Skip to content

unifiedrolemanagementpolicy-get.md

Latest commit

 

History

History
225 lines (175 loc) · 8.76 KB

unifiedrolemanagementpolicy-get.md

File metadata and controls

225 lines (175 loc) · 8.76 KB
title Get unifiedRoleManagementPolicy
description Retrieve the details of a role management policy.
author rkarim-ms
ms.localizationpriority medium
ms.subservice entra-id-governance
doc_type apiPageType
ms.date 04/05/2024

Get unifiedRoleManagementPolicy

Namespace: microsoft.graph

[!INCLUDE beta-disclaimer]

Retrieve the details of a role management policy. To read a policy that applies to Azure RBAC, use the Azure REST PIM API for role management policies.

[!INCLUDE national-cloud-support]

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

For PIM for Microsoft Entra roles

Permission type Permissions (from least to most privileged)
Delegated (work or school account) RoleManagementPolicy.Read.Directory, RoleManagement.Read.Directory, RoleManagement.Read.All, RoleManagementPolicy.ReadWrite.Directory, RoleManagement.ReadWrite.Directory
Delegated (personal Microsoft account) Not supported.
Application RoleManagementPolicy.Read.Directory, RoleManagement.Read.Directory, RoleManagement.Read.All, RoleManagementPolicy.ReadWrite.Directory, RoleManagement.ReadWrite.Directory

[!INCLUDE rbac-pim-entra-roles-apis]

For PIM for Groups

Permission type Permissions (from least to most privileged)
Delegated (work or school account) RoleManagementPolicy.Read.AzureADGroup, RoleManagementPolicy.ReadWrite.AzureADGroup
Delegated (personal Microsoft account) Not supported.
Application RoleManagementPolicy.Read.AzureADGroup, RoleManagementPolicy.ReadWrite.AzureADGroup

HTTP request

To retrieve the details of a policy in PIM that can be applied to Microsoft Entra roles or group membership or ownership:

GET /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}

Optional query parameters

This method supports the $select and $expand OData query parameters to help customize the response. You can also specify the wildcard value * to expand all supported relationships, that is, ?$expand=*. For general information, see OData query parameters.

Request headers

Name Description
Authorization Bearer {token}. Required. Learn more about authentication and authorization.

Request body

Don't supply a request body for this method.

Response

If successful, this method returns a 200 OK response code and an unifiedRoleManagementPolicy object in the response body.

Examples

Example 1: Retrieve the details of a policy in PIM for Microsoft Entra roles

Request

The following example shows a request.

HTTP

GET https://graph.microsoft.com/beta/policies/roleManagementPolicies/DirectoryRole_19356be4-7e93-4ed6-a7c6-0ae28454d125_13b24d89-6e5a-46d5-b0d7-531c0846570a

C#

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Go

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Java

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

JavaScript

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

PHP

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

PowerShell

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Python

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Response

The following example shows the response.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 200 OK
Content-Type: application/json

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/roleManagementPolicies/$entity",
    "id": "DirectoryRole_19356be4-7e93-4ed6-a7c6-0ae28454d125_13b24d89-6e5a-46d5-b0d7-531c0846570a",
    "displayName": "DirectoryRole",
    "description": "DirectoryRole",
    "isOrganizationDefault": false,
    "scopeId": "/",
    "scopeType": "DirectoryRole",
    "lastModifiedDateTime": null,
    "lastModifiedBy": {
        "displayName": null,
        "id": null
    }
}

Example 2: Retrieve the details of a policy in PIM for Groups

Request

The following example shows a request.

HTTP

GET https://graph.microsoft.com/beta/policies/roleManagementPolicies/Group_60bba733-f09d-49b7-8445-32369aa066b3_f21b26d9-9ff9-4af1-b1d4-bddf28591369

C#

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Go

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Java

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

JavaScript

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

PHP

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

PowerShell

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Python

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Response

The following example shows the response.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 200 OK
Content-Type: application/json

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/roleManagementPolicies/$entity",
    "id": "Group_60bba733-f09d-49b7-8445-32369aa066b3_f21b26d9-9ff9-4af1-b1d4-bddf28591369",
    "displayName": "Group",
    "description": "Group",
    "isOrganizationDefault": false,
    "scopeId": "60bba733-f09d-49b7-8445-32369aa066b3",
    "scopeType": "Group",
    "lastModifiedDateTime": "2023-05-23T23:29:43.687Z",
    "lastModifiedBy": {
        "displayName": null,
        "id": null
    }
}