roleAssignment resource type

Note: Using the Microsoft Graph APIs to configure Intune controls and policies still requires that the Intune service is correctly licensed by the customer.

The Role Assignment resource. Role assignments tie together a role definition with members and scopes. There can be one or more role assignments per role. This applies to custom and built-in roles.


Method Return Type Description
List roleAssignments roleAssignment collection List properties and relationships of the roleAssignment objects.
Get roleAssignment roleAssignment Read properties and relationships of the roleAssignment object.
Create roleAssignment roleAssignment Create a new roleAssignment object.
Delete roleAssignment None Deletes a roleAssignment.
Update roleAssignment roleAssignment Update the properties of a roleAssignment object.


Property Type Description
id String Key of the entity. This is read-only and automatically generated.
displayName String The display or friendly name of the role Assignment.
description String Description of the Role Assignment.
resourceScopes String collection List of ids of role scope member security groups. These are IDs from Azure Active Directory.


Relationship Type Description
roleDefinition roleDefinition Role definition this assignment is part of.

JSON Representation

Here is a JSON representation of the resource.

  "@odata.type": "#microsoft.graph.roleAssignment",
  "id": "String (identifier)",
  "displayName": "String",
  "description": "String",
  "resourceScopes": [