| title | Create customSecurityAttributeDefinition |
|---|---|
| description | Create a new customSecurityAttributeDefinition object. |
| author | rolyon |
| ms.localizationpriority | medium |
| ms.subservice | entra-directory-management |
| doc_type | apiPageType |
| ms.date | 05/14/2024 |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
Create a new customSecurityAttributeDefinition object.
[!INCLUDE national-cloud-support]
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
[!INCLUDE permissions-table]
[!INCLUDE rbac-customsecurityattibutes-apis-write]
POST /directory/customSecurityAttributeDefinitions| Name | Description |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
| Content-Type | application/json. Required. |
In the request body, supply a JSON representation of the customSecurityAttributeDefinition object.
The following table shows the properties that you can configure when you create a customSecurityAttributeDefinition.
| Property | Type | Description |
|---|---|---|
| attributeSet | String | Name of the attribute set. Case sensitive. Required. |
| description | String | Description of the custom security attribute. Can be up to 128 characters long and include Unicode characters. Can't contain spaces or special characters. Can be changed later. Optional. |
| isCollection | Boolean | Indicates whether multiple values can be assigned to the custom security attribute. Can't be changed later. If type is set to Boolean, isCollection can't be set to true. Required. |
| isSearchable | Boolean | Indicates whether custom security attribute values are indexed for searching on objects that are assigned attribute values. Can't be changed later. Required. |
| name | String | Name of the custom security attribute. Must be unique within an attribute set. Can be up to 32 characters long and include Unicode characters. Can't contain spaces or special characters. Can't be changed later. Case sensitive. Required. |
| status | String | Specifies whether the custom security attribute is active or deactivated. Acceptable values are Available and Deprecated. Can be changed later. Required. |
| type | String | Data type for the custom security attribute values. Supported types are: Boolean, Integer, and String. Can't be changed later. Required. |
| usePreDefinedValuesOnly | Boolean | Indicates whether only predefined values can be assigned to the custom security attribute. If set to false, free-form values are allowed. Can later be changed from true to false, but can't be changed from false to true. If type is set to Boolean, usePreDefinedValuesOnly can't be set to true. Required. |
The id property is auto generated and can't be set.
If successful, this method returns a 201 Created response code and a customSecurityAttributeDefinition object in the response body.
The following example adds a new custom security attribute definition that is a single free-form value of type String.
- Attribute set:
Engineering - Attribute:
ProjectDate
The following example shows a request.
POST https://graph.microsoft.com/beta/directory/customSecurityAttributeDefinitions
Content-Type: application/json
{
"attributeSet":"Engineering",
"description":"Target completion date",
"isCollection":false,
"isSearchable":true,
"name":"ProjectDate",
"status":"Available",
"type":"String",
"usePreDefinedValuesOnly": false
}[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
The following example shows the response.
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#directory/customSecurityAttributeDefinitions/$entity",
"attributeSet": "Engineering",
"description": "Target completion date",
"id": "Engineering_ProjectDate",
"isCollection": false,
"isSearchable": true,
"name": "ProjectDate",
"status": "Available",
"type": "String",
"usePreDefinedValuesOnly": false
}The following example adds a new custom security attribute definition that supports multiple values of type String that are predefined.
- Attribute set:
Engineering - Attribute:
Project
The following example shows a request.
POST https://graph.microsoft.com/beta/directory/customSecurityAttributeDefinitions
Content-Type: application/json
Content-length: 310
{
"attributeSet":"Engineering",
"description":"Active projects for user",
"isCollection":true,
"isSearchable":true,
"name":"Project",
"status":"Available",
"type":"String",
"usePreDefinedValuesOnly": true
}[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
The following example shows the response.
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#directory/customSecurityAttributeDefinitions/$entity",
"attributeSet": "Engineering",
"description": "Active projects for user",
"id": "Engineering_Project",
"isCollection": true,
"isSearchable": true,
"name": "Project",
"status": "Available",
"type": "String",
"usePreDefinedValuesOnly": true
}Here's an example that adds a new custom security attribute definition with a list of predefined values as a collection of strings.
- Attribute set:
Engineering - Attribute:
Project - Attribute data type: Collection of Strings
- Predefined values:
Alpine,Baker,Cascade
The following example shows a request.
POST https://graph.microsoft.com/beta/directory/customSecurityAttributeDefinitions
Content-Type: application/json
{
"attributeSet": "Engineering",
"description": "Active projects for user",
"isCollection": true,
"isSearchable": true,
"name": "Project",
"status": "Available",
"type": "String",
"usePreDefinedValuesOnly": true,
"allowedValues": [
{
"id": "Alpine",
"isActive": true
},
{
"id": "Baker",
"isActive": true
},
{
"id": "Cascade",
"isActive": true
}
]
}[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
The following example shows the response.
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#directory/customSecurityAttributeDefinitions/$entity",
"attributeSet": "Engineering",
"description": "Active projects for user",
"id": "Engineering_Project",
"isCollection": true,
"isSearchable": true,
"name": "Project",
"status": "Available",
"type": "String",
"usePreDefinedValuesOnly": true
}