roleAssignment resource type

Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.

The Role Assignment resource. Role assignments tie together a role definition with members and scopes. There can be one or more role assignments per role. This applies to custom and built-in roles.

Methods

Method Return Type Description
List roleAssignments roleAssignment collection List properties and relationships of the roleAssignment objects.
Get roleAssignment roleAssignment Read properties and relationships of the roleAssignment object.
Create roleAssignment roleAssignment Create a new roleAssignment object.
Delete roleAssignment None Deletes a roleAssignment.
Update roleAssignment roleAssignment Update the properties of a roleAssignment object.

Properties

Property Type Description
id String Key of the entity. This is read-only and automatically generated.
displayName String The display or friendly name of the role Assignment.
description String Description of the Role Assignment.
scopeMembers String collection List of ids of role scope member security groups. These are IDs from Azure Active Directory.
scopeType roleAssignmentScopeType Specifies the type of scope for a Role Assignment. Default type 'ResourceScope' allows assignment of ResourceScopes. For 'AllDevices', 'AllLicensedUsers', and 'AllDevicesAndLicensedUsers', the ResourceScopes property should be left empty. Possible values are: resourceScope, allDevices, allLicensedUsers, allDevicesAndLicensedUsers.
resourceScopes String collection List of ids of role scope member security groups. These are IDs from Azure Active Directory.

Relationships

Relationship Type Description
roleDefinition roleDefinition Role definition this assignment is part of.

JSON Representation

Here is a JSON representation of the resource.

{
  "@odata.type": "#microsoft.graph.roleAssignment",
  "id": "String (identifier)",
  "displayName": "String",
  "description": "String",
  "scopeMembers": [
    "String"
  ],
  "scopeType": "String",
  "resourceScopes": [
    "String"
  ]
}