DeviceManagementRBAC.Read.All
Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
Ver |
Type |
Method |
V1 |
A,D |
GET /deviceManagement |
V1 |
A,D |
GET /deviceManagement/getAssignedRoleDetails |
V1 |
|
GET /deviceManagement/getAssignedRoleIdsForLoggedInUser |
V1 |
A,D |
GET /deviceManagement/getEffectivePermissions |
V1 |
|
GET /deviceManagement/getRoleScopeTagsByIds |
V1 |
|
GET /deviceManagement/getRoleScopeTagsByResource |
V1 |
A,D |
GET /deviceManagement/operationApprovalPolicies |
V1 |
A,D |
GET /deviceManagement/operationApprovalPolicies/{operationApprovalPolicyId} |
V1 |
A,D |
GET /deviceManagement/operationApprovalPolicies/getApprovableOperations |
V1 |
A,D |
GET /deviceManagement/operationApprovalPolicies/getOperationsAllowedApproval |
V1 |
A,D |
GET /deviceManagement/operationApprovalPolicies/getOperationsRequiringApproval |
V1 |
A,D |
GET /deviceManagement/operationApprovalRequests |
V1 |
A,D |
GET /deviceManagement/operationApprovalRequests/{operationApprovalRequestId} |
V1 |
A,D |
GET /deviceManagement/operationApprovalRequests/getMyRequestById |
V1 |
A,D |
GET /deviceManagement/operationApprovalRequests/getMyRequests |
V1 |
A,D |
GET /deviceManagement/resourceOperations |
V1 |
A,D |
GET /deviceManagement/resourceOperations/{resourceOperationId} |
V1 |
A,D |
GET /deviceManagement/resourceOperations/{resourceOperationId}/getScopesForUser |
V1 |
A,D |
GET /deviceManagement/roleAssignments |
V1 |
A,D |
GET /deviceManagement/roleAssignments/{deviceAndAppManagementRoleAssignmentId} |
V1 |
A,D |
GET /deviceManagement/roleDefinitions |
V1 |
A,D |
GET /deviceManagement/roleDefinitions/{roleDefinitionId} |
V1 |
A,D |
GET /deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments |
V1 |
A,D |
GET /deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments/{roleAssignmentId} |
V1 |
A,D |
GET /deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments/{roleAssignmentId}/microsoft.graph.deviceAndAppManagementRoleAssignment/roleScopeTags |
V1 |
A,D |
GET /deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments/{roleAssignmentId}/microsoft.graph.deviceAndAppManagementRoleAssignment/roleScopeTags/{roleScopeTagId} |
V1 |
A,D |
GET /deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments/{roleAssignmentId}/microsoft.graph.deviceAndAppManagementRoleAssignment/roleScopeTags/{roleScopeTagId}/assignments |
V1 |
A,D |
GET /deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments/{roleAssignmentId}/microsoft.graph.deviceAndAppManagementRoleAssignment/roleScopeTags/{roleScopeTagId}/assignments/{roleScopeTagAutoAssignmentId} |
V1 |
A,D |
GET /deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments/{roleAssignmentId}/microsoft.graph.deviceAndAppManagementRoleAssignment/roleScopeTags/hasCustomRoleScopeTag |
V1 |
A,D |
GET /deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments/{roleAssignmentId}/roleDefinition |
V1 |
A,D |
GET /deviceManagement/roleScopeTags |
V1 |
A,D |
GET /deviceManagement/roleScopeTags/{roleScopeTagId} |
V1 |
A,D |
GET /deviceManagement/roleScopeTags/hasCustomRoleScopeTag |
V1 |
A,D |
GET /deviceManagement/scopedForResource |
V1 |
A,D |
GET /roleManagement |
V1 |
A,D |
GET /roleManagement/cloudPC/roleDefinitions |
V1 |
A,D |
GET /roleManagement/cloudPC/roleDefinitions/{id} |
V1 |
A,D |
GET /roleManagement/deviceManagement |
V1 |
A,D |
POST /deviceManagement/operationApprovalRequests/{operationApprovalRequestId}/approve |
V1 |
A,D |
POST /deviceManagement/operationApprovalRequests/{operationApprovalRequestId}/cancelApproval |
V1 |
A,D |
POST /deviceManagement/operationApprovalRequests/{operationApprovalRequestId}/reject |
V1 |
A,D |
POST /deviceManagement/operationApprovalRequests/cancelMyRequest |
V1 |
A,D |
POST /deviceManagement/operationApprovalRequests/getRequestStatus |
V1 |
A,D |
POST /deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments/{roleAssignmentId}/microsoft.graph.deviceAndAppManagementRoleAssignment/roleScopeTags/getRoleScopeTagsById |
V1 |
A,D |
POST /deviceManagement/roleScopeTags/getRoleScopeTagsById |
Delegate Permission
|
|
Id |
49f0cc30-024c-4dfd-ab3e-82e137ee5431 |
Consent Type |
Admin |
Display String |
Read Microsoft Intune RBAC settings |
Description |
Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings. |
Application Permission
|
|
Id |
58ca0d9a-1575-47e1-a3cb-007ef2e4583b |
Display String |
Read Microsoft Intune RBAC settings |
Description |
Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings, without a signed-in user. |
Resources
