| title | unifiedRoleManagementPolicy resource type |
|---|---|
| description | Specifies the various policies associated with scopes and roles. |
| author | rkarim-ms |
| ms.localizationpriority | medium |
| ms.subservice | entra-id-governance |
| doc_type | resourcePageType |
| toc.title | Policy |
| ms.date | 07/22/2024 |
Namespace: microsoft.graph
Specifies the various policies associated with scopes and roles. For policies that apply to Azure RBAC, use the Azure REST PIM API for role management policies.
Inherits from entity.
| Method | Return type | Description |
|---|---|---|
| List | unifiedRoleManagementPolicy collection | Get role management policies and their details. |
| Get | unifiedRoleManagementPolicy | Retrieve the details of a role management policy. |
| Update | unifiedRoleManagementPolicy | Update the details of a role management policy. |
| List rules | unifiedRoleManagementPolicyRule collection | Get the rules defined for a role management policy. |
| Get rule | unifiedRoleManagementPolicyRule | Retrieve a rule defined for a role management policy. |
| Update rule | unifiedRoleManagementPolicyRule | Update a rule defined for a role management policy. |
| Property | Type | Description |
|---|---|---|
| description | String | Description for the policy. |
| displayName | String | Display name for the policy. |
| id | String | Unique identifier for the policy. |
| isOrganizationDefault | Boolean | This can only be set to true for a single tenant-wide policy which will apply to all scopes and roles. Set the scopeId to / and scopeType to Directory. Supports $filter (eq, ne). |
| lastModifiedBy | identity | The identity who last modified the role setting. |
| lastModifiedDateTime | DateTimeOffset | The time when the role setting was last modified. |
| scopeId | String | The identifier of the scope where the policy is created. Can be / for the tenant or a group ID. Required. |
| scopeType | String | The type of the scope where the policy is created. One of Directory, DirectoryRole, Group. Required. |
| Relationship | Type | Description |
|---|---|---|
| effectiveRules | unifiedRoleManagementPolicyRule collection | The list of effective rules like approval rules and expiration rules evaluated based on inherited referenced rules. For example, if there is a tenant-wide policy to enforce enabling an approval rule, the effective rule will be to enable approval even if the policy has a rule to disable approval. Supports $expand. |
| rules | unifiedRoleManagementPolicyRule collection | The collection of rules like approval rules and expiration rules. Supports $expand. |
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicy",
"id": "String (identifier)",
"displayName": "String",
"description": "String",
"isOrganizationDefault": "Boolean",
"scopeId": "String",
"scopeType": "String",
"lastModifiedDateTime": "String (timestamp)",
"lastModifiedBy": {
"@odata.type": "microsoft.graph.identity"
}
}