Privileged Identity Management - Azure resources
APIs under the
/beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
You can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) for Azure resources to set up just-in-time access workflow for your Azure infrastructure roles at a management group, subscription, resource group, and resource level. These include built-in roles like Owner and Contributor as well as custom RBAC roles.
Common use cases for PIM and Azure resources using a REST API
|Use case||Resource||See also|
|Onboard a resource (subscriptions, resource group, resource etc.) for PIM management, list all the managed resources requester have access to, and retrieve relationships of a managed resource.||governanceResource||Role discovery and management|
|List all the roles for a resource or get details of a particular role in a specified resource.||governanceRoleDefinition|
|Retrieve all role settings for a resource or make an update to a role setting||governanceRoleSetting||Configure role setting|
|List and export all role assignments for a resource.||governanceRoleAssignment||Export role assignments|
|Create or remove an eligible or active role assignment, activate/deactivate an eligible assignment, view a list of pending requests, approve or deny a pending request or cancel your own pending request.||governanceRoleAssignmentRequest||Role Assignment