Activate directoryRole

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported.

Activate a directory role. To read a directory role or update its members, it must first be activated in the tenant. Only the Company Administrators and the implicit Users directory roles are activated by default. To access and assign members to another directory role, you must first activate it with its corresponding directory role template (directoryRoleTemplate).

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) Directory.ReadWrite.All, Directory.AccessAsUser.All
Delegated (personal Microsoft account) Not supported.
Application Directory.ReadWrite.All

HTTP request

POST /directoryRoles

Request headers

Name Type Description
Authorization string Bearer {token}. Required.

Request body

In the request body, supply a JSON representation of directoryRole object.

The following table shows the properties that are required when you activate a directory role.

Required parameter Type Description
roleTemplateId string The ID of the directoryRoleTemplate that the role is based on. This is the only property that may be specified in the request.

Response

If successful, this method returns 201 Created response code and directoryRole object in the response body.

Example

Request

Here is an example of the request.

POST https://graph.microsoft.com/beta/directoryRoles
Content-type: application/json
Content-length: 153

{
  "description": "description-value",
  "displayName": "displayName-value",
  "roleTemplateId": "roleTemplateId-value"
}

In the request body, supply a JSON representation of directoryRole object.

Response

Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-type: application/json
Content-length: 175

{
  "description": "description-value",
  "displayName": "displayName-value",
  "roleTemplateId": "roleTemplateId-value",
  "id": "id-value"
}

SDK sample code


GraphServiceClient graphClient = new GraphServiceClient( authProvider );

var directoryRole = new DirectoryRole
{
	Description = "description-value",
	DisplayName = "displayName-value",
	RoleTemplateId = "roleTemplateId-value"
};

await graphClient.DirectoryRoles
	.Request()
	.AddAsync(directoryRole);

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.