Updates from: 08/21/2021 03:15:46
Service Microsoft Docs article Related commit history on GitHub Change details
v1.0 Application Post Onlinemeetings https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/application-post-onlinemeetings.md
Content-Type: application/json
### Example 2: Create an online meeting in a Microsoft Teams channel with a user token #### Request
->**Note:** The Object ID of the user token passed should be a member of the channel represented by threadid in the payload.
+>**Note:** The Object ID of the user token passed should be a member of the channel represented by **threadId** in the payload.
```http POST https://graph.microsoft.com/beta/me/onlineMeetings
v1.0 Governanceresource Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/governanceresource-get.md
description: "Retrieve the properties and relationships of a governanceResource
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # Get governanceResource
v1.0 Governanceresource List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/governanceresource-list.md
description: "Retrieve a collection of governanceResource that the requestor has
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # List governanceResources
v1.0 Governanceresource Register https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/governanceresource-register.md
description: "Register a governanceResource object in PIM."
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # governanceResource: register
v1.0 Governanceroleassignment Export https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/governanceroleassignment-export.md
description: "Retrieve a collection of governanceRoleAssignmentRequests in the f
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # Export governanceRoleAssignmentRequests
v1.0 Governanceroleassignment Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/governanceroleassignment-get.md
description: "Retrieve the properties and relationships of a governanceRoleAssig
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # Get governanceRoleAssignment
v1.0 Governanceroleassignment List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/governanceroleassignment-list.md
description: "Retrieve a collection of governanceRoleAssignments."
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # List governanceRoleAssignments
v1.0 Governanceroleassignmentrequest Cancel https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/governanceroleassignmentrequest-cancel.md
description: "Cancel a governanceRoleAssignmentRequest."
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # Cancel governanceRoleAssignmentRequest
v1.0 Governanceroleassignmentrequest Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/governanceroleassignmentrequest-get.md
description: "Get a governanceRoleAssignmentRequest. "
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # Get governanceRoleAssignmentRequest
v1.0 Governanceroleassignmentrequest List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/governanceroleassignmentrequest-list.md
description: "Retrieve a collection of governanceRoleAssignmentRequests. "
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # List governanceRoleAssignmentRequests
v1.0 Governanceroleassignmentrequest Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/governanceroleassignmentrequest-post.md
description: "Create a role assignment request to represent the operation you wa
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # Create governanceRoleAssignmentRequest
v1.0 Governanceroleassignmentrequest Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/governanceroleassignmentrequest-update.md
description: "Enable administrators to update their decisions (`AdminApproved` o
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # Update governanceRoleAssignmentRequests
v1.0 Governanceroledefinition Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/governanceroledefinition-get.md
description: "Retrieve the properties and relationships of a governanceRoleDefin
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # Get governanceRoleDefinition
v1.0 Governanceroledefinition List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/governanceroledefinition-list.md
description: "Get a collection of governanceRoleDefinitions on a resource."
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # List governanceRoleDefinitions
v1.0 Governancerolesetting Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/governancerolesetting-get.md
description: "Retrieve the properties and relationships of a governanceRoleSetti
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # Get governanceRoleSetting
v1.0 Governancerolesetting List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/governancerolesetting-list.md
description: "Retrieve a collection of governanceRoleSettings on a resource."
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # List governanceRoleSettings
v1.0 Governancerolesetting Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/governancerolesetting-update.md
description: "Update the properties of governanceRoleSetting."
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # Update governanceRoleSetting
v1.0 Group Post Groups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/group-post-groups.md
The following table shows the properties of the [group](../resources/group.md) r
| description | string | A description for the group. Optional. | | isAssignableToRole | Boolean | Set to **true** to enable the group to be assigned to an Azure AD role. Only Privileged Role Administrator and Global Administrator can set the value of this property. Optional. | | mailEnabled | boolean | Set to **true** for mail-enabled groups. Required. |
-| mailNickname | string | The mail alias for the group. These characters cannot be used in the mailNickName: `@()\[]";:.<>,SPACE`. Required. |
+| mailNickname | string | The mail alias for the group. This property can contain only characters in the [ASCII character set 0 - 127](/office/vba/language/reference/user-interface-help/character-set-0127) except the following: ` @ () \ [] " ; : . <> , SPACE `. Required. |
| securityEnabled | boolean | Set to **true** for security-enabled groups, including Microsoft 365 groups. Required. | | owners | [directoryObject](../resources/directoryobject.md) collection | This property represents the owners for the group at creation time. Owners aren't automatically added as group members unless specified in the **members** property. Optional. | | members | [directoryObject](../resources/directoryobject.md) collection | This property represents the members for the group at creation time. Optional. |
v1.0 Onlinemeeting Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/onlinemeeting-get.md
GET https://graph.microsoft.com/beta/users/dc17674c-81d9-4adb-bfb2-8f6a442e4622/
``` ### Example 3: Retrieve an online meeting by JoinWebUrl
-You can retrieve meeting information via JoinWebUrl by using either a user or application token. This option is available to support use cases where the meeting ID is not known but the JoinWebUrl is, such as when a user creates a meeting (for example in the Microsoft Teams client), and a seperate application needs to retrieve meeting details as a followup action.
+You can retrieve meeting information via JoinWebUrl by using either a user or application token. This option is available to support use cases where the meeting ID isn't known but the JoinWebUrl is, such as when a user creates a meeting (for example in the Microsoft Teams client), and a seperate application needs to retrieve meeting details as a follow-up action.
#### Request
v1.0 Policyroot List Rolemanagementpolicies https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/policyroot-list-rolemanagementpolicies.md
Title: "List roleManagementPolicies" description: "Get the unifiedRoleManagementPolicy resources from the roleManagementPolicies navigation property."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
v1.0 Policyroot List Rolemanagementpolicyassignments https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/policyroot-list-rolemanagementpolicyassignments.md
Title: "List roleManagementPolicyAssignments" description: "Get the unifiedRoleManagementPolicyAssignment resources from the roleManagementPolicyAssignments navigation property."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
v1.0 Privilegedapproval Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedapproval-get.md
description: "Retrieve the properties and relationships of privilegedapproval ob
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # Get privilegedApproval
v1.0 Privilegedapproval List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedapproval-list.md
description: "Retrieve a list of privilegedapproval objects."
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # List privilegedApproval
v1.0 Privilegedapproval Myrequests https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedapproval-myrequests.md
description: "Get the requestor's approval requests."
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # privilegedApproval: myRequests
v1.0 Privilegedapproval Post Privilegedapproval https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedapproval-post-privilegedapproval.md
description: "Use this API to create a new privilegedApproval."
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # Create privilegedApproval
v1.0 Privilegedapproval Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedapproval-update.md
description: "Update the properties of privilegedapproval object."
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # Update privilegedapproval
v1.0 Privilegedoperationevent List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedoperationevent-list.md
description: "filter`` expression."
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # List privilegedOperationEvents
v1.0 Privilegedrole Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedrole-get.md
description: "Retrieve the properties and relationships of privilegedRole object
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # Get privilegedRole
v1.0 Privilegedrole List Assignments https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedrole-list-assignments.md
description: "Retrieve a list of privilegedRoleAssignment objects that are assoc
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # List assignments
v1.0 Privilegedrole List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedrole-list.md
description: "Retrieve a list of privilegedRole objects."
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # List privilegedRoles
v1.0 Privilegedrole Selfactivate https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedrole-selfactivate.md
description: "Activate the role that is assigned to the requester."
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # privilegedRole: selfActivate
v1.0 Privilegedrole Selfdeactivate https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedrole-selfdeactivate.md
description: "Deactivate the role that is assigned to the requestor."
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # privilegedRole: selfDeactivate
v1.0 Privilegedroleassignment Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedroleassignment-delete.md
description: "Delete privilegedRoleAssignment."
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # Delete privilegedRoleAssignment
v1.0 Privilegedroleassignment Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedroleassignment-get.md
description: "Retrieve the properties and relationships of privilegedRoleAssignm
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # Get privilegedRoleAssignment
v1.0 Privilegedroleassignment List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedroleassignment-list.md
description: "Retrieve a list of privilegedRoleAssignment objects, which corresp
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # List privilegedRoleAssignments
v1.0 Privilegedroleassignment Makeeligible https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedroleassignment-makeeligible.md
description: "Make the role assignment eligible."
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # privilegedRoleAssignment: makeEligible
v1.0 Privilegedroleassignment Makepermanent https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedroleassignment-makepermanent.md
description: "Make the role assignment permanent."
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # privilegedRoleAssignment: makePermanent
v1.0 Privilegedroleassignment My https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedroleassignment-my.md
description: "Get the requestor's privileged role assignments."
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # privilegedRoleAssignment: my
v1.0 Privilegedroleassignment Post Privilegedroleassignments https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedroleassignment-post-privilegedroleassignments.md
description: "Use this API to create a new privilegedRoleAssignment."
