Add directory role member

Namespace: microsoft.graph

Create a new directory role member.

You can use both the object ID and template ID of the directoryRole with this API. The template ID of a built-in role is immutable and can be seen in the role description on the Azure portal. For details, see Role template IDs.

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) RoleManagement.ReadWrite.Directory, Directory.AccessAsUser.All
Delegated (personal Microsoft account) Not supported.
Application RoleManagement.ReadWrite.Directory

HTTP request

POST /directoryRoles/{role-id}/members/$ref
POST /directoryRoles/roleTemplateId={roleTemplateId}/members/$ref

Request headers

Name Type Description
Authorization string Bearer {token}. Required.
Content-Type string application/json. Required.

Request body

In the request body, supply a JSON representation of a directoryObject or user object to be added.

Response

If successful, this method returns 204 No Content response code.

Examples

Example 1: Add a new member to a directory role using role id

In this request, replace fe8f10bf-c9c2-47eb-95cb-c26cc85f1830 with the id value for the directory role you wish to assign to the user or directory object. Replace 15c1a2d5-9101-44b2-83ab-885db8a647ca with the id value of your user or directory object.

Request
POST https://graph.microsoft.com/v1.0/directoryRoles/fe8f10bf-c9c2-47eb-95cb-c26cc85f1830/members/$ref
Content-type: application/json

{
  "@odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/15c1a2d5-9101-44b2-83ab-885db8a647ca"
}
Response

Note: The response object shown here might be shortened for readability.

HTTP/1.1 204 No Content
Content-type: text/plain

Example 2: Add a new member to a directory role using roleTemplateId

In this request, replace 88d8e3e3-8f55-4a1e-953a-9b9898b8876b with the value of the roleTemplateId for the directory role you wish to assign to the user or directory object. Replace bb165b45-151c-4cf6-9911-cd7188912848 with the id value of your user or directory object.

Request
POST https://graph.microsoft.com/v1.0/directoryRoles/roleTemplateId=88d8e3e3-8f55-4a1e-953a-9b9898b8876b/members/$ref
Content-type: application/json

{
  "@odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/bb165b45-151c-4cf6-9911-cd7188912848"
}
Response

Note: The response object shown here might be shortened for readability.

HTTP/1.1 204 No Content