment. Read-only. Supports $filter (eq and startswith ). |
principalId |
Guid |
The unique identifier (id) for the user, security group, or service principal being granted the app role. Security groups with dynamic memberships are supported. Required on create. |
principalType |
String |
The type of the assigned principal. This can either be User , Group , or ServicePrincipal . Read-only. |
resourceDisplayName |
String |
The display name of the resource app's service principal to which the assignment is made. |
resourceId |
Guid |
The unique identifier (**i |