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # Create privilegedRoleAssignment
v1.0 Privilegedroleassignmentrequest Cancel https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedroleassignmentrequest-cancel.md
description: "Cancel a privilegedRoleAssignmentRequest."
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # Cancel privilegedRoleAssignmentRequest
v1.0 Privilegedroleassignmentrequest List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedroleassignmentrequest-list.md
description: "Retrieve a collection of privilegedRoleAssignmentRequest. "
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # List privilegedRoleAssignmentRequests
v1.0 Privilegedroleassignmentrequest My https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedroleassignmentrequest-my.md
description: "Get the requester's privileged role assignment requests."
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # privilegedRoleAssignmentRequest: my
v1.0 Privilegedroleassignmentrequest Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedroleassignmentrequest-post.md
description: "Create a privilegedroleassignmentrequest object."
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # Create privilegedRoleAssignmentRequest
v1.0 Privilegedrolesettings Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedrolesettings-get.md
description: "Retrieve the role settings for the given role. A privilegedRoleSet
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # Get privilegedRoleSettings
v1.0 Privilegedrolesettings Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedrolesettings-update.md
description: "Update the role settings for the given role setting. A privilegedR
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # Update privilegedRoleSettings
v1.0 Privilegedrolesummary Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/privilegedrolesummary-get.md
description: "Retrieve the properties and relationships of privilegedRoleSummary
localization_priority: Normal doc_type: apiPageType ms.prod: "governance"-+ # Get privilegedRoleSummary
v1.0 Rbacapplication Rolescheduleinstances https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/rbacapplication-rolescheduleinstances.md
Title: "rbacApplication: roleScheduleInstances" description: "Retrieve both roleAssignmentScheduleInstances and roleEligibilityScheduleInstances."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
The following table shows the query parameters that can be used with this method
|Parameter|Type|Description| |:|:|:|
-|directoryScopeId|String|Id of the directory object that represents the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only. |
-|appScopeId|String|Id of the app specific scope. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only. |
-|principalId|String|Objectid of the principal to which the schedules belong. |
-|roleDefinitionId|String|ID of the unifiedRoleDefinition for the assignment. Read only.|
+|directoryScopeId|String|Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. Use **appScopeId** to limit the scope to an application only. |
+|appScopeId|String|Identifier of the app-specific scope when the assignment scope is app-specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use `/` for tenant-wide app scopes. Use **directoryScopeId** to limit the scope to particular directory objects, for example, administrative units. |
+|principalId|String|Identifier of the principal to which the schedules belong. |
+|roleDefinitionId|String|Identifier of the unifiedRoleDefinition for the assignment. Read only.|
## Request headers |Name|Description|
GET https://graph.microsoft.com/beta/roleManagement/directory/roleScheduleInstan
### Response
-**Note:** The response object shown here might be shortened for readability.
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
v1.0 Rbacapplication Roleschedules https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/rbacapplication-roleschedules.md
Title: "rbacApplication: roleSchedules" description: "Retrieve both roleAssignmentSchedules and roleEligibilitySchedules."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
The following table shows the query parameters that can be used with this method
|Parameter|Type|Description| |:|:|:|
-|directoryScopeId|String|Id of the directory object that represents the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only. |
-|appScopeId|String|Id of the app specific scope. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only. |
-|principalId|String|Objectid of the principal to which the schedules belong. |
-|roleDefinitionId|String|ID of the unifiedRoleDefinition for the assignment. Read only.|
+|directoryScopeId|String|Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. Use **appScopeId** to limit the scope to an application only. |
+|appScopeId|String|Identifier of the app-specific scope when the assignment scope is app-specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use `/` for tenant-wide app scopes. Use **directoryScopeId** to limit the scope to particular directory objects, for example, administrative units. |
+|principalId|String| Identifier of the principal to which the assignment is being granted to. Can be a group or a user. |
+|roleDefinitionId|String|Identifier of the unifiedRoleDefinition for the assignment. Read only.|
## Request headers
Do not supply a request body for this method.
## Response
-If successful, this method returns a `200 OK` response code and a [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md) collection in the response body.
+If successful, this method returns a `200 OK` response code and a collection of [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md) objects in the response body.
## Examples
GET https://graph.microsoft.com/beta/roleManagement/directory/roleSchedules(dire
### Response
-**Note:** The response object shown here might be shortened for readability.
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
v1.0 Unifiedroleassignmentschedule Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentschedule-filterbycurrentuser.md
Title: "unifiedRoleAssignmentSchedule: filterByCurrentUser" description: "Get a list of the unifiedRoleAssignmentSchedule objects and their properties filtered by a particular user principal"-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
One of the following permissions is required to call this API. To learn more, in
} --> ``` http
-GET /roleManagement/directory/roleAssignmentSchedules/filterByCurrentUser
+GET /roleManagement/directory/roleAssignmentSchedules/filterByCurrentUser(on='principal')
```
-## Query parameters
+## Function parameters
The following table shows the query parameters that can be used with this method. |Parameter|Type|Description| |:|:|:|
-|on|roleAssignmentScheduleFilterByCurrentUserOptions|Id of the current user.|
+|on|roleAssignmentScheduleFilterByCurrentUserOptions|Filter to query objects for which the current user is the principal. Allowed value is `principal`. Required.|
+## Optional query parameters
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers |Name|Description|
Do not supply a request body for this method.
## Response
-If successful, this method returns a `200 OK` response code and a [unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md) collection in the response body.
+If successful, this method returns a `200 OK` response code and a collection of[unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md) objects in the response body.
## Examples
If successful, this method returns a `200 OK` response code and a [unifiedRoleAs
} --> ``` http
-GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentSchedules/filterByCurrentUser(on='dce468b2-68b2-dce4-b268-e4dcb268e4dc')
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentSchedules/filterByCurrentUser(on='principal')
``` ### Response
-**Note:** The response object shown here might be shortened for readability.
+
+The following is an example of the response showing an eligibility schedule that is through direct assignment.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 200 OK
Content-Type: application/json {
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(unifiedRoleAssignmentSchedule)",
"value": [ {
- "id": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
- "principalId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
- "roleDefinitionId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
- "directoryScopeId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
- "appScopeId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
- "createdUsing": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
- "createdDateTime": "2020-09-09T21:35:27.91Z",
- "modifiedDateTime": "2020-09-09T21:35:27.91Z",
+ "@odata.type": "#microsoft.graph.unifiedRoleAssignmentSchedule",
+ "id": "lAPpYvVpN0KRkAEhdxReECssmvzcHW1IohFf6Mp3-h8-1",
+ "principalId": "fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
+ "roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10",
+ "directoryScopeId": "/",
+ "appScopeId": null,
+ "createdUsing": null,
+ "createdDateTime": null,
+ "modifiedDateTime": null,
"status": "Provisioned",
+ "assignmentType": "Assigned",
+ "memberType": "Direct",
"scheduleInfo": {
- "@odata.type": "microsoft.graph.requestSchedule"
- },
- "assignmentType": "Eligible",
- "memberType": "direct"
+ "startDateTime": "2021-07-27T11:24:19.6471278Z",
+ "recurrence": null,
+ "expiration": {
+ "type": "noExpiration",
+ "endDateTime": null,
+ "duration": null
+ }
+ }
} ] }
v1.0 Unifiedroleassignmentschedule Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentschedule-get.md
Title: "Get unifiedRoleAssignmentSchedule" description: "Read the properties and relationships of an unifiedRoleAssignmentSchedule object."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
GET /roleManagement/directory/roleAssignmentSchedules/{unifiedRoleAssignmentSche
``` ## Optional query parameters
-This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers |Name|Description|
If successful, this method returns a `200 OK` response code and an [unifiedRoleA
} --> ``` http
-GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentSchedules/b1477448-2cc6-4ceb-93b4-54a202a89413
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentSchedules/226faf5f-61b4-40bb-8726-52e48ec914de
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/get-unifiedroleassignmentschedule-csharp-snippets.md)]
GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentSche
### Response
-**Note:** The response object shown here might be shortened for readability.
