Select Activate.
If the role requires approval to activate, a notification appears in the upper right corner of your browser informing you the request is pending approval.
Activate a role using Microsoft Graph API
For more information about Microsoft Graph APIs for PIM, see Overview of role management through the privileged identity management (PIM) API.
Get all eligible roles that you can activate
When a user gets their role eligibility via group membership, this Microsoft Graph request doesn't return their eligibility.
HTTP request
GET https://graph.microsoft.com/v1.0/roleManagement/directory/roleEligibilityScheduleRequests/filterByCurrentUser(on='principal')
HTTP response
To save space we're showing only the response for one role, but all eligible role assignments that you can activate will be listed.
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(unifiedRoleEligibilityScheduleRequest)",
"value": [
{
"@odata.type": "#microsoft.graph.unifiedRoleEligibilityScheduleRequest",
"id": "50d34326-f243-4540-8bb5-2af6692aafd0",
"status": "Provisioned",
"createdDateTime": "2022-04-12T18:26:08.843Z",
"completedDateTime": "2022-04-12T18:26:08.89Z",
"approvalId": null,
"customData": null,
"action": "adminAssign",
"principalId": "3fbd929d-8c56-4462-851e-0eb9a7b3a2a5",
"roleDefinitionId": "8424c6f0-a189-499e-bbd0-26c1753c96d4",
"directoryScopeId": "/",
"appScopeId": null,
"isValidationOnly": false,
"targetScheduleId": "50d34326-f243-4540-8bb5-2af6692aafd0",
"justification": "Assign Attribute Assignment Admin eligibility to myself",
"createdBy": {
"application": null,
"device": null,
"user": {
"displayName": null,
"id": "3fbd929d-8c56-4462-851e-0eb9a7b3a2a5"
}
},
"scheduleInfo": {
"startDateTime": "2022-04-12T18:26:08.8911834Z",
"recurrence": null,
"expiration": {
"type": "afterDateTime",
"endDateTime": "2024-04-10T00:00:00Z",
"duration": null
}
},
"ticketInfo": {
"ticketNumber": null,
"ticketSystem": null
}
}
]
}
Self-activate a role eligibility with justification
HTTP request
POST https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignmentScheduleRequests
{
"action": "selfActivate",
"principalId": "071cc716-8147-4397-a5ba-b2105951cc0b",
"roleDefinitionId": "8424c6f0-a189-499e-bbd0-26c1753c96d4",
"directoryScopeId": "/",
"justification": "I need access to the Attribute Administrator role to manage attributes to be assigned to restricted AUs",
"scheduleInfo": {
"startDateTime": "2022-04-14T00:00:00.000Z",
"expiration": {
"type": "AfterDuration",
"duration": "PT5H"
}
},
"ticketInfo": {
"ticketNumber": "CONTOSO:Normal-67890",
"ticketSystem": "MS Project"
}
}
HTTP response
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#roleManagement/directory/roleAssignmentScheduleRequests/$entity",
"id": "911bab8a-6912-4de2-9dc0-2648ede7dd6d",
"status": "Granted",
"createdDateTime": "2022-04-13T08:52:32.6485851Z",
"completedDateTime": "2022-04-14T00:00:00Z",
"approvalId": null,
"customData": null,
"action": "selfActivate",
"principalId": "071cc716-8147-4397-a5ba-b2105951cc0b",
"roleDefinitionId": "8424c6f0-a189-499e-bbd0-26c1753c96d4",
"directoryScopeId": "/",
"appScopeId": null,
"isValidationOnly": false,
"targetScheduleId": "911bab8a-6912-4de2-9dc0-2648ede7dd6d",
"justification": "I need access to the Attribute Administrator role to manage attributes to be assigned to restricted AUs",
"createdBy": {
"application": null,
"device": null,
"user": {
"displayName": null,
"id": "071cc716-8147-4397-a5ba-b2105951cc0b"
}
},
"scheduleInfo": {
"startDateTime": "2022-04-14T00:00:00Z",
"recurrence": null,
"expiration": {
"type": "afterDuration",
"endDateTime": null,
"duration": "PT5H"
}
},
"ticketInfo": {
"ticketNumber": "CONTOSO:Normal-67890",
"ticketSystem": "MS Project"
}
}