RoleEligibilitySchedule.Read.Directory
Allows the app to read the eligible role-based access control (RBAC) assignments for your company's directory, on behalf of the signed-in user. This includes reading directory role templates, and directory roles.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
Delegate Permission
|
|
| Id |
eb0788c2-6d4e-4658-8c9e-c0fb8053f03d |
| Consent Type |
Admin |
| Display String |
Read all eligible role assignments for your company's directory |
| Description |
Allows the app to read the eligible role-based access control (RBAC) assignments for your company's directory, on behalf of the signed-in user. This includes reading directory role templates, and directory roles. |
Resources
| Property |
Type |
Description |
| appScopeId |
String |
Identifier of the app-specific scope when the role eligibility is scoped to an app. The scope of a role eligibility determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use / for tenant-wide app scopes. Use directoryScopeId to limit the scope to particular directory objects, for example, administrative units. Inherited from unifiedRoleScheduleBase. Supports $filter (eq, ne, and on null values). |
| createdDateTime |
DateTimeOffset |
When the schedule was created. Inherited from unifiedRoleScheduleBase. |
| createdUsing |
String |
Identifier of the object through which this schedule was created. Inherited from unifiedRoleScheduleBase. Supports $filter (eq, ne, and on null values). |
| directoryScopeId |
String |
Identifier of the directory object representing the scope of the role eligibility. The scope of a role eligibility determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. Use appScopeId to limit the scope to an application only. Inherited from unifiedRoleScheduleBase. Supports $filter (eq, ne, and on null values). |
| id |
String |
The unique identifier for the schedule object. Inherited from entity. Supports $filter (eq). |
| memberType |
String |
How the role eligibility is inherited. It can either be Inherited, Direct, or Group. It can further imply whether the unifiedRoleEligibilitySchedule can be managed by the caller. Supports $filter (eq, ne). |
| modifiedDateTime |
DateTimeOffset |
When the schedule was last modified. Inherited from unifiedRoleScheduleBase. |
| principalId |
String |
Identifier of the principal that is eligible for a role.Inherited from unifiedRoleScheduleBase. Supports $filter (eq, ne). |
| roleDefinitionId |
String |
Identifier of the unifiedRoleDefinition object that a principal is eligible for. Inherited from unifiedRoleScheduleBase. |
| scheduleInfo |
requestSchedule |
The period of the role eligibility. |
| status |
String |
The status of the role eligibility request. Inherited from unifiedRoleScheduleBase. The possible values are: Canceled, Denied, Failed, Granted, PendingAdminDecision, PendingApproval, PendingProvisioning, PendingScheduleCreation, Provisioned, Revoked, and ScheduleCreated. Not nullable. Supports $filter (eq, ne). |
| Property |
Type |
Description |
| appScopeId |
String |
Identifier of the app-specific scope when the role eligibility is scoped to an app. The scope of the role eligibility determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use / for tenant-wide app scopes. Use directoryScopeId to limit the scope to particular directory objects, for example, administrative units. Inherited from unifiedRoleScheduleInstanceBase. Supports $filter (eq, ne, and on null values). |
| directoryScopeId |
String |
Identifier of the directory object representing the scope of the role eligibility. The scope of the role eligibility determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. Use appScopeId to limit the scope to an application only. Inherited from unifiedRoleScheduleInstanceBase. Supports $filter (eq, ne, and on null values). |
| endDateTime |
DateTimeOffset |
The end date of the schedule instance. |
| id |
String |
The unique identifier for the schedule object. Inherited from entity. |
| memberType |
String |
How the role eligibility is inherited. It can either be Inherited, Direct, or Group. It can further imply whether the unifiedRoleEligibilitySchedule can be managed by the caller. Supports $filter (eq, ne). |
| principalId |
String |
Identifier of the principal that's eligible for a role. Inherited from unifiedRoleScheduleInstanceBase. Supports $filter (eq, ne). |
| roleDefinitionId |
String |
Identifier of the unifiedRoleDefinition object that the principal is eligible for. Inherited from unifiedRoleScheduleInstanceBase. Supports $filter (eq, ne). |
| roleEligibilityScheduleId |
String |
The identifier of the unifiedRoleEligibilitySchedule object from which this instance was created. Supports $filter (eq, ne). |
| startDateTime |
DateTimeOffset |
When this instance starts. |
| Property |
Type |
Description |
| action |
unifiedRoleScheduleRequestActions |
Represents the type of operation on the role eligibility request. The possible values are: adminAssign, adminUpdate, adminRemove, selfActivate, selfDeactivate, adminExtend, adminRenew, selfExtend, selfRenew, unknownFutureValue.
adminAssign: For administrators to assign eligible roles to principals.adminRemove: For administrators to remove eligible roles from principals.-
adminUpdate: For administrators to change existing role eligibilities. adminExtend: For administrators to extend expiring role eligibilities.adminRenew: For administrators to renew expired eligibilities.selfActivate: For users to activate their assignments.selfDeactivate: For users to deactivate their active assignments.selfExtend: For users to request to extend their expiring assignments.selfRenew: For users to request to renew their expired assignments.
|
| approvalId |
String |
The identifier of the approval of the request. Inherited from request. |
| appScopeId |
String |
Identifier of the app-specific scope when the role eligibility is scoped to an app. The scope of a role eligibility determines the set of resources for which the principal is eligible to access. App scopes are scopes that are defined and understood by this application only. Use / for tenant-wide app scopes. Use directoryScopeId to limit the scope to particular directory objects, for example, administrative units. Supports $filter (eq, ne, and on null values). |
| completedDateTime |
DateTimeOffset |
The request completion date time. Inherited from request. |
| createdBy |
identitySet |
The principal that created this request. Inherited from request. |
| createdDateTime |
DateTimeOffset |
The request creation date time. Inherited from request. |
| customData |
String |
Free text field to define any custom data for the request. Not used. Inherited from request. |
| directoryScopeId |
String |
Identifier of the directory object representing the scope of the role eligibility. The scope of a role eligibility determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. Use appScopeId to limit the scope to an application only. Supports $filter (eq, ne, and on null values). |
| id |
String |
The unique identifier for the unifiedRoleEligibilityScheduleRequest object. Key, not nullable, Read-only. Inherited from entity. |
| isValidationOnly |
Boolean |
Determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request. |
| justification |
String |
A message provided by users and administrators when create they create the unifiedRoleEligibilityScheduleRequest object. |
| principalId |
String |
Identifier of the principal that has been granted the role eligibility. Can be a user or a role-assignable group. You can grant only active assignments service principals.Supports $filter (eq, ne). |
| roleDefinitionId |
String |
Identifier of the unifiedRoleDefinition object that is being assigned to the principal. Supports $filter (eq, ne). |
| scheduleInfo |
requestSchedule |
The period of the role eligibility. Recurring schedules are currently unsupported. |
| status |
String |
The status of the role eligibility request. Inherited from request. Read-only. Supports $filter (eq, ne). |
| targetScheduleId |
String |
Identifier of the schedule object that's linked to the eligibility request. Supports $filter (eq, ne). |
| ticketInfo |
ticketInfo |
Ticket details linked to the role eligibility request including details of the ticket number and ticket system. Optional. |