Privileged Identity Management - Azure resources

Namespace: microsoft.graph


APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

You can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) for Azure resources to set up just-in-time access workflow for your Azure infrastructure roles at a management group, subscription, resource group, and resource level. These include built-in roles like Owner and Contributor as well as custom RBAC roles.

Common use cases for PIM and Azure resources using a REST API

Use case Resource See also
Onboard a resource (subscriptions, resource group, resource etc.) for PIM management, list all the managed resources requester have access to, and retrieve relationships of a managed resource. governanceResource Role discovery and management
List all the roles for a resource or get details of a particular role in a specified resource. governanceRoleDefinition
Retrieve all role settings for a resource or make an update to a role setting governanceRoleSetting Configure role setting
List and export all role assignments for a resource. governanceRoleAssignment Export role assignments
Create or remove an eligible or active role assignment, activate/deactivate an eligible assignment, view a list of pending requests, approve or deny a pending request or cancel your own pending request. governanceRoleAssignmentRequest Role Assignment
Role activation
Approve requests