| title | List unifiedRoleAssignmentMultiple |
|---|---|
| description | Retrieve the properties and relationships of unifiedRoleAssignmentMultiple object. |
| ms.localizationpriority | medium |
| author | DougKirschner |
| ms.reviewer | msodsrbac |
| ms.subservice | entra-directory-management |
| doc_type | apiPageType |
| ms.date | 04/04/2024 |
| ms.custom | sfi-ga-nochange |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
Get a list of unifiedRoleAssignmentMultiple objects for an RBAC provider.
The following RBAC providers are currently supported:
- Cloud PC
- device management (Intune)
- Defender (Microsoft Defender XDR)
For other Microsoft 365 applications (like Microsoft Entra ID), use unifiedRoleAssignment.
[!INCLUDE national-cloud-support]
The following tables show the least privileged permission or permissions required to call this API on each supported resource type. Follow best practices to request least privileged permissions. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
[!INCLUDE permissions-table]
[!INCLUDE permissions-table]
[!INCLUDE permissions-table]
To list role assignments for a Cloud PC provider:
GET /roleManagement/cloudPc/roleAssignmentsTo list role assignments for an Intune provider:
GET /roleManagement/deviceManagement/roleAssignmentsTo list role assignments for a Defender provider:
GET /roleManagement/defender/roleAssignmentsYou can filter on the roleDefinitionId or principalId properties. The roleDefinitionId property can be either a role object ID or a role template object ID. For general information, see OData query parameters.
| Name | Description |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
Don't supply a request body for this method.
If successful, this method returns a 200 OK response code and a collection of unifiedRoleAssignmentMultiple objects in the response body.
The following is an example of the request:
GET https://graph.microsoft.com/beta/roleManagement/deviceManagement/roleAssignments?$filter=principalId eq '9e47fc6f-2d7a-464c-944e-d3dd0de522e4'
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE snippet-not-available] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
The following is an example of the response:
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/deviceManagement/roleAssignments/$entity",
"value": [
{
"@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
"id": "lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1",
"roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10",
"principalIds[]": ["9e47fc6f-2d7a-464c-944e-d3dd0de522e4", "f8ca5a85-489a-49a0-b555-0a6d81e56f0d"],
"directoryScopeIds[]": ["28ca5a85-489a-49a0-b555-0a6d81e56f0", "8152656a-cf9a-4928-a457-1512d4cae295"]
},
{
"@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
"id": "2BNpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SWRD-2",
"roleDefinitionId": "9e47fc6f-2d7a-464c-944e-d3dd0de522e4",
"principalIds[]": ["9e47fc6f-2d7a-464c-944e-d3dd0de522e4", "53a6c08d-0227-41bd-8bc6-2728df6be749", "a4991fe1-6d7c-427c-969b-bda6df78c458"],
"appScopeIds[]": ["28ca5a85-489a-49a0-b555-0a6d81e56f0"]
}
]
}GET https://graph.microsoft.com/beta/roleManagement/cloudPC/roleAssignments
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
Note: The response object shown here might be shortened for readability. All the properties will be returned from an actual call.
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/cloudPC/roleAssignments/$entity",
"value": [
{
"id": "dbe9d288-fd87-41f4-b33d-b498ed207096",
"description": null,
"displayName": "My test role assignment 1",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": [
"8e811502-ebda-4782-8f81-071d17f0f892",
"30e3492f-964c-4d73-88c6-986a53c6e2a0"
],
"directoryScopeIds": [
"/"
],
"appScopeIds": []
},
{
"id": "fad74173-3fe3-4e64-9a80-297bdad2b36e",
"description": null,
"displayName": "My test role assignment 2",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": [
"8e811502-ebda-4782-8f81-071d17f0f892",
],
"directoryScopeIds": [
"/"
],
"appScopeIds": []
}
]
}GET https://graph.microsoft.com/beta/roleManagement/cloudPC/roleAssignments?$filter=roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
Note: The response object shown here might be shortened for readability. All the properties will be returned from an actual call.
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/cloudPC/roleAssignments",
"value": [{
"id": "ed9e247f-f23b-4d72-9e8c-97fa6f385246",
"description": "",
"displayName": "test",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": ["689c9051-77ff-4f14-9b39-3d22de07321a"],
"directoryScopeIds": ["/"],
"appScopeIds": []
}, {
"id": "3d8e564b-761a-4b32-8f50-63d555f7bc00",
"description": "test1",
"displayName": "AssignmentTest",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": ["0ec7855b-4057-4b7c-9217-09ee9bf4dfd7"],
"directoryScopeIds": ["/"],
"appScopeIds": []
}, {
"id": "f36a3269-d03d-4d33-81e7-190bded40ad2",
"description": "",
"displayName": "test3",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": ["e4ea53cf-cdd6-46b5-bf38-570033a0fba3"],
"directoryScopeIds": ["/"],
"appScopeIds": []
}]
}GET https://graph.microsoft.com/beta/roleManagement/defender/roleAssignments?$filter=roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE snippet-not-available] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
Note: The response object shown here might be shortened for readability. All the properties will be returned from an actual call.
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/defender/roleAssignments",
"value": [
{
"id": "dbe9d288-fd87-41f4-b33d-b498ed207096",
"displayName": "Example role assignment scoped to specific domain identity",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": [
"8e811502-ebda-4782-8f81-071d17f0f892",
"30e3492f-964c-4d73-88c6-986a53c6e2a0"
],
"appScopeIds": [
"Mdi", "/UserGroupId/481c-ace2-a20a69a48f"
]
},
{
"id": "fad74173-3fe3-4e64-9a80-297bdad2b36e",
"displayName": "Example role assignment not scoped to any workload nor scope",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": [
"8e811502-ebda-4782-8f81-071d17f0f892"
],
"appScopeIds": [
"/"
]
}
]
}