Show / Hide Table of Contents

DelegatedAdminRelationship.ReadWrite.All

Allows the app to manage (create-update-terminate) Delegated Admin relationships with customers as well as role assignments to security groups for active Delegated Admin relationships on behalf of the signed-in user.

Graph Methods

Type: A = Application Permission, D = Delegate Permission

Ver Type Method
V1 D DELETE /tenantRelationships/delegatedAdminRelationships/{delegatedAdminRelationshipId}
V1 D DELETE /tenantRelationships/delegatedAdminRelationships/{delegatedAdminRelationshipId}/accessAssignments/{delegatedAdminAccessAssignmentId}
V1 D GET /tenantRelationships/delegatedAdminCustomers
V1 D GET /tenantRelationships/delegatedAdminCustomers/{delegatedAdminCustomerId}
V1 D GET /tenantRelationships/delegatedAdminCustomers/{delegatedAdminCustomerId}/serviceManagementDetails
V1 D GET /tenantRelationships/delegatedAdminRelationships
V1 D GET /tenantRelationships/delegatedAdminRelationships/{delegatedAdminRelationshipId}
V1 D GET /tenantRelationships/delegatedAdminRelationships/{delegatedAdminRelationshipId}/accessAssignments
V1 D GET /tenantRelationships/delegatedAdminRelationships/{delegatedAdminRelationshipId}/accessAssignments/{delegatedAdminAccessAssignmentId}
V1 D GET /tenantRelationships/delegatedAdminRelationships/{delegatedAdminRelationshipId}/operations
V1 D GET /tenantRelationships/delegatedAdminRelationships/{delegatedAdminRelationshipId}/operations/{delegatedAdminRelationshipOperationId}
V1 D GET /tenantRelationships/delegatedAdminRelationships/{delegatedAdminRelationshipId}/requests
V1 D GET /tenantRelationships/delegatedAdminRelationships/{delegatedAdminRelationshipId}/requests/{delegatedAdminRelationshipRequestId}
V1 D PATCH /tenantRelationships/delegatedAdminRelationships/{delegatedAdminRelationshipId}
V1 D PATCH /tenantRelationships/delegatedAdminRelationships/{delegatedAdminRelationshipId}/accessAssignments/{delegatedAdminAccessAssignmentId}
V1 D POST /tenantRelationships/delegatedAdminRelationships
V1 D POST /tenantRelationships/delegatedAdminRelationships/{delegatedAdminRelationshipId}/accessAssignments
V1 D POST /tenantRelationships/delegatedAdminRelationships/{delegatedAdminRelationshipId}/requests

Delegate Permission

Id 885f682f-a990-4bad-a642-36736a74b0c7
Consent Type Admin
Display String Manage Delegated Admin relationships with customers
Description Allows the app to manage (create-update-terminate) Delegated Admin relationships with customers as well as role assignments to security groups for active Delegated Admin relationships on behalf of the signed-in user.

Application Permission

Id cc13eba4-8cd8-44c6-b4d4-f93237adce58
Display String Manage Delegated Admin relationships with customers
Description Allows the app to manage (create-update-terminate) Delegated Admin relationships with customers and role assignments to security groups for active Delegated Admin relationships without a signed-in user.

Resources

delegatedAdminAccessAssignment

Property Type Description
accessContainer delegatedAdminAccessContainer The access container through which members are assigned access. For example, a security group.
accessDetails delegatedAdminAccessDetails The access details containing the identifiers of the administrative roles that the partner is assigned in the customer tenant.
createdDateTime DateTimeOffset The date and time in ISO 8601 format and in UTC time when the access assignment was created. Read-only.
id String The unique identifier of the access assignment. Read-only. Inherited from entity.
lastModifiedDateTime DateTimeOffset The date and time in ISO 8601 and in UTC time when this access assignment was last modified. Read-only.
status delegatedAdminAccessAssignmentStatus The status of the access assignment. Read-only. The possible values are: pending, active, deleting, deleted, error, unknownFutureValue.

