Activate directoryRole


APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported.

Activate a directory role. To read a directory role or update its members, it must first be activated in the tenant. Only the Company Administrators and the implicit Users directory roles are activated by default. To access and assign members to another directory role, you must first activate it with its corresponding directory role template (directoryRoleTemplate).


One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) Directory.ReadWrite.All, Directory.AccessAsUser.All
Delegated (personal Microsoft account) Not supported.
Application Directory.ReadWrite.All

HTTP request

POST /directoryRoles

Request headers

Name Type Description
Authorization string Bearer {token}. Required.

Request body

In the request body, supply a JSON representation of directoryRole object.

The following table shows the properties that are required when you activate a directory role.

Required parameter Type Description
roleTemplateId string The ID of the directoryRoleTemplate that the role is based on. This is the only property that may be specified in the request.


If successful, this method returns 201 Created response code and directoryRole object in the response body.



Here is an example of the request.

Content-type: application/json
Content-length: 153

  "description": "description-value",
  "displayName": "displayName-value",
  "roleTemplateId": "roleTemplateId-value"

In the request body, supply a JSON representation of directoryRole object.


Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-type: application/json
Content-length: 175

  "description": "description-value",
  "displayName": "displayName-value",
  "roleTemplateId": "roleTemplateId-value",
  "id": "id-value"

SDK sample code

GraphServiceClient graphClient = new GraphServiceClient( authProvider );

var directoryRole = new DirectoryRole
	Description = "description-value",
	DisplayName = "displayName-value",
	RoleTemplateId = "roleTemplateId-value"

await graphClient.DirectoryRoles

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.