Property |
Type |
Description |
roleDefinitionIds |
String collection |
Role Definition IDs for the specifc Role Definitions assigned to a user. This property is read-only. |
roleAssignmentIds |
String collection |
Role Assignment IDs for the specifc Role Assignments assigned to a user. This property is read-only. |
Property |
Type |
Description |
id |
String |
Key of the entity. This is read-only and automatically generated. Inherited from roleAssignment |
displayName |
String |
The display or friendly name of the role Assignment. Inherited from roleAssignment |
description |
String |
Description of the Role Assignment. Inherited from roleAssignment |
resourceScopes |
String collection |
List of ids of role scope member security groups. These are IDs from Azure Active Directory. Inherited from roleAssignment |
members |
String collection |
The list of ids of role member security groups. These are IDs from Azure Active Directory. |
Property |
Type |
Description |
id |
String |
Key of the entity. This is read-only and automatically generated. Inherited from roleDefinition |
displayName |
String |
Display Name of the Role definition. Inherited from roleDefinition |
description |
String |
Description of the Role definition. Inherited from roleDefinition |
rolePermissions |
rolePermission collection |
List of Role Permissions this role is allowed to perform. These must match the actionName that is defined as part of the rolePermission. Inherited from roleDefinition |
isBuiltIn |
Boolean |
Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition. Inherited from roleDefinition |
Property |
Type |
Description |
id |
String |
Not yet documented |
Property |
Type |
Description |
id |
String |
The ID of the OperationApprovalPolicy. This property is read-only. |
displayName |
String |
The display name of this OperationApprovalPolicy |
description |
String |
The description of this OperationApprovalPolicy |
lastModifiedDateTime |
DateTimeOffset |
The last modified date and time of this OperationApprovalPolicy. This property is read-only. |
policyType |
operationApprovalPolicyType |
The policy type for this OperationApprovalPolicy. Possible values are: deviceActions , deviceWipe , deviceRetire , deviceRetireNonCompliant , deviceDelete , deviceLock , deviceErase , deviceDisableActivationLock , windowsEnrollment , compliancePolicies , configurationPolicies , appProtectionPolicies , policySets , filters , endpointSecurity , apps , scripts , roles , deviceResetPasscode , unknownFutureValue . |
approverGroupIds |
String collection |
The group IDs for the approvers for this OperationApprovalPolicy |
Property |
Type |
Description |
policyType |
operationApprovalPolicyType |
The policy type for this OperationApprovalPolicy. This property is read-only. Possible values are: deviceActions , deviceWipe , deviceRetire , deviceRetireNonCompliant , deviceDelete , deviceLock , deviceErase , deviceDisableActivationLock , windowsEnrollment , compliancePolicies , configurationPolicies , appProtectionPolicies , policySets , filters , endpointSecurity , apps , scripts , roles , deviceResetPasscode , unknownFutureValue . |
policyPlatform |
operationApprovalPolicyPlatform |
The applicable platform(s) for this OperationApprovalPolicy. This property is read-only. Possible values are: notApplicable , androidDeviceAdministrator , androidEnterprise , iOSiPadOS , macOS , windows10AndLater , windows81AndLater , windows10X . |
Property |
Type |
Description |
id |
String |
The ID of the Entity |
requestDateTime |
DateTimeOffset |
The DateTime of the request. This property is read-only. |
expirationDateTime |
DateTimeOffset |
The DateTime at which actions upon the request are no longer permitted. This property is read-only. |
lastModifiedDateTime |
DateTimeOffset |
Last modified DateTime. This property is read-only. |
requestor |
identitySet |
The identity of the requestor. This property is read-only. |
approver |
identitySet |
The identity of the approver. This property is read-only. |
status |
operationApprovalRequestStatus |
The current approval request status. This property is read-only. Possible values are: unknown , needsApproval , approved , rejected , cancelled , completed , expired , unknownFutureValue . |
requestJustification |
String |
The request justification. This property is read-only. |
approvalJustification |
String |
The justification for the approval of the request. This property is read-only. |
operationApprovalPolicies |
String |