delegatedAdminAccessContainer

Property Type Description
accessContainerId String The identifier of the access container (for example, a security group). For "securityGroup" access containers, this must be a valid ID of an Azure AD security group in the Microsoft partner's tenant.
accessContainerType delegatedAdminAccessContainerType The type of access container (for example, security group) that will be assigned one or more roles through a delegated admin relationship. The possible values are: securityGroup, unknownFutureValue.

delegatedAdminAccessDetails

Property Type Description
unifiedRoles unifiedRole collection The directory roles that the Microsoft partner is assigned in the customer tenant.

delegatedAdminCustomer

Property Type Description
displayName String The Azure AD display name of the customer tenant. Read-only. Supports $orderBy.
id String The Azure AD-assigned unique identifier of the customer. Read-only. Inherited from entity.
tenantId String The Azure AD-assigned tenant ID of the customer. Read-only.

delegatedAdminRelationship

Property Type Description
accessDetails delegatedAdminAccessDetails The access details containing the identifiers of the administrative roles that the partner admin is requesting in the customer tenant.
activatedDateTime DateTimeOffset The date and time in ISO 8601 format and in UTC time when the relationship became active. Read-only.
createdDateTime DateTimeOffset The date and time in ISO 8601 format and in UTC time when the relationship was created. Read-only.
customer delegatedAdminRelationshipCustomerParticipant The display name and unique identifier of the customer of the relationship. This is configured either by the partner at the time the relationship is created or by the system after the customer approves the relationship. Cannot be changed by the customer.
displayName String The display name of the relationship used for ease of identification. Must be unique across all delegated admin relationships of the partner. This is set by the partner only when the relationship is in the created status and cannot be changed by the customer.
duration Duration The duration of the relationship in ISO 8601 format. Must be a value between P1D and P2Y inclusive. This is set by the partner only when the relationship is in the created status and cannot be changed by the customer.
endDateTime DateTimeOffset The date and time in ISO 8601 format and in UTC time when the status of relationship changes to either terminated or expired. Calculated as endDateTime = activatedDateTime + duration. Read-only.
id String The unique identifier of the relationship. Read-only. Inherited from entity.
lastModifiedDateTime DateTimeOffset The date and time in ISO 8601 format and in UTC time when the relationship was last modified. Read-only.
status delegatedAdminRelationshipStatus The status of the relationship. Read Only. The possible values are: activating, active, approvalPending, approved, created, expired, expiring, terminated, terminating, terminationRequested, unknownFutureValue. Supports $orderBy.

delegatedAdminRelationshipCustomerParticipant

Property Type Description
displayName String The display name of the customer tenant as set by Azure AD. Read only
tenantId String The Azure AD-assigned tenant ID of the customer tenant.

delegatedAdminRelationshipOperation

Property Type Description
createdDateTime DateTimeOffset The time in ISO 8601 format and in UTC time when the long-running operation was created. Read-only.
data String The data (payload) for the operation. Read-only.
id String The unique identifier of the delegated admin long-running operation. Read-only. Inherited from entity.
lastModifiedDateTime DateTimeOffset The time in ISO 8601 format and in UTC time when the long-running operation was last modified. Read-only.
operationType delegatedAdminRelationshipOperationType The type of long-running operation. The possible values are: delegatedAdminAccessAssignmentUpdate, unknownFutureValue. Read-only.
status longRunningOperationStatus The status of the operation. Read-only. The possible values are: notStarted, running, succeeded, failed, unknownFutureValue. Read-only. Supports $orderBy.

delegatedAdminRelationshipRequest

Property Type Description
action delegatedAdminRelationshipRequestAction The action to be performed on the delegated admin relationship.
createdDateTime DateTimeOffset The date and time in ISO 8601 format and in UTC time when the relationship request was created. Read-only.
id String The unique identifier of the relationship request. Read-only. Inherited from entity.
lastModifiedDateTime DateTimeOffset The date and time in ISO 8601 format and UTC time when this relationship request was last modified. Read-only.
status delegatedAdminRelationshipRequestStatus The status of the request. Read-only. The possible values are: created, pending, succeeded, failed, unknownFutureValue.
In This Article
Back to top Created by merill | Submit feedback