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 200 OK
Content-Type: application/json {
- "value": {
- "id": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
- "principalId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
- "roleDefinitionId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
- "directoryScopeId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
- "appScopeId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
- "createdUsing": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
- "createdDateTime": "2020-09-09T21:35:27.91Z",
- "modifiedDateTime": "2020-09-09T21:35:27.91Z",
- "status": "Provisioned",
- "scheduleInfo": {
- "@odata.type": "microsoft.graph.requestSchedule"
- },
- "assignmentType": "Eligible",
- "memberType": "direct"
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleAssignmentSchedules/$entity",
+ "id": "226faf5f-61b4-40bb-8726-52e48ec914de",
+ "principalId": "7532aaf7-0740-41d2-a79b-4a035f122a66",
+ "roleDefinitionId": "fdd7a751-b60b-444a-984c-02652fe8fa1c",
+ "directoryScopeId": "/",
+ "appScopeId": null,
+ "createdUsing": "226faf5f-61b4-40bb-8726-52e48ec914de",
+ "createdDateTime": "2021-07-27T09:42:40.087Z",
+ "modifiedDateTime": null,
+ "status": "Provisioned",
+ "assignmentType": "Assigned",
+ "memberType": "Direct",
+ "scheduleInfo": {
+ "startDateTime": "2021-07-27T09:42:40.087Z",
+ "recurrence": null,
+ "expiration": {
+ "type": "noExpiration",
+ "endDateTime": null,
+ "duration": null
+ }
} } ```
v1.0 Unifiedroleassignmentschedule List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentschedule-list.md
Title: "List unifiedRoleAssignmentSchedules" description: "Get a list of the unifiedRoleAssignmentSchedule objects and their properties."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
GET /roleManagement/directory/roleAssignmentSchedules
``` ## Optional query parameters
-This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+This method supports the `$select` and `$filter` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers |Name|Description|
GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentSche
### Response
-**Note:** The response object shown here might be shortened for readability.
+
+The following is an example of the response.
+
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 200 OK
Content-Type: application/json {
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(unifiedRoleEligibilitySchedule)",
"value": [ {
- "id": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
- "principalId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
- "roleDefinitionId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
- "directoryScopeId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
- "appScopeId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
- "createdUsing": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
- "createdDateTime": "2020-09-09T21:35:27.91Z",
- "modifiedDateTime": "2020-09-09T21:35:27.91Z",
- "status": "Provsioned",
+ "@odata.type": "#microsoft.graph.unifiedRoleEligibilitySchedule",
+ "id": "3dc04956-5e79-4e84-a2fc-4c168bb30a5f",
+ "principalId": "fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
+ "roleDefinitionId": "fdd7a751-b60b-444a-984c-02652fe8fa1c",
+ "directoryScopeId": "/administrativeUnits/dc626e71-4837-40eb-be4a-bc29d88a1178",
+ "appScopeId": null,
+ "createdUsing": "3dc04956-5e79-4e84-a2fc-4c168bb30a5f",
+ "createdDateTime": "2021-07-27T14:03:04.4Z",
+ "modifiedDateTime": "0001-01-01T08:00:00Z",
+ "status": "Provisioned",
+ "memberType": "Direct",
"scheduleInfo": {
- "@odata.type": "microsoft.graph.requestSchedule"
- },
- "assignmentType": "eligible",
- "memberType": "direct"
+ "startDateTime": "2021-07-27T14:03:04.4Z",
+ "recurrence": null,
+ "expiration": {
+ "type": "noExpiration",
+ "endDateTime": null,
+ "duration": null
+ }
+ }
} ] }
v1.0 Unifiedroleassignmentscheduleinstance Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentscheduleinstance-filterbycurrentuser.md
Title: "unifiedRoleAssignmentScheduleInstance: filterByCurrentUser" description: "Get a list of the unifiedRoleAssignmentScheduleInstance objects and their properties filtered by a particular user principal"-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
One of the following permissions is required to call this API. To learn more, in
} --> ``` http
-GET /roleManagement/directory/roleAssignmentScheduleInstances/filterByCurrentUser
+GET /roleManagement/directory/roleAssignmentScheduleInstances/filterByCurrentUser(on='principal')
```
-## Query parameters
+## Function parameters
The following table shows the parameters that can be used with this method. |Parameter|Type|Description| |:|:|:|
-|on|roleAssignmentScheduleInstanceFilterByCurrentUserOptions|Id of the current user.|
+|on|roleAssignmentScheduleInstanceFilterByCurrentUserOptions|Filter to query objects for which the current user is the principal. Allowed value is `principal`. Required.|
++
+## Optional query parameters
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers
Do not supply a request body for this method.
## Response
-If successful, this method returns a `200 OK` response code and a [unifiedRoleAssignmentScheduleInstance](../resources/unifiedroleassignmentscheduleinstance.md) collection in the response body.
+If successful, this method returns a `200 OK` response code and a collection of [unifiedRoleAssignmentScheduleInstance](../resources/unifiedroleassignmentscheduleinstance.md) objects in the response body.
## Examples
If successful, this method returns a `200 OK` response code and a [unifiedRoleAs
} --> ``` http
-GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentScheduleInstances/unifiedRoleAssignmentScheduleInstances/filterByCurrentUser(on='dce468b2-68b2-dce4-b268-e4dcb268e4dc')
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentScheduleInstances/filterByCurrentUser(on='principal')
``` ### Response
-**Note:** The response object shown here might be shortened for readability.
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 200 OK
Content-Type: application/json {
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(unifiedRoleAssignmentScheduleInstance)",
"value": [ {
- "id": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
- "principalId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
- "roleDefinitionId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
- "directoryScopeId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
- "appScopeId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
- "startDateTime": "2020-09-09T21:35:27.91Z",
- "endDateTime": "2020-09-09T21:35:27.91Z",
- "assignmentType": "eligible",
- "memberType": "direct",
- "roleAssignmentOriginId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
- "roleAssignmentScheduleId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc"
+ "@odata.type": "#microsoft.graph.unifiedRoleAssignmentScheduleInstance",
+ "id": "lAPpYvVpN0KRkAEhdxReECssmvzcHW1IohFf6Mp3-h8-1",
+ "principalId": "fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
+ "roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10",
+ "directoryScopeId": "/",
+ "appScopeId": null,
+ "startDateTime": null,
+ "endDateTime": null,
+ "assignmentType": "Assigned",
+ "memberType": "Direct",
+ "roleAssignmentOriginId": "lAPpYvVpN0KRkAEhdxReECssmvzcHW1IohFf6Mp3-h8-1",
+ "roleAssignmentScheduleId": "lAPpYvVpN0KRkAEhdxReECssmvzcHW1IohFf6Mp3-h8-1"
} ] }
v1.0 Unifiedroleassignmentscheduleinstance Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentscheduleinstance-get.md
Title: "Get unifiedRoleAssignmentScheduleInstance" description: "Read the properties and relationships of an unifiedRoleAssignmentScheduleInstance object."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
GET /roleManagement/directory/roleAssignmentScheduleInstances/{unifiedRoleAssign
``` ## Optional query parameters
-This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers |Name|Description|
If successful, this method returns a `200 OK` response code and an [unifiedRoleA
} --> ``` http
-GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentScheduleInstances/eb18c026-c026-eb18-26c0-18eb26c018eb
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentScheduleInstances/4-PYiFWPHkqVOpuYmLiHa_8KmpPnrkhHmG41_UYRbUY-1
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/get-unifiedroleassignmentscheduleinstance-csharp-snippets.md)]
GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentSche
### Response
-**Note:** The response object shown here might be shortened for readability.
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 200 OK
Content-Type: application/json {
- "value": {
- "id": "eb18c026-c026-eb18-26c0-18eb26c018eb",
- "principalId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
- "roleDefinitionId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
- "directoryScopeId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
- "appScopeId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
- "startDateTime": "2020-09-09T21:35:27.91Z",
- "endDateTime": "2020-09-09T21:35:27.91Z",
- "assignmentType": "eligible",
- "memberType": "direct",
- "roleAssignmentOriginId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
- "roleAssignmentScheduleId": "eb18c026-c026-eb18-26c0-18eb26c018eb"
- }
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleAssignmentScheduleInstances/$entity",
+ "id": "4-PYiFWPHkqVOpuYmLiHa_8KmpPnrkhHmG41_UYRbUY-1",
+ "principalId": "939a0aff-aee7-4748-986e-35fd46116d46",
+ "roleDefinitionId": "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
+ "directoryScopeId": "/",
+ "appScopeId": null,
+ "startDateTime": null,
+ "endDateTime": null,
+ "assignmentType": "Assigned",
+ "memberType": "Direct",
+ "roleAssignmentOriginId": "4-PYiFWPHkqVOpuYmLiHa_8KmpPnrkhHmG41_UYRbUY-1",
+ "roleAssignmentScheduleId": "4-PYiFWPHkqVOpuYmLiHa_8KmpPnrkhHmG41_UYRbUY-1"
} ```
v1.0 Unifiedroleassignmentscheduleinstance List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentscheduleinstance-list.md
Title: "List unifiedRoleAssignmentScheduleInstances" description: "Get a list of the unifiedRoleAssignmentScheduleInstance objects and their properties."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
GET /roleManagement/directory/roleAssignmentScheduleInstances
``` ## Optional query parameters
-This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+This method supports the `$select` and `$filter` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers |Name|Description|
GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentSche
### Response
-**Note:** The response object shown here might be shortened for readability.
