| title | customAppScope resource type |
|---|---|
| description | Represents a customized RBAC scope object from each RBAC provider. |
| ms.localizationpriority | medium |
| author | cubika |
| ms.subservice | entra-directory-management |
| doc_type | resourcePageType |
| ms.date | 07/22/2024 |
| toc.title | Custom app scope for RBAC providers |
[!INCLUDE beta-disclaimer]
Represents a customized RBAC scope object from each RBAC provider. This resource is a subtype of appScope, which is a scope defined and understood by a specific application. A custom app scope has its own lifecycle for role assignment objects across various RBAC providers. A custom app scope can also store custom attributes sourced from different RBAC providers.
For example, in the Exchange Online provider, customAppScope maps to management role scope that can be managed separately by Exchange administrators. The CRUD operations for customAppScope entities are supported. You can use the ID of a customAppScope as the appScopeId of a unifiedRoleAssignment.
The following providers are supported:
- Exchange Online RBAC provider
- Microsoft Defender XDR Unified RBAC provider
Inherits from appScope.
| Method | Return Type | Description |
|---|---|---|
| List for Exchange Online and Defender | customAppScope collection | Get a list of customAppScope objects for the Exchange Online or Defender RBAC providers. |
| List for Defender | customAppScope collection | Get a list of customAppScope objects for the Defender RBAC provider. |
| Create for Exchange Online | customAppScope | Create a new customAppScope object for an RBAC provider. |
| Get for Exchange Online | customAppScope | Get the properties of a customAppScope object for an RBAC provider. |
| Update for Exchange Online | None | Update an existing customAppScope object of an RBAC provider. |
| Delete for Exchange Online | None | Delete a customAppScope object of an RBAC provider. |
| Property | Type | Description |
|---|---|---|
| customAttributes | customAppScopeAttributesDictionary | An open dictionary type that holds workload-specific properties for the scope object. |
| displayName | String | The display name of the app-specific resource represented by the app scope. Provided for display purposes since the appScopeId is often an immutable, non-human-readable ID. Read-only. Inherited from appScope. |
| id | String | The unique identifier of an app-specific container or resource that represents the scope of the assignment. Usually the immutable ID of the resource. The scope of an assignment determines the set of resources for which the principal has been granted access. Required. Inherited from appScope. |
| type | String | The type of app-specific resource represented by the app scope. Provided for display purposes, so a user interface can convey to the user the kind of app-specific resource represented by the app scope. Read-only. Inherited from appScope. |
None.
The following JSON representation shows the resource type.
{
"customAttributes": {
"@odata.type": "microsoft.graph.customAppScopeAttributesDictionary"
},
"displayName": "String",
"id": "String (identifier)",
"type": "String"
}