Show / Hide Table of Contents

RoleAssignmentSchedule.Read.Directory

Allows the app to read the active role-based access control (RBAC) assignments for your company's directory, on behalf of the signed-in user. This includes reading directory role templates, and directory roles.

Graph Methods

Type: A = Application Permission, D = Delegate Permission

Ver Type Method
V1 D GET /roleManagement/directory/roleAssignmentScheduleInstances
V1 D GET /roleManagement/directory/roleAssignmentScheduleInstances/{unifiedRoleAssignmentScheduleInstanceId}
V1 D GET /roleManagement/directory/roleAssignmentScheduleInstances/{unifiedRoleAssignmentScheduleInstancesId}
V1 D GET /roleManagement/directory/roleAssignmentScheduleInstances/filterByCurrentUser(on='principal')
V1 D GET /roleManagement/directory/roleAssignmentScheduleInstances/filterByCurrentUser(on=parameterValue)
V1 D GET /roleManagement/directory/roleAssignmentScheduleRequests
V1 D GET /roleManagement/directory/roleAssignmentScheduleRequests/{unifiedRoleAssignmentScheduleRequestId}
V1 D GET /roleManagement/directory/roleAssignmentScheduleRequests/{unifiedRoleAssignmentScheduleRequestsId}
V1 D GET /roleManagement/directory/roleAssignmentScheduleRequests/filterByCurrentUser(on='parameterValue')
V1 D GET /roleManagement/directory/roleAssignmentScheduleRequests/filterByCurrentUser(on='principal')
V1 D GET /roleManagement/directory/roleAssignmentSchedules
V1 D GET /roleManagement/directory/roleAssignmentSchedules/{unifiedRoleAssignmentScheduleId}
V1 D GET /roleManagement/directory/roleAssignmentSchedules/{unifiedRoleAssignmentSchedulesId}
V1 D GET /roleManagement/directory/roleAssignmentSchedules/filterByCurrentUser(on='parameterValue')
V1 D GET /roleManagement/directory/roleAssignmentSchedules/filterByCurrentUser(on='principal')

Delegate Permission

Id 344a729c-0285-42c6-9014-f12b9b8d6129
Consent Type Admin
Display String Read all active role assignments for your company's directory
Description Allows the app to read the active role-based access control (RBAC) assignments for your company's directory, on behalf of the signed-in user. This includes reading directory role templates, and directory roles.

Resources

unifiedRoleAssignment

Property Type Description
appScopeId String Identifier of the app-specific scope when the assignment scope is app-specific. Either this property or directoryScopeId is required. App scopes are scopes that are defined and understood by this application only. Use / for tenant-wide app scopes. Use directoryScopeId to limit the scope to particular directory objects, for example, administrative units. Supports $filter (eq, in).
directoryScopeId String Identifier of the directory object representing the scope of the assignment. Either this property or appScopeId is required. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. Use appScopeId to limit the scope to an application only. Supports $filter (eq, in).
id String The unique identifier for the role assignment. Key, not nullable, Read-only. Inherited from entity.
roleDefinitionId String Identifier of the role definition the assignment is for. Read only. Supports $filter (eq, in).
principalId String Identifier of the principal to which the assignment is granted. Supports $filter (eq, in).

unifiedRoleAssignmentSchedule

Property Type Description
appScopeId String Identifier of the app-specific scope when the assignment is scoped to an app. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use / for tenant-wide app scopes. Use directoryScopeId to limit the scope to particular directory objects, for example, administrative units. Supports $filter (eq, ne, and on null values). Inherited from unifiedRoleScheduleBase.
assignmentType String Type of the assignment which can either be Assigned or Activated. Supports $filter (eq, ne).
createdDateTime DateTimeOffset When the schedule was created. Inherited from unifiedRoleScheduleBase.
createdUsing String Identifier of the unifiedRoleAssignmentScheduleRequest object through which this schedule was created. Nullable. Inherited from unifiedRoleScheduleBase. Supports $filter (eq, ne, and on null values).
directoryScopeId String Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. Use appScopeId to limit the scope to an application only. Supports $filter (eq, ne, and on null values). Inherited from unifiedRoleScheduleBase.
id String The unique identifier for the unifiedRoleAssignmentScheduleRequest object. Supports $filter (eq). Inherited from entity.
memberType String How the assignments is inherited. It can either be Inherited, Direct, or Group. It can further imply whether the unifiedRoleAssignmentSchedule can be managed by the caller. Supports $filter (eq, ne).
modifiedDateTime DateTimeOffset When the schedule was last modified. Inherited from unifiedRoleScheduleBase.
principalId String Identifier of the principal that has been granted the role assignment. Inherited from unifiedRoleScheduleBase. Supports $filter (eq, ne).
roleDefinitionId String Identifier of the unifiedRoleDefinition object that is being assigned to the principal. Inherited from unifiedRoleScheduleBase. Supports $filter (eq, ne).
scheduleInfo requestSchedule The period of the role assignment. It can represent a single occurrence or multiple recurrences.
status String The status of the **u