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 200 OK
Content-Type: application/json {
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleAssignmentScheduleInstances",
"value": [ {
- "id": "eb18c026-c026-eb18-26c0-18eb26c018eb",
- "principalId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
- "roleDefinitionId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
- "directoryScopeId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
- "appScopeId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
- "startDateTime": "2020-09-09T21:35:27.91Z",
- "endDateTime": "2020-09-09T21:35:27.91Z",
- "assignmentType": "eligible",
- "memberType": "direct",
- "roleAssignmentOriginId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
- "roleAssignmentScheduleId": "eb18c026-c026-eb18-26c0-18eb26c018eb"
+ "id": "4-PYiFWPHkqVOpuYmLiHa_8KmpPnrkhHmG41_UYRbUY-1",
+ "principalId": "939a0aff-aee7-4748-986e-35fd46116d46",
+ "roleDefinitionId": "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
+ "directoryScopeId": "/",
+ "appScopeId": null,
+ "startDateTime": null,
+ "endDateTime": null,
+ "assignmentType": "Assigned",
+ "memberType": "Direct",
+ "roleAssignmentOriginId": "4-PYiFWPHkqVOpuYmLiHa_8KmpPnrkhHmG41_UYRbUY-1",
+ "roleAssignmentScheduleId": "4-PYiFWPHkqVOpuYmLiHa_8KmpPnrkhHmG41_UYRbUY-1"
+ },
+ {
+ "id": "4-PYiFWPHkqVOpuYmLiHa0VbFrscFfZMmRHNcYiRKEg-1",
+ "principalId": "bb165b45-151c-4cf6-9911-cd7188912848",
+ "roleDefinitionId": "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
+ "directoryScopeId": "/",
+ "appScopeId": null,
+ "startDateTime": null,
+ "endDateTime": null,
+ "assignmentType": "Assigned",
+ "memberType": "Direct",
+ "roleAssignmentOriginId": "4-PYiFWPHkqVOpuYmLiHa0VbFrscFfZMmRHNcYiRKEg-1",
+ "roleAssignmentScheduleId": "4-PYiFWPHkqVOpuYmLiHa0VbFrscFfZMmRHNcYiRKEg-1"
} ] }
v1.0 Unifiedroleassignmentschedulerequest Cancel https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentschedulerequest-cancel.md
Title: "unifiedRoleAssignmentScheduleRequest: cancel" description: "Cancel a unifiedRoleAssignmentScheduleRequest."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Immediately cancel a [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) and have the system automatically delete the cancelled request after 30 days.
+Immediately cancel a [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object that is in a `Granted` status, and have the system automatically delete the canceled request after 30 days. After calling this action, the **status** of the canceled unifiedRoleAssignmentScheduleRequest changes to `Canceled`.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
Do not supply a request body for this method.
## Response
-If successful, this action returns a `204 No Content` response code.
+If successful, this action returns a `204 No Content` response code. Attempting to cancel a request that is not in a cancelable state, for example, a unifiedRoleAssignmentScheduleRequest object whose **status** is `Provisioned` or `Failed`, returns a `400 Bad Request` error code.
## Examples
If successful, this action returns a `204 No Content` response code.
} --> ``` http
-POST https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentScheduleRequests/{unifiedRoleAssignmentScheduleRequestsId}/cancel
+POST https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentScheduleRequests/15fec3d4-64b1-4b03-beb7-f1ba6dddf6cc/cancel
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/unifiedroleassignmentschedulerequest-cancel-csharp-snippets.md)]
POST https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentSch
### Response
-**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true
v1.0 Unifiedroleassignmentschedulerequest Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentschedulerequest-filterbycurrentuser.md
Title: "unifiedRoleAssignmentScheduleRequest: filterByCurrentUser" description: "Get a list of the unifiedRoleAssignmentScheduleRequest objects and their properties filtered by a particular user principal"-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
One of the following permissions is required to call this API. To learn more, in
} --> ``` http
-GET /roleManagement/directory/roleAssignmentScheduleRequests/filterByCurrentUser
+GET /roleManagement/directory/roleAssignmentScheduleRequests/filterByCurrentUser(on='principal')
```
-## Query parameters
+## Function parameters
The following table shows the query parameters that can be used with this method. |Parameter|Type|Description| |:|:|:|
-|on|RoleAssignmentScheduleRequestFilterByCurrentUserOptions|Id of the principal object.|
+|on|RoleAssignmentScheduleRequestFilterByCurrentUserOptions|Filter to query objects for which the current user is the principal. Allowed value is `principal`. Required.|
+## Optional query parameters
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+ ## Request headers |Name|Description| |:|:|
Do not supply a request body for this method.
## Response
-If successful, this method returns a `200 OK` response code and a [unifiedRoleAssignmentScheduleRequest](../resources/unifiedRoleAssignmentScheduleRequest.md) collection in the response body.
+If successful, this method returns a `200 OK` response code and a collection of[unifiedRoleAssignmentScheduleRequest](../resources/unifiedRoleAssignmentScheduleRequest.md) objects in the response body.
## Examples
If successful, this method returns a `200 OK` response code and a [unifiedRoleAs
} --> ``` http
-GET https://graph.microsoft.com/beta/roleManagement/directory/RoleAssignmentScheduleRequests/filterByCurrentUser(on='d6e4112f-112f-d6e4-2f11-e4d62f11e4d6')
+GET https://graph.microsoft.com/beta/roleManagement/directory/RoleAssignmentScheduleRequests/filterByCurrentUser(on='principal')
``` ### Response
-**Note:** The response object shown here might be shortened for readability.
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 200 OK
Content-Type: application/json {
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(unifiedRoleAssignmentScheduleRequest)",
"value": [ {
- "id": "b1477448-2cc6-4ceb-93b4-54a202a89413",
+ "id": "b5a22921-656a-4429-9c4e-59a5f576614d",
+ "status": "Provisioned",
+ "createdDateTime": "2021-07-27T09:18:42.737Z",
+ "completedDateTime": "2021-07-27T09:18:42.78Z",
+ "approvalId": null,
+ "customData": null,
"action": "AdminAssign",
- "principalId": "b1477448-2cc6-4ceb-93b4-54a202a89413",
- "roleDefinitionId": "b1477448-2cc6-4ceb-93b4-54a202a89413",
- "directoryScopeId": "b1477448-2cc6-4ceb-93b4-54a202a89413",
- "appScopeId": "b1477448-2cc6-4ceb-93b4-54a202a89413",
+ "principalId": "5659e4d9-9ab6-4678-9f1b-72322d469e9b",
+ "roleDefinitionId": "fdd7a751-b60b-444a-984c-02652fe8fa1c",
+ "directoryScopeId": "/",
+ "appScopeId": null,
"isValidationOnly": false,
- "targetScheduleId": "b1477448-2cc6-4ceb-93b4-54a202a89413",
- "justification": "this is a justification",
+ "targetScheduleId": "b5a22921-656a-4429-9c4e-59a5f576614d",
+ "justification": "Assign User Admin to IT Helpdesk (User) group",
+ "createdBy": {
+ "application": null,
+ "device": null,
+ "user": {
+ "displayName": null,
+ "id": "fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f"
+ }
+ },
"scheduleInfo": {
- "@odata.type": "microsoft.graph.requestSchedule"
+ "startDateTime": "2021-07-27T09:18:42.7811184Z",
+ "recurrence": null,
+ "expiration": {
+ "type": "noExpiration",
+ "endDateTime": null,
+ "duration": null
+ }
}, "ticketInfo": {
- "@odata.type": "microsoft.graph.ticketInfo"
+ "ticketNumber": null,
+ "ticketSystem": null
} } ]
v1.0 Unifiedroleassignmentschedulerequest Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentschedulerequest-get.md
Title: "Get unifiedRoleAssignmentScheduleRequest" description: "Read the properties and relationships of an unifiedRoleAssignmentScheduleRequest object."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
If successful, this method returns a `200 OK` response code and an [unifiedRoleA
} --> ``` http
-GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentScheduleRequests/{unifiedRoleAssignmentScheduleRequestsId}
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentScheduleRequests/b5a22921-656a-4429-9c4e-59a5f576614d
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/get-unifiedroleassignmentschedulerequest-csharp-snippets.md)]
GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentSche
### Response
-**Note:** The response object shown here might be shortened for readability.
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 200 OK
Content-Type: application/json {
- "value": {
- "id": "c13ee236-e236-c13e-36e2-3ec136e23ec1",
- "action": "String",
- "principalId": "String",
- "roleDefinitionId": "String",
- "directoryScopeId": "String",
- "appScopeId": "String",
- "isValidationOnly": "Boolean",
- "targetScheduleId": "String",
- "justification": "String",
- "scheduleInfo": {
- "@odata.type": "microsoft.graph.requestSchedule"
- },
- "ticketInfo": {
- "@odata.type": "microsoft.graph.ticketInfo"
+ "id": "b5a22921-656a-4429-9c4e-59a5f576614d",
+ "status": "Provisioned",
+ "createdDateTime": "2021-07-27T09:18:42.737Z",
+ "completedDateTime": "2021-07-27T09:18:42.78Z",
+ "approvalId": null,
+ "customData": null,
+ "action": "AdminAssign",
+ "principalId": "5659e4d9-9ab6-4678-9f1b-72322d469e9b",
+ "roleDefinitionId": "fdd7a751-b60b-444a-984c-02652fe8fa1c",
+ "directoryScopeId": "/",
+ "appScopeId": null,
+ "isValidationOnly": false,
+ "targetScheduleId": "b5a22921-656a-4429-9c4e-59a5f576614d",
+ "justification": "Assign User Admin to IT Helpdesk (User) group",
+ "createdBy": {
+ "application": null,
+ "device": null,
+ "user": {
+ "displayName": null,
+ "id": "fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f"
+ }
+ },
+ "scheduleInfo": {
+ "startDateTime": "2021-07-27T09:18:42.7811184Z",
+ "recurrence": null,
+ "expiration": {
+ "type": "noExpiration",
+ "endDateTime": null,
+ "duration": null
}
+ },
+ "ticketInfo": {
+ "ticketNumber": null,
+ "ticketSystem": null
} } ```
v1.0 Unifiedroleassignmentschedulerequest List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentschedulerequest-list.md
Title: "List unifiedRoleAssignmentScheduleRequests" description: "Get a list of the unifiedRoleAssignmentScheduleRequest objects and their properties."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentSche
### Response
-**Note:** The response object shown here might be shortened for readability.
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response",
HTTP/1.1 200 OK
Content-Type: application/json {
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleAssignmentScheduleRequests",
"value": [ {
- "id": "c13ee236-e236-c13e-36e2-3ec136e23ec1",
- "action": "String",
- "principalId": "String",
- "roleDefinitionId": "String",
- "directoryScopeId": "String",
- "appScopeId": "String",
- "isValidationOnly": "Boolean",
- "targetScheduleId": "String",
- "justification": "String",
+ "id": "b5a22921-656a-4429-9c4e-59a5f576614d",
+ "status": "Provisioned",
+ "createdDateTime": "2021-07-27T09:18:42.737Z",
+ "completedDateTime": "2021-07-27T09:18:42.78Z",
+ "approvalId": null,
+ "customData": null,
+ "action": "AdminAssign",
+ "principalId": "5659e4d9-9ab6-4678-9f1b-72322d469e9b",
+ "roleDefinitionId": "fdd7a751-b60b-444a-984c-02652fe8fa1c",
+ "directoryScopeId": "/",
+ "appScopeId": null,
+ "isValidationOnly": false,
+ "targetScheduleId": "b5a22921-656a-4429-9c4e-59a5f576614d",
+ "justification": "Assign User Admin to IT Helpdesk (User) group",
+ "createdBy": {
+ "application": null,
+ "device": null,
+ "user": {
+ "displayName": null,
+ "id": "fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f"
+ }
+ },
"scheduleInfo": {
- "@odata.type": "microsoft.graph.requestSchedule"
+ "startDateTime": "2021-07-27T09:18:42.7811184Z",
+ "recurrence": null,
+ "expiration": {
+ "type": "noExpiration",
+ "endDateTime": null,
+ "duration": null
+ }
}, "ticketInfo": {
- "@odata.type": "microsoft.graph.ticketInfo"
+ "ticketNumber": null,
+ "ticketSystem": null
} } ]
v1.0 Unifiedroleassignmentschedulerequest Post Unifiedroleassignmentschedulerequests https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentschedulerequest-post-unifiedroleassignmentschedulerequests.md
Title: "Create unifiedRoleAssignmentScheduleRequest" description: "Create a new unifiedRoleAssignmentScheduleRequest object."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Create a new [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object.
+Create a new [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object. This operation allows both admins and users to add, remove, extend, or renew assignments. To run this request, the calling user must have multi-factor authentication (MFA) enforced, and running the query in a session in which they were challenged for MFA. See [Enable per-user Azure AD Multi-Factor Authentication to secure sign-in events](/azure/active-directory/authentication/howto-mfa-userstates).
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
The following table shows the properties that are required when you create the [
|Property|Type|Description| |:|:|:| |id|String|The unique identifier for the unifiedRoleAssignmentScheduleRequest. Key, not nullable, Read-only.|
-|action|String|Representing the type of the operation on the role assignment. The value can be <ul><li>`AdminAdd`: Administrators assign users/groups to roles;</li><li>`UserAdd`: Users activate eligible assignments;</li><li> `AdminUpdate`: Administrators change existing role assignments</li><li>`AdminRemove`: Administrators remove users/groups from roles;<li>`UserRemove`: Users deactivate active assignments;<li>`UserExtend`: Users request to extend their expiring assignments;</li><li>`AdminExtend`: Administrators extend expiring assignments.</li><li>`UserRenew`: Users request to renew their expired assignments;</li><li>`AdminRenew`: Administrators extend expiring assignments.</li></ul>|
-|principalId|String|Objectid of the principal to which the assignment is being granted to.|
-|roleDefinitionId|String|ID of the unifiedRoleDefinition the assignment is for. Read only.|
-|directoryScopeId|String|Id of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only.|
-|appScopeId|String|Id of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only.|
-|isValidationOnly|Boolean|A boolean that determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request.|
+|action|String|Represents the type of the operation on the role assignment. The possible values are: <ul><li>`AdminAssign`: For administrators to assign roles to users or groups.</li><li>`AdminRemove`: For administrators to remove users or groups from roles.</li><li> `AdminUpdate`: For administrators to change existing role assignments.</li><li>`AdminExtend`: For administrators to extend expiring assignments.</li><li>`AdminRenew`: For administrators to renew expired assignments.</li><li>`SelfActivate`: For users to activate their assignments.</li><li>`SelfDeactivate`: For users to deactivate their active assignments.</li><li>`SelfExtend`: For users to request to extend their expiring assignments.</li><li>`SelfRenew`: For users to request to renew their expired assignments.</li></ul>
+|principalId|String|Identifier of the principal to which the assignment is being granted to.|
+|roleDefinitionId|String|Identifier of the unifiedRoleDefinition the assignment is for. Read only.|
+|directoryScopeId|String|Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. Use **appScopeId** to limit the scope to an application only. |
+|appScopeId|String|Identifier of the app-specific scope when the assignment scope is app-specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use `/` for tenant-wide app scopes. Use **directoryScopeId** to limit the scope to particular directory objects, for example, administrative units.|
+|isValidationOnly|Boolean|Specifies whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request.|
|targetScheduleId|String|ID of the schedule object attached to the assignment.| |justification|String|A message provided by users and administrators when create the request about why it is needed.| |scheduleInfo|[requestSchedule](../resources/requestschedule.md)|The schedule object of the role assignment request.|
The following table shows the properties that are required when you create the [
If successful, this method returns a `201 Created` response code and an [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object in the response body.
+When the calling user was not challenged for multi-factor authentication during their sign in session, a request with the SelfActivate action fails and returns a `400 Bad request` response code.
+ ## Examples
-### Request
+### Example 1: Admin assigning a directory role to a principal
+
+#### Request
+
+In the following request, the admin creates a request to assign a role identified by `fdd7a751-b60b-444a-984c-02652fe8fa1c` to a principal identified by **id** `07706ff1-46c7-4847-ae33-3003830675a1`. The scope of their role is all directory objects in the tenant and the assignment is permanent, that is, it doesn't expire.
# [HTTP](#tab/http) <!-- {
If successful, this method returns a `201 Created` response code and an [unified
``` http POST https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentScheduleRequests/ Content-Type: application/json
-Content-length: 510
{
- "@odata.type": "#Microsoft.Identity.Governance.Common.Data.ExternalModels.V1.unifiedRoleAssignmentScheduleRequest",
- "action": "String",
- "principalId": "String",
- "roleDefinitionId": "String",
- "directoryScopeId": "String",
- "appScopeId": "String",
- "isValidationOnly": "Boolean",
- "targetScheduleId": "String",
- "justification": "String",
+ "action": "AdminAssign",
+ "justification": "Assign User Admin to IT Helpdesk (User) group",
+ "roleDefinitionId": "fdd7a751-b60b-444a-984c-02652fe8fa1c",
+ "directoryScopeId": "/",
+ "principalId": "07706ff1-46c7-4847-ae33-3003830675a1",
"scheduleInfo": {
- "@odata.type": "microsoft.graph.requestSchedule"
- },
- "ticketInfo": {
- "@odata.type": "microsoft.graph.ticketInfo"
+ "startDateTime": "2021-07-01T00:00:00Z",
+ "expiration": {
+ "type": "NoExpiration"
+ }
} } ```
Content-length: 510
-### Response
-**Note:** The response object shown here might be shortened for readability.
+#### Response
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 201 Created
Content-Type: application/json {
- "id": "c13ee236-e236-c13e-36e2-3ec136e23ec1",
- "action": "String",
- "principalId": "String",
- "roleDefinitionId": "String",
- "directoryScopeId": "String",
- "appScopeId": "String",
- "isValidationOnly": "Boolean",
- "targetScheduleId": "String",
- "justification": "String",
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleAssignmentScheduleRequests/$entity",
+ "id": "b5a22921-656a-4429-9c4e-59a5f576614d",
+ "status": "Provisioned",
+ "createdDateTime": "2021-07-27T09:18:40.2029365Z",
+ "completedDateTime": "2021-07-27T09:18:42.7811184Z",
+ "approvalId": null,
+ "customData": null,
+ "action": "AdminAssign",
+ "principalId": "07706ff1-46c7-4847-ae33-3003830675a1",
+ "roleDefinitionId": "fdd7a751-b60b-444a-984c-02652fe8fa1c",
+ "directoryScopeId": "/",
+ "appScopeId": null,
+ "isValidationOnly": false,
+ "targetScheduleId": "b5a22921-656a-4429-9c4e-59a5f576614d",
+ "justification": "Assign User Admin to IT Helpdesk (User) group",
+ "createdBy": {
+ "application": null,
+ "device": null,
+ "user": {
+ "displayName": null,
+ "id": "fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f"
+ }
+ },
"scheduleInfo": {
- "@odata.type": "microsoft.graph.requestSchedule"
+ "startDateTime": "2021-07-27T09:18:42.7811184Z",
+ "recurrence": null,
+ "expiration": {
+ "type": "noExpiration",
+ "endDateTime": null,
+ "duration": null
+ }
}, "ticketInfo": {
- "@odata.type": "microsoft.graph.ticketInfo"
+ "ticketNumber": null,
+ "ticketSystem": null
} } ```
+### Example 2: User activating their eligible role
+
+#### Request
+
+In the following request, a user identified by **principalId** `c6ad1942-4afa-47f8-8d48-afb5d8d69d2f` activates their own eligible role identified by `9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3`. The scope of their role is all directory objects in the tenant and the assignment is for five hours. To run this request, the calling user must have multi-factor authentication (MFA) enforced, and running the query in a session in which they were challenged for MFA.
+
+<!-- {
+ "blockType": "request",
+ "name": "create_unifiedroleassignmentschedulerequest_from_unifiedroleassignmentschedulerequests_SelfActivate"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentScheduleRequests/
+Content-Type: application/json
+
+{
+ "action": "SelfActivate",
+ "principalId": "c6ad1942-4afa-47f8-8d48-afb5d8d69d2f",
+ "roleDefinitionId": "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3",
+ "directoryScopeId": "/",
+ "justification": "Need to update app roles for selected apps.",
+ "scheduleInfo": {
+ "startDateTime": "2021-08-17T17:40:00.000Z",
+ "expiration": {
+ "type": "AfterDuration",
+ "duration": "PT5H"
+ }
+ },
+ "ticketInfo": {
+ "ticketNumber": "CONTOSO:Normal-67890",
+ "ticketSystem": "MS Project"
+ }
+}
+```
++
+#### Response
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleAssignmentScheduleRequest"
+}
+-->
+``` http
+HTTP/1.1 201 Created
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleAssignmentScheduleRequests/$entity",
+ "id": "163daf73-8746-4996-87de-ab71dc624bf9",
+ "status": "Granted",
+ "createdDateTime": "2021-08-17T17:39:36.7040696Z",
+ "completedDateTime": "2021-08-17T17:40:00Z",
+ "approvalId": null,
+ "customData": null,
+ "action": "SelfActivate",
+ "principalId": "c6ad1942-4afa-47f8-8d48-afb5d8d69d2f",
+ "roleDefinitionId": "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3",
+ "directoryScopeId": "/",
+ "appScopeId": null,
+ "isValidationOnly": false,
+ "targetScheduleId": "163daf73-8746-4996-87de-ab71dc624bf9",
+ "justification": "Need to update app roles for selected apps.",
+ "createdBy": {
+ "application": null,
+ "device": null,
+ "user": {
+ "displayName": null,
+ "id": "c6ad1942-4afa-47f8-8d48-afb5d8d69d2f"
+ }
+ },
+ "scheduleInfo": {
+ "startDateTime": "2021-08-17T17:40:00Z",
+ "recurrence": null,
+ "expiration": {
+ "type": "afterDuration",
+ "endDateTime": null,
+ "duration": "PT5H"
+ }
+ },
+ "ticketInfo": {
+ "ticketNumber": "CONTOSO:Normal-67890",
+ "ticketSystem": "MS Project"
+ }
+}
+```
v1.0 Unifiedroleeligibilityschedule Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleeligibilityschedule-filterbycurrentuser.md
Title: "unifiedRoleEligibilitySchedule: filterByCurrentUser" description: "Get a list of the unifiedRoleEligibilitySchedule objects and their properties filtered by a particular user principal"-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
One of the following permissions is required to call this API. To learn more, in
} --> ``` http
-GET roleManagement/directory/roleEligibilitySchedules/filterByCurrentUser
+GET roleManagement/directory/roleEligibilitySchedules/filterByCurrentUser(on='principal')
```
-## Query parameters
+## Function parameters
The following table shows the parameters that can be used with this method. |Parameter|Type|Description| |:|:|:|
-|on|roleEligibilityScheduleFilterByCurrentUserOptions|Id of the current user.|
+|on|roleEligibilityScheduleFilterByCurrentUserOptions|The currently signed-in user. Allowed value is `principal`.|
+## Optional query parameters
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers |Name|Description|
Do not supply a request body for this method.
## Response
-If successful, this method returns a `200 OK` response code and a [unifiedRoleEligibilitySchedule](../resources/unifiedroleeligibilityschedule.md) collection in the response body.
+If successful, this method returns a `200 OK` response code and a collection of [unifiedRoleEligibilitySchedule](../resources/unifiedroleeligibilityschedule.md) objects in the response body.
## Examples
If successful, this method returns a `200 OK` response code and a [unifiedRoleEl
} --> ``` http
-GET https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilitySchedules/filterByCurrentUser(on='eb18c026-c026-eb18-26c0-18eb26c018eb')
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilitySchedules/filterByCurrentUser(on='principal')
``` ### Response
-**Note:** The response object shown here might be shortened for readability.
+
+The following is an example of the response showing an eligibility schedule that is through a group assignment.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 200 OK
Content-Type: application/json {
- "value": [
- {
- "id": "eb18c026-c026-eb18-26c0-18eb26c018eb",
- "principalId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
- "roleDefinitionId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
- "directoryScopeId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
- "appScopeId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
- "createdUsing": "eb18c026-c026-eb18-26c0-18eb26c018eb",
- "createdDateTime": "2020-09-09T21:35:27.91Z",
- "modifiedDateTime": "2020-09-09T21:35:27.91Z",
- "status": "Provisioned",
- "scheduleInfo": {
- "@odata.type": "microsoft.graph.requestSchedule"
- },
- "memberType": "direct"
- }
- ]
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(unifiedRoleEligibilitySchedule)",
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.unifiedRoleEligibilitySchedule",
+ "id": "6938d75d-ad66-4c7d-9028-0c9b00296945",
+ "principalId": "c6ad1942-4afa-47f8-8d48-afb5d8d69d2f",
+ "roleDefinitionId": "fe930be7-5e62-47db-91af-98c3a49a38b1",
+ "directoryScopeId": "/",
+ "appScopeId": null,
+ "createdUsing": "6938d75d-ad66-4c7d-9028-0c9b00296945",
+ "createdDateTime": "2021-08-09T10:15:05.96Z",
+ "modifiedDateTime": "0001-01-01T08:00:00Z",
+ "status": "Provisioned",
+ "memberType": "Direct",
+ "scheduleInfo": {
+ "startDateTime": "2021-08-09T10:15:05.96Z",
+ "recurrence": null,
+ "expiration": {
+ "type": "noExpiration",
+ "endDateTime": null,
+ "duration": null
+ }
+ }
+ }
+ ]
} ```
v1.0 Unifiedroleeligibilityschedule Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleeligibilityschedule-get.md
Title: "Get unifiedRoleEligibilitySchedule" description: "Read the properties and relationships of an unifiedRoleEligibilitySchedule object."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
If successful, this method returns a `200 OK` response code and an [unifiedRoleE
} --> ``` http
-GET https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilitySchedules/5cfd7709-7709-5cfd-0977-fd5c0977fd5c
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilitySchedules/313af44a-07c9-43a7-9970-5072a6b5591f
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/get-unifiedroleeligibilityschedule-csharp-snippets.md)]
GET https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilitySch
### Response
-**Note:** The response object shown here might be shortened for readability.
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 200 OK
Content-Type: application/json {
- "value": {
- "id": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
- "principalId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
- "roleDefinitionId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
- "directoryScopeId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
- "appScopeId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
- "createdUsing": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
- "createdDateTime": "2020-09-09T21:35:27.91Z",
- "modifiedDateTime": "2020-09-09T21:35:27.91Z",
- "status": "Provisioned",
- "scheduleInfo": {
- "@odata.type": "microsoft.graph.requestSchedule"
- },
- "memberType": "direct"
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleEligibilitySchedules/$entity",
+ "@odata.type": "#microsoft.graph.unifiedRoleAssignmentSchedule",
+ "id": "313af44a-07c9-43a7-9970-5072a6b5591f",
+ "principalId": "398164b1-5196-49dd-ada2-364b49f99b27",
+ "roleDefinitionId": "fdd7a751-b60b-444a-984c-02652fe8fa1c",
+ "directoryScopeId": "/",
+ "appScopeId": null,
+ "createdUsing": "313af44a-07c9-43a7-9970-5072a6b5591f",
+ "createdDateTime": "2021-07-27T13:51:08.43Z",
+ "modifiedDateTime": null,
+ "status": "Provisioned",
+ "assignmentType": "Assigned",
+ "memberType": "Direct",
+ "scheduleInfo": {
+ "startDateTime": "2021-07-27T13:51:08.43Z",
+ "recurrence": null,
+ "expiration": {
+ "type": "noExpiration",
+ "endDateTime": null,
+ "duration": null
+ }
} } ```
v1.0 Unifiedroleeligibilityschedule List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleeligibilityschedule-list.md
Title: "List unifiedRoleEligibilitySchedules" description: "Get a list of the unifiedRoleEligibilitySchedule objects and their properties."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
GET /roleManagement/directory/roleEligibilitySchedules
``` ## Optional query parameters
-This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+This method supports the `$select` and `$filter` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers |Name|Description|
GET https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilitySch
### Response
-**Note:** The response object shown here might be shortened for readability.
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 200 OK
Content-Type: application/json {
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleEligibilitySchedules",
"value": [ {
- "id": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
- "principalId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
- "roleDefinitionId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
- "directoryScopeId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
- "appScopeId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
- "createdUsing": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
- "createdDateTime": "2020-09-09T21:35:27.91Z",
- "modifiedDateTime": "2020-09-09T21:35:27.91Z",
+ "id": "313af44a-07c9-43a7-9970-5072a6b5591f",
+ "principalId": "398164b1-5196-49dd-ada2-364b49f99b27",
+ "roleDefinitionId": "fdd7a751-b60b-444a-984c-02652fe8fa1c",
+ "directoryScopeId": "/",
+ "appScopeId": null,
+ "createdUsing": "313af44a-07c9-43a7-9970-5072a6b5591f",
+ "createdDateTime": "2021-07-27T13:51:08.43Z",
+ "modifiedDateTime": "0001-01-01T08:00:00Z",
"status": "Provisioned",
+ "memberType": "Direct",
"scheduleInfo": {
- "@odata.type": "microsoft.graph.requestSchedule"
- },
- "memberType": "direct"
+ "startDateTime": "2021-07-27T13:51:08.43Z",
+ "recurrence": null,
+ "expiration": {
+ "type": "noExpiration",
+ "endDateTime": null,
+ "duration": null
+ }
+ }
} ] }
v1.0 Unifiedroleeligibilityscheduleinstance Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleeligibilityscheduleinstance-filterbycurrentuser.md
Title: "unifiedRoleEligibilityScheduleInstance: filterByCurrentUser" description: "Get a list of the unifiedRoleEligibilityScheduleInstance objects and their properties filtered by a particular user principal"-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
One of the following permissions is required to call this API. To learn more, in
} --> ``` http
-GET /roleManagement/directory/roleEligibilityScheduleInstances/filterByCurrentUser
+GET /roleManagement/directory/roleEligibilityScheduleInstances/filterByCurrentUser(on='principal')
```
-## Query parameters
+## Function parameters
The following table shows the query parameters that can be used with this method. |Parameter|Type|Description| |:|:|:|
-|on|roleEligibilityScheduleInstanceFilterByCurrentUserOptions|Id of the current user.|
+|on|roleEligibilityScheduleInstanceFilterByCurrentUserOptions|Filter to query objects for which the current user is the principal. Allowed value is `principal`. Required.|
+
+## Optional query parameters
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers
Do not supply a request body for this method.
## Response
-If successful, this method returns a `200 OK` response code and a [unifiedRoleEligibilityScheduleInstance](../resources/unifiedroleeligibilityscheduleinstance.md) collection in the response body.
+If successful, this method returns a `200 OK` response code and a collection of [unifiedRoleEligibilityScheduleInstance](../resources/unifiedroleeligibilityscheduleinstance.md) objects in the response body.
## Examples
If successful, this method returns a `200 OK` response code and a [unifiedRoleEl
} --> ``` http
-GET https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilityScheduleInstances/filterByCurrentUser(on='5cfd7709-7709-5cfd-0977-fd5c0977fd5c')
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilityScheduleInstances/filterByCurrentUser(on='principal')
``` ### Response
-**Note:** The response object shown here might be shortened for readability.
+
+The following is an example of the response showing an instance of a roleEligibilitySchedule that is through a group assignment.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 200 OK
Content-Type: application/json {
- "value": [
- {
- "id": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
- "principalId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
- "roleDefinitionId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
- "directoryScopeId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
- "appScopeId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
- "startDateTime": "2020-09-09T21:35:27.91Z",
- "endDateTime": "2020-09-09T21:35:27.91Z",
- "memberType": "direct",
- "roleEligibilityScheduleId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c"
- }
- ]
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(unifiedRoleEligibilityScheduleInstance)",
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.unifiedRoleEligibilityScheduleInstance",
+ "id": "5wuT_mJe20eRr5jDpJo4sXbfd22VX0BOmpL501774kM-1-e",
+ "principalId": "92f37639-ba1e-471c-b9ba-922371c740cb",
+ "roleDefinitionId": "fe930be7-5e62-47db-91af-98c3a49a38b1",
+ "directoryScopeId": "/",
+ "appScopeId": null,
+ "startDateTime": "2021-08-06T16:18:04.793Z",
+ "endDateTime": "2022-06-30T00:00:00Z",
+ "memberType": "Group",
+ "roleEligibilityScheduleId": "2303e6ff-5939-496f-8057-9203db4c75f3"
+ }
+ ]
} ```
v1.0 Unifiedroleeligibilityscheduleinstance Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleeligibilityscheduleinstance-get.md
Title: "Get unifiedRoleEligibilityScheduleInstance" description: "Read the properties and relationships of an unifiedRoleEligibilityScheduleInstance object."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
GET /roleManagement/directory/roleEligibilityScheduleInstances/{unifiedRoleEligi
``` ## Optional query parameters
-This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers |Name|Description|
If successful, this method returns a `200 OK` response code and an [unifiedRoleE
} --> ``` http
-GET https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilityScheduleInstances/5cfd7709-7709-5cfd-0977-fd5c0977fd5c
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilityScheduleInstances/UafX_Qu2SkSYTAJlL-j6HCssmvzcHW1IohFf6Mp3-h9xbmLcN0jrQL5KvCnYihF4-2-e
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/get-unifiedroleeligibilityscheduleinstance-csharp-snippets.md)]
GET https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilitySch
### Response
-**Note:** The response object shown here might be shortened for readability.
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 200 OK
Content-Type: application/json {
- "value": {
- "id": "d12c1ab0-1ab0-d12c-b01a-2cd1b01a2cd1",
- "principalId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
- "roleDefinitionId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
- "directoryScopeId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
- "appScopeId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
- "startDateTime": "2020-09-09T21:35:27.91Z",
- "endDateTime": "2020-09-09T21:35:27.91Z",
- "memberType": "direct",
- "roleEligibilityScheduleId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c"
- }
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleEligibilityScheduleInstances/$entity",
+ "id": "UafX_Qu2SkSYTAJlL-j6HCssmvzcHW1IohFf6Mp3-h9xbmLcN0jrQL5KvCnYihF4-2-e",
+ "principalId": "fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
+ "roleDefinitionId": "fdd7a751-b60b-444a-984c-02652fe8fa1c",
+ "directoryScopeId": "/administrativeUnits/dc626e71-4837-40eb-be4a-bc29d88a1178",
+ "appScopeId": null,
+ "startDateTime": "2021-07-27T14:03:04.4Z",
+ "endDateTime": null,
+ "memberType": "Direct",
+ "roleEligibilityScheduleId": "3dc04956-5e79-4e84-a2fc-4c168bb30a5f"
} ```
v1.0 Unifiedroleeligibilityscheduleinstance List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleeligibilityscheduleinstance-list.md
Title: "List unifiedRoleEligibilityScheduleInstances" description: "Get a list of the unifiedRoleEligibilityScheduleInstance objects and their properties."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
GET /roleManagement/directory/roleEligibilityScheduleInstances
``` ## Optional query parameters
-This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+This method supports the `$select` and `$filter` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers |Name|Description|
GET https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilitySch
### Response
-**Note:** The response object shown here might be shortened for readability.
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 200 OK
Content-Type: application/json {
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleEligibilityScheduleInstances",
"value": [ {
- "id": "d12c1ab0-1ab0-d12c-b01a-2cd1b01a2cd1",
- "principalId": "d12c1ab0-1ab0-d12c-b01a-2cd1b01a2cd1",
- "roleDefinitionId": "d12c1ab0-1ab0-d12c-b01a-2cd1b01a2cd1",
- "directoryScopeId": "d12c1ab0-1ab0-d12c-b01a-2cd1b01a2cd1",
- "appScopeId": "d12c1ab0-1ab0-d12c-b01a-2cd1b01a2cd1",
- "startDateTime": "2020-09-09T21:35:27.91Z",
- "endDateTime": "2020-09-09T21:35:27.91Z",
- "memberType": "direct",
- "roleEligibilityScheduleId": "d12c1ab0-1ab0-d12c-b01a-2cd1b01a2cd1"
+ "id": "UafX_Qu2SkSYTAJlL-j6HCssmvzcHW1IohFf6Mp3-h9xbmLcN0jrQL5KvCnYihF4-2-e",
+ "principalId": "fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
+ "roleDefinitionId": "fdd7a751-b60b-444a-984c-02652fe8fa1c",
+ "directoryScopeId": "/administrativeUnits/dc626e71-4837-40eb-be4a-bc29d88a1178",
+ "appScopeId": null,
+ "startDateTime": "2021-07-27T14:03:04.4Z",
+ "endDateTime": null,
+ "memberType": "Direct",
+ "roleEligibilityScheduleId": "3dc04956-5e79-4e84-a2fc-4c168bb30a5f"
+ },
+ {
+ "id": "UafX_Qu2SkSYTAJlL-j6HLFkgTmWUd1JraI2S0n5myc-1-e",
+ "principalId": "398164b1-5196-49dd-ada2-364b49f99b27",
+ "roleDefinitionId": "fdd7a751-b60b-444a-984c-02652fe8fa1c",
+ "directoryScopeId": "/",
+ "appScopeId": null,
+ "startDateTime": "2021-07-27T13:51:08.43Z",
+ "endDateTime": null,
+ "memberType": "Direct",
+ "roleEligibilityScheduleId": "313af44a-07c9-43a7-9970-5072a6b5591f"
} ] }
v1.0 Unifiedroleeligibilityschedulerequest Cancel https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleeligibilityschedulerequest-cancel.md
Title: "unifiedRoleEligibilityScheduleRequest: cancel" description: "Cancel a unifiedRoleEligibilityScheduleRequest."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
doc_type: apiPageType
# unifiedRoleEligibilityScheduleRequest: cancel Namespace: microsoft.graph
-Immediately cancel a [unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md) and have the system automatically delete the cancelled request after 30 days.
+Immediately cancel a [unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md) that is in a `Granted` status, and have the system automatically delete the cancelled request after 30 days. After calling this action, the **status** of the cancelled unifiedRoleEligibilityScheduleRequest changes to `Revoked`.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
Do not supply a request body for this method.
## Response
-If successful, this action returns a `204 No Content` response code.
+If successful, this action returns a `204 No Content` response code. Attempting to cancel a request that is not in a cancelable state, for example, a unifiedRoleEligibilityScheduleRequest object whose **status** is `Provisioned` or `Failed`, returns a `400 Bad Request` error code.
## Examples
If successful, this action returns a `204 No Content` response code.
} --> ``` http
-POST https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilityScheduleRequests/{unifiedRoleEligibilityScheduleRequestsId}/cancel
+POST https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilityScheduleRequests/532bef1f-c677-4564-aa6f-811444a4f018/cancel
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/unifiedroleeligibilityschedulerequest-cancel-csharp-snippets.md)]
POST https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilitySc
### Response
-**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true
v1.0 Unifiedroleeligibilityschedulerequest Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleeligibilityschedulerequest-filterbycurrentuser.md
Title: "unifiedRoleEligibilityScheduleRequest: filterByCurrentUser" description: "Get a list of the unifiedRoleEligibilityScheduleRequest objects and their properties filtered by a particular user principal"-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Get a list of the [unifiedRoleEligibilityScheduleRequest](../resources/unifiedRoleEligibilityScheduleRequest.md) objects and their properties associated with a particular principal object.
+Get a list of the [unifiedRoleEligibilityScheduleRequest](../resources/unifiedRoleEligibilityScheduleRequest.md) objects and their properties associated with the currently signed in principal object.
+
+> [!NOTE]
+> This method doesn't retrieve objects for groups that the currently signed in user is member of, and which have the eligible assignment.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
} --> ``` http
-GET /roleManagement/directory/RoleEligibilityScheduleRequests/filterByCurrentUser
+GET /roleManagement/directory/RoleEligibilityScheduleRequests/filterByCurrentUser(on='principal')
``` ## Function parameters
The following table shows the parameters that can be used with this function.
|Parameter|Type|Description| |:|:|:|
-|on|RoleEligibilityScheduleRequestFilterByCurrentUserOptions|ID of the principal object|
+|on|RoleEligibilityScheduleRequestFilterByCurrentUserOptions|Filter to query objects for which the current user is the principal. Allowed value is `principal`. Required. Doesn't retrieve assignments for groups that this user is a member of.|
++
+## Optional query parameters
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers
If successful, this function returns a `200 OK` response code and a [unifiedRole
} --> ``` http
-GET https://graph.microsoft.com/beta/roleManagement/directory/RoleEligibilityScheduleRequests/filterByCurrentUser(on='parameterValue')
+GET https://graph.microsoft.com/beta/roleManagement/directory/RoleEligibilityScheduleRequests/filterByCurrentUser(on='principal')
``` ### Response
-**Note:** The response object shown here might be shortened for readability.
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 200 OK
Content-Type: application/json {
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(unifiedRoleEligibilityScheduleRequest)",
"value": [ {
- "id": "String (identifier)",
- "action": "String",
- "principalId": "String",
- "roleDefinitionId": "String",
- "directoryScopeId": "String",
- "appScopeId": "String",
- "isValidationOnly": "Boolean",
- "targetScheduleId": "String",
- "justification": "String",
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleEligibilityScheduleRequests/$entity",
+ "id": "26bc6813-5457-4302-a482-afafd4e2962a",
+ "status": "Provisioned",
+ "createdDateTime": "2021-07-26T18:15:30.7671793Z",
+ "completedDateTime": "2021-07-26T18:15:33.1266138Z",
+ "approvalId": null,
+ "customData": null,
+ "action": "AdminAssign",
+ "principalId": "fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
+ "roleDefinitionId": "fdd7a751-b60b-444a-984c-02652fe8fa1c",
+ "directoryScopeId": "/",
+ "appScopeId": null,
+ "isValidationOnly": false,
+ "targetScheduleId": "26bc6813-5457-4302-a482-afafd4e2962a",
+ "justification": "Assign User Admin eligibility to IT Helpdesk (User) group",
+ "createdBy": {
+ "application": null,
+ "device": null,
+ "user": {
+ "displayName": null,
+ "id": "fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f"
+ }
+ },
"scheduleInfo": {
- "@odata.type": "microsoft.graph.requestSchedule"
+ "startDateTime": "2021-07-26T18:15:33.1266138Z",
+ "recurrence": null,
+ "expiration": {
+ "type": "afterDateTime",
+ "endDateTime": "2022-06-30T00:00:00Z",
+ "duration": null
+ }
}, "ticketInfo": {
- "@odata.type": "microsoft.graph.ticketInfo"
+ "ticketNumber": null,
+ "ticketSystem": null
} } ]
v1.0 Unifiedroleeligibilityschedulerequest Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleeligibilityschedulerequest-get.md
Title: "Get unifiedRoleEligibilityScheduleRequest" description: "Read the properties and relationships of an unifiedRoleEligibilityScheduleRequest object."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
GET /roleManagement/directory/roleEligibilityScheduleRequests/{unifiedRoleEligib
``` ## Optional query parameters
-This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers |Name|Description|
If successful, this method returns a `200 OK` response code and an [unifiedRoleE
} --> ``` http
-GET https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilityScheduleRequests/{unifiedRoleEligibilityScheduleRequestsId}
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilