unifiedRoleAssignmentSchedule resource type

Namespace: microsoft.graph

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

Represents the schedule for an active role assignment through Azure AD Privileged Identity Management. A unifiedRoleAssignmentSchedule is created by a unifiedRoleAssignmentScheduleRequest and is used to instantiate a unifiedRoleAssignmentScheduleInstance. This resource supports list and get operations to retrieve the schedule for the purpose of viewing current and future assignments.

Inherits from unifiedRoleScheduleBase.

Methods

Method Return type Description
List unifiedRoleAssignmentSchedules unifiedRoleAssignmentSchedule collection Get a list of the unifiedRoleAssignmentSchedule objects and their properties.
Get unifiedRoleAssignmentSchedule unifiedRoleAssignmentSchedule Read the properties and relationships of an unifiedRoleAssignmentSchedule object.
filterByCurrentUser unifiedRoleAssignmentSchedule collection Get a list of the unifiedRoleAssignmentSchedule objects and their properties granted to a particular user.

Properties

Property Type Description
appScopeId String Identifier of the app-specific scope when the assignment scope is app-specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use / for tenant-wide app scopes. Use directoryScopeId to limit the scope to particular directory objects, for example, administrative units. Inherited from unifiedRoleScheduleBase
assignmentType String Type of the assignment. It can either be Assigned or Activated.
createdDateTime DateTimeOffset Time that the schedule was created. Inherited from unifiedRoleScheduleBase
createdUsing String ID of the roleAssignmentScheduleRequest that created this schedule. Inherited from unifiedRoleScheduleBase
directoryScopeId String Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. Use appScopeId to limit the scope to an application only. Inherited from unifiedRoleScheduleBase
id String The unique identifier for the unifiedRoleAssignmentSchedule. Key, not nullable, Read-only. Inherited from unifiedRoleScheduleBase
memberType String Membership type of the assignment. It can either be Inherited, Direct, or Group.
modifiedDateTime DateTimeOffset Last time the schedule was updated. Inherited from unifiedRoleScheduleBase
principalId String Objectid of the principal to which the assignment is being granted to. Can be a group or a user. Inherited from unifiedRoleScheduleBase.
Supports $filter (eq).
roleDefinitionId String ID of the unifiedRoleDefinition the assignment is for. Read only. Inherited from unifiedRoleScheduleBase.
Supports $filter (eq).
scheduleInfo requestSchedule The schedule object of the role assignment request.
status String Status for the roleAssignmentSchedule. It can include state related messages like Provisioned, Revoked, Pending Provisioning, and Pending Approval. Inherited from unifiedRoleScheduleBase.
Supports $filter (eq).

Relationships

Relationship Type Description
activatedUsing unifiedRoleEligibilitySchedule If the roleAssignmentSchedule is activated by a roleEligibilitySchedule, this is the link to that schedule.
activeInstance unifiedRoleScheduleInstanceBase Will be deprecated. Inherited from unifiedRoleScheduleBase
appScope appScope Read-only property with details of the app specific scope when the assignment scope is app specific. Containment entity. Inherited from unifiedRoleScheduleBase
directoryScope directoryObject Property referencing the directory object that is the scope of the assignment. Provided so that callers can get the directory object using $expand at the same time as getting the role assignment. Read-only. Inherited from unifiedRoleScheduleBase
principal directoryObject Property referencing the principal that is getting a role assignment through the request. Provided so that callers can get the principal using $expand at the same time as getting the role assignment. Read-only. Inherited from unifiedRoleScheduleBase
roleDefinition unifiedRoleDefinition Property indicating the roleDefinition the assignment is for. Provided so that callers can get the role definition using $expand at the same time as getting the role assignment. roleDefinition.Id will be auto expanded. Inherited from unifiedRoleScheduleBase

JSON representation

The following is a JSON representation of the resource.

{
  "@odata.type": "#microsoft.graph.unifiedRoleAssignmentSchedule",
  "id": "String (identifier)",
  "principalId": "String",
  "roleDefinitionId": "String",
  "directoryScopeId": "String",
  "appScopeId": "String",
  "createdUsing": "String",
  "createdDateTime": "String (timestamp)",
  "modifiedDateTime": "String (timestamp)",
  "status": "String",
  "scheduleInfo": {
    "@odata.type": "microsoft.graph.requestSchedule"
  },
  "assignmentType": "String",
  "memberType": "String"
}