| title | rbacApplication resource type |
|---|---|
| description | Role management container for unified role definitions and role assignments for Microsoft 365 RBAC providers. |
| ms.localizationpriority | medium |
| author | DougKirschner |
| ms.reviewer | msodsrbac |
| ms.subservice | entra-directory-management |
| doc_type | resourcePageType |
| ms.date | 06/08/2024 |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
Role management container for unified role definitions and role assignments for Microsoft 365 RBAC providers. Currently directory and entitlement management are the only RBAC applications supported.
| Method | Return Type | Description |
|---|---|---|
| Create role assignment | unifiedRoleAssignment | Create a new unifiedRoleAssignment by posting to the roleAssignments collection. |
| List role assignment | unifiedRoleAssignment collection | Get a unifiedRoleAssignment object collection. Only specific instances can be queried, by filtering on roleDefitionId or principalId. |
| List transitive role assignments | unifiedRoleAssignment collection | Get direct and transitive unifiedRoleAssignments assigned to a specific principal. Specifying principalId is required. |
| Create role definition | unifiedRoleDefinition | Create a new unifiedRoleDefinition by posting to the roleDefinitions collection. |
| List role definitions | unifiedRoleDefinition collection | Get a unifiedRoleDefinition object collection. |
| List role schedules | unifiedRoleScheduleBase collection | Function to retrieve a collection of unifiedRoleScheduleBase objects. |
| List role schedule instances | unifiedRoleScheduleInstanceBase collection | Function to retrieve a collection of unifiedRoleScheduleInstanceBase objects. |
None
| Relationship | Type | Description |
|---|---|---|
| resourceNamespaces | unifiedRbacResourceNamespace collection | Resource that represents a collection of related actions. |
| roleAssignments | unifiedRoleAssignment collection | Resource to grant access to users or groups. |
| roleDefinitions | unifiedRoleDefinition collection | Resource representing the roles allowed by RBAC providers and the permissions assigned to the roles. |
| roleAssignmentApprovals | approval collection | Decisions associated with a role assignment approval. |
| roleAssignmentScheduleInstances | unifiedRoleAssignmentScheduleInstance collection | Instances for active role assignments through Microsoft Entra Privileged Identity Management. |
| roleAssignmentScheduleRequests | unifiedRoleAssignmentScheduleRequest collection | Requests for active role assignments through Microsoft Entra Privileged Identity Management. |
| roleAssignmentSchedules | unifiedRoleAssignmentSchedule collection | Schedule for active role assignments through Microsoft Entra Privileged Identity Management. |
| roleEligibilityScheduleInstances | unifiedRoleEligibilityScheduleInstance collection | Instances of eligible role assignments through Microsoft Entra Privileged Identity Management. |
| roleEligibilityScheduleRequests | unifiedRoleEligibilityScheduleRequest collection | Requests for eligible role assignments through Microsoft Entra Privileged Identity Management. |
| roleEligibilitySchedules | unifiedRoleEligibilitySchedule collection | Schedule for eligible role assignments through Microsoft Entra Privileged Identity Management. |
| transitiveRoleAssignments | unifiedRoleAssignment collection | Resource to grant access to users or groups that are transitive. |
None