scopedRoleMembership resource type

Important: APIs under the /beta version in Microsoft Graph are in preview and are subject to change. Use of these APIs in production applications is not supported.

A scoped-role membership describes a user's membership of a directory role, that is further scoped to an Administrative Unit (AU). This provides a mechanism to allow a tenant-wide company adminsistrator to delegate administrative privileges to a user to manage users and groups in a subset of the organization (the subset being defined by an AU).

Methods

Direct queries to this resource are not supported. Please see the adminstrative units topic to see information on how to query for scoped-role memberships, as well as adding and removing scoped-role memberships.

Properties

Property Type Description
administrativeUnitId string Unique identifier for the administrative unit that the directory role is scoped to
id string Unique identifier for the scoped-role membership. Read-only.
roleId string Unique identifier for the directory role that the member is in.
roleMemberInfo identity Role member identity information. Represents the user that is a member of this scoped-role.

Relationships

None

JSON representation

Here is a JSON representation of the resource.

{
  "administrativeUnitId": "string",
  "id": "string (identifier)",
  "roleId": "string",
  "roleMemberInfo": {"@odata.type": "microsoft.graph.identity"}
}