RoleManagementPolicy.Read.AzureADGroup
Allows the app to read policies in Privileged Identity Management for Groups, on behalf of the signed-in user.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
Delegate Permission
|
|
| Id |
7e26fdff-9cb1-4e56-bede-211fe0e420e8 |
| Consent Type |
Admin |
| Display String |
Read all policies in PIM for Groups |
| Description |
Allows the app to read policies in Privileged Identity Management for Groups, on behalf of the signed-in user. |
Application Permission
|
|
| Id |
69e67828-780e-47fd-b28c-7b27d14864e6 |
| Display String |
Read all policies in PIM for Groups |
| Description |
Allows the app to read policies in Privileged Identity Management for Groups, without a signed-in user. |
Resources
| Property |
Type |
Description |
| description |
String |
Description for the policy. |
| displayName |
String |
Display name for the policy. |
| id |
String |
Unique identifier for the policy. |
| isOrganizationDefault |
Boolean |
This can only be set to true for a single tenant-wide policy which will apply to all scopes and roles. Set the scopeId to / and scopeType to Directory. Supports $filter (eq, ne). |
| lastModifiedBy |
identity |
The identity who last modified the role setting. |
| lastModifiedDateTime |
DateTimeOffset |
The time when the role setting was last modified. |
| scopeId |
String |
The identifier of the scope where the policy is created. Can be / for the tenant or a group ID. Required. |
| scopeType |
String |
The type of the scope where the policy is created. One of Directory, DirectoryRole. Required. |
| Property |
Type |
Description |
| id |
String |
Identifier for the rule. Inherited from entity. |
| setting |
approvalSettings |
The settings for approval of the role assignment. |
| target |
unifiedRoleManagementPolicyRuleTarget |
Defines details of the scope that's targeted by the approval rule. The details can include the principal type, the role assignment type, and actions affecting a role. Inherited from unifiedRoleManagementPolicyRule. Supports $filter (eq, ne). |
| Property |
Type |
Description |
| id |
String |
Unique identifier for the policy assignment. The ID is typically a concatenation of the unifiedRoleManagementPolicy ID and the roleDefinitionId separated by an underscore. |
| policyId |
String |
The id of the policy. Inherited from entity. |
| roleDefinitionId |
String |
The identifier of the role definition object where the policy applies. If not specified, the policy applies to all roles. Supports $filter (eq). |
| scopeId |
String |
The identifier of the scope where the policy is assigned. Can be / for the tenant or a group ID. Required. |
| scopeType |
String |
The type of the scope where the policy is assigned. One of Directory, DirectoryRole. Required. |
| Property |
Type |
Description |
| claimValue |
String |
The value of the authentication context claim. |
| id |
String |
Identifier for the rule. Inherited from entity. |
| isEnabled |
Boolean |
Whether this rule is enabled. |
| target |
unifiedRoleManagementPolicyRuleTarget |
Defines details of the scope that's targeted by the enablement rule. The details can include the principal type, the role assignment type, and actions affecting a role. Inherited from unifiedRoleManagementPolicyRule. Supports $filter (eq, ne). |
| Property |
Type |
Description |
| enabledRules |
String collection |
The collection of rules that are enabled for this policy rule. For example, MultiFactorAuthentication, Ticketing, and Justification. |
| id |
String |
Identifier for the rule. Inherited from entity. |
| target |
unifiedRoleManagementPolicyRuleTarget |
Defines details of the scope that's targeted by the enablement rule. The details can include the principal type, the role assignment type, and actions affecting a role. Inherited from unifiedRoleManagementPolicyRule. Supports $filter (eq, ne). |
| Property |
Type |
Description |
| id |
String |
Identifier for the rule. Inherited from entity. |
| isExpirationRequired |
Boolean |
Indicates whether expiration is required or if it's a permanently active assignment or eligibility. |
| maximumDuration |
Duration |
The maximum duration allowed for eligibility or assignment which is not permanent. Required when isExpirationRequired is true. |
| target |
unifiedRoleManagementPolicyRuleTarget |
Defines details of the scope that's targeted by the expiration rule. The details can include the principal type, the role assignment type, and actions affecting a role. Inherited from unifiedRoleManagementPolicyRule. Supports $filter (eq, ne). |
| Property |
Type |
Description |
| id |
String |
Identifier for the rule. Inherited from entity. |
| isDefaultRecipientsEnabled |
Boolean |
Indicates whether a default recipient will receive the notification email. |
| notificationLevel |
String |
The level of notification. The possible values are None, Critical, All. |
| notificationRecipients |
String collection |
The list of recipients of the email notifications. |
| notificationType |
String |
The type of notification. Only Email is supported. |
| recipientType |
String |
The type of recipient of the notification. The possible values are Requestor, Approver, Admin. |
| target |
unifiedRoleManagementPolicyRuleTarget |
Defines details of the scope that's targeted by the notification rule. The details can include the principal type, the role assignment type, and actions affecting a role. Inherited from unifiedRoleManagementPolicyRule. Supports $filter (eq, ne). |
| Property |
Type |
Description |
| id |
String |
Identifier for the rule. Inherited from entity. Read-only. |
| target |
unifiedRoleManagementPolicyRuleTarget |
Defines details of scope that's targeted by role management policy rule. The details can include the principal type, the role assignment type, and actions affecting a role. Supports $filter (eq, ne). |