The operational approval policies used in the request. This property is read-only. |
Property |
Type |
Description |
requestId |
String |
The ID of the OperationApprovalRequest for this Entity. This property is read-only. |
requestExpirationDateTime |
DateTimeOffset |
The DateTime at which actions upon the request are no longer permitted. This property is read-only. |
requestStatus |
operationApprovalRequestStatus |
The current approval request status. This property is read-only. Possible values are: unknown , needsApproval , approved , rejected , cancelled , completed , expired , unknownFutureValue . |
entityLocked |
Boolean |
The status of the Entity in regard to changes, whether further requests are allowed or the Entity is locked. This property is read-only. |
Property |
Type |
Description |
id |
String |
Not yet documented |
Property |
Type |
Description |
id |
String |
Key of the Resource Operation. Read-only, automatically generated. |
resourceName |
String |
Name of the Resource this operation is performed on. |
actionName |
String |
Type of action this operation is going to perform. The actionName should be concise and limited to as few words as possible. |
description |
String |
Description of the resource operation. The description is used in mouse-over text for the operation when shown in the Azure Portal. |
Property |
Type |
Description |
id |
String |
Key of the entity. This is read-only and automatically generated. |
displayName |
String |
The display or friendly name of the role Assignment. |
description |
String |
Description of the Role Assignment. |
resourceScopes |
String collection |
List of ids of role scope member security groups. These are IDs from Azure Active Directory. |
Property |
Type |
Description |
id |
String |
Key of the entity. This is read-only and automatically generated. |
displayName |
String |
Display Name of the Role definition. |
description |
String |
Description of the Role definition. |
rolePermissions |
rolePermission collection |
List of Role Permissions this role is allowed to perform. These must match the actionName that is defined as part of the rolePermission. |
isBuiltIn |
Boolean |
Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition. |
Property |
Type |
Description |
id |
String |
Not yet documented |
Property |
Type |
Description |
resourceActions |
resourceAction collection |
Resource Actions each containing a set of allowed and not allowed permissions. |
Property |
Type |
Description |
id |
String |
Key of the entity. This is read-only and automatically generated. This property is read-only. |
displayName |
String |
The display or friendly name of the Role Scope Tag. |
description |
String |
Description of the Role Scope Tag. |
isBuiltIn |
Boolean |
Description of the Role Scope Tag. This property is read-only. |
Property |
Type |
Description |
id |
String |
Key of the entity. This property is read-only. |
target |
deviceAndAppManagementAssignmentTarget |
The auto-assignment target for the specific Role Scope Tag. |
Property |
Type |
Description |
description |
String |
The description for the unifiedRoleDefinition. Read-only when isBuiltIn is true . |
displayName |
String |
The display name for the unifiedRoleDefinition. Read-only when isBuiltIn is true . Required. Supports $filter (eq , in ). |
id |
String |
The unique identifier for the role definition. Key, not nullable, Read-only. Inherited from entity. Supports $filter (eq , in ). |
isBuiltIn |
Boolean |
Flag indicating whether the role definition is part of the default set included in Microsoft Entra or a custom definition. Read-only. Supports $filter (eq , in ). |
isEnabled |
Boolean |
Flag indicating whether the role is enabled for assignment. If false the role is not available for assignment. Read-only when isBuiltIn is true. |
resourceScopes |
String collection |
List of the scopes or permissions the role definition applies to. Currently only / is supported. Read-only when isBuiltIn is true. DO NOT USE. This will be deprecated soon. Attach scope to role assignment. |
rolePermissions |
unifiedRolePermission collection |
List of permissions included in the role. Read-only when isBuiltIn is true . Required. |
templateId |
String |
Custom template identifier that can be set when isBuiltIn is false but is read-only when isBuiltIn is true . This identifier is typically used if one needs an identifier to be the same across different directories. |
version |
String |
Indicates version of the role definition. Read-only when **i |