unifiedRoleAssignmentScheduleInstance

Property Type Description
appScopeId String Identifier of the app-specific scope when the assignment is scoped to an app. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use / for tenant-wide app scopes. Use directoryScopeId to limit the scope to particular directory objects, for example, administrative units. Supports $filter (eq, ne, and on null values). Inherited from unifiedRoleScheduleInstanceBase.
assignmentType String Type of the assignment which can either be Assigned or Activated. Supports $filter (eq, ne).
directoryScopeId String Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. Use appScopeId to limit the scope to an application only. Supports $filter (eq, ne, and on null values). Inherited from unifiedRoleScheduleInstanceBase.
endDateTime DateTimeOffset The end date of the schedule instance.
id String The unique identifier for the unifiedRoleAssignmentScheduleInstance object. Inherited from entity.
memberType String How the assignments is inherited. It can either be Inherited, Direct, or Group. It can further imply whether the unifiedRoleAssignmentSchedule can be managed by the caller. Supports $filter (eq, ne).
principalId String Identifier of the principal that has been granted the role assignment. Inherited from unifiedRoleScheduleInstanceBase. Supports $filter (eq, ne).
roleAssignmentOriginId String The identifier of the role assignment in Azure AD. Supports $filter (eq, ne).
roleAssignmentScheduleId String The identifier of the unifiedRoleAssignmentSchedule object from which this instance was created. Supports $filter (eq, ne).
roleDefinitionId String The identifier of the unifiedRoleDefinition object that is being assigned to the principal. Inherited from unifiedRoleScheduleInstanceBase. Supports $filter (eq, ne).
startDateTime DateTimeOffset When this instance starts.

unifiedRoleAssignmentScheduleRequest

Property Type Description
action String Represents the type of the operation on the role assignment request. The possible values are: adminAssign, adminUpdate, adminRemove, selfActivate, selfDeactivate, adminExtend, adminRenew, selfExtend, selfRenew, unknownFutureValue.
  • adminAssign: For administrators to assign roles to principals.
  • adminRemove: For administrators to remove principals from roles.
  • adminUpdate: For administrators to change existing role assignments.
  • adminExtend: For administrators to extend expiring assignments.
  • adminRenew: For administrators to renew expired assignments.
  • selfActivate: For principals to activate their assignments.
  • selfDeactivate: For principals to deactivate their active assignments.
  • selfExtend: For principals to request to extend their expiring assignments.
  • selfRenew: For principals to request to renew their expired assignments.
approvalId String The identifier of the approval of the request. Inherited from request.
appScopeId String Identifier of the app-specific scope when the assignment is scoped to an app. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use / for tenant-wide app scopes. Use directoryScopeId to limit the scope to particular directory objects, for example, administrative units. Supports $filter (eq, ne, and on null values).
completedDateTime DateTimeOffset The request completion date time. Inherited from request.
createdBy identitySet The principal that created this request. Inherited from request. Read-only. Supports $filter (eq, ne, and on null values).
createdDateTime DateTimeOffset The request creation date time. Inherited from request. Read-only.
customData String Free text field to define any custom data for the request. Not used. Inherited from request.
directoryScopeId String Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. Use appScopeId to limit the scope to an application only. Supports $filter (eq, ne, and on null values).
id String The unique identifier for the unifiedRoleAssignmentScheduleRequest object. Key, not nullable, Read-only. Inherited from entity. Supports $filter (eq, ne).
isValidationOnly Boolean Determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request.
justification String A message provided by users and administrators when create they create the unifiedRoleAssignmentScheduleRequest object.
principalId String Identifier of the principal that has been granted the assignment. Can be a user, role-assignable group, or a service principal. Supports $filter (eq, ne).
roleDefinitionId String Identifier of the unifiedRoleDefinition object that is being assigned to the principal. Supports $filter (eq, ne).
scheduleInfo requestSchedule The period of the role assignment. Recurring schedules are currently unsupported.
status String The status of the role assignment request. Inherited from request. Read-only. Supports $filter (eq, ne).
targetScheduleId String Identifier of the schedule object that's linked to the assignment request. Supports $filter (eq, ne).
ticketInfo ticketInfo Ticket details linked to the role assignment request including details of the ticket number and ticket system.
In This Article
Back to top Created by merill | Submit feedback