Create roleAssignment
Article
11/30/2023
11 contributors
Feedback
In this article
Namespace: microsoft.graph
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Create a new roleAssignment object.
This API is available in the following national cloud deployments .
Global service
US Government L4
US Government L5 (DOD)
China operated by 21Vianet
✅
✅
✅
✅
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions .
Permission type
Permissions (from least to most privileged)
Delegated (work or school account)
DeviceManagementRBAC.ReadWrite.All
Delegated (personal Microsoft account)
Not supported.
Application
DeviceManagementRBAC.ReadWrite.All
HTTP Request
POST /deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments
Request body
In the request body, supply a JSON representation for the roleAssignment object.
The following table shows the properties that are required when you create the roleAssignment.
Property
Type
Description
id
String
Key of the entity. This is read-only and automatically generated.
displayName
String
The display or friendly name of the role Assignment.
description
String
Description of the Role Assignment.
resourceScopes
String collection
List of ids of role scope member security groups. These are IDs from Azure Active Directory.
Response
If successful, this method returns a 201 Created
response code and a roleAssignment object in the response body.
Example
Request
Here is an example of the request.
POST https://graph.microsoft.com/v1.0/deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments
Content-type: application/json
Content-length: 193
{
"@odata.type": "#microsoft.graph.roleAssignment",
"displayName": "Display Name value",
"description": "Description value",
"resourceScopes": [
"Resource Scopes value"
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new RoleAssignment
{
OdataType = "#microsoft.graph.roleAssignment",
DisplayName = "Display Name value",
Description = "Description value",
ResourceScopes = new List<string>
{
"Resource Scopes value",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.DeviceManagement.RoleDefinitions["{roleDefinition-id}"].RoleAssignments.PostAsync(requestBody);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc device-management role-definitions role-assignments create --role-definition-id {roleDefinition-id} --body '{\
"@odata.type": "#microsoft.graph.roleAssignment",\
"displayName": "Display Name value",\
"description": "Description value",\
"resourceScopes": [\
"Resource Scopes value"\
]\
}\
'
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewRoleAssignment()
displayName := "Display Name value"
requestBody.SetDisplayName(&displayName)
description := "Description value"
requestBody.SetDescription(&description)
resourceScopes := []string {
"Resource Scopes value",
}
requestBody.SetResourceScopes(resourceScopes)
roleAssignments, err := graphClient.DeviceManagement().RoleDefinitions().ByRoleDefinitionId("roleDefinition-id").RoleAssignments().Post(context.Background(), requestBody, nil)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
RoleAssignment roleAssignment = new RoleAssignment();
roleAssignment.setOdataType("#microsoft.graph.roleAssignment");
roleAssignment.setDisplayName("Display Name value");
roleAssignment.setDescription("Description value");
LinkedList<String> resourceScopes = new LinkedList<String>();
resourceScopes.add("Resource Scopes value");
roleAssignment.setResourceScopes(resourceScopes);
RoleAssignment result = graphClient.deviceManagement().roleDefinitions().byRoleDefinitionId("{roleDefinition-id}").roleAssignments().post(roleAssignment);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
const options = {
authProvider,
};
const client = Client.init(options);
const roleAssignment = {
'@odata.type': '#microsoft.graph.roleAssignment',
displayName: 'Display Name value',
description: 'Description value',
resourceScopes: [
'Resource Scopes value'
]
};
await client.api('/deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments')
.post(roleAssignment);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\RoleAssignment;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new RoleAssignment();
$requestBody->setOdataType('#microsoft.graph.roleAssignment');
$requestBody->setDisplayName('Display Name value');
$requestBody->setDescription('Description value');
$requestBody->setResourceScopes(['Resource Scopes value', ]);
$result = $graphServiceClient->deviceManagement()->roleDefinitions()->byRoleDefinitionId('roleDefinition-id')->roleAssignments()->post($requestBody)->wait();
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
Import-Module Microsoft.Graph.DeviceManagement.Administration
$params = @{
"@odata.type" = "#microsoft.graph.roleAssignment"
displayName = "Display Name value"
description = "Description value"
resourceScopes = @(
"Resource Scopes value"
)
}
New-MgDeviceManagementRoleDefinitionRoleAssignment -RoleDefinitionId $roleDefinitionId -BodyParameter $params
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
from msgraph import GraphServiceClient
from msgraph.generated.models.role_assignment import RoleAssignment
graph_client = GraphServiceClient(credentials, scopes)
request_body = RoleAssignment(
odata_type = "#microsoft.graph.roleAssignment",
display_name = "Display Name value",
description = "Description value",
resource_scopes = [
"Resource Scopes value",
],
)
result = await graph_client.device_management.role_definitions.by_role_definition_id('roleDefinition-id').role_assignments.post(request_body)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
Response
Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 242
{
"@odata.type": "#microsoft.graph.roleAssignment",
"id": "b3234d24-4d24-b323-244d-23b3244d23b3",
"displayName": "Display Name value",
"description": "Description value",
"resourceScopes": [
"Resource Scopes value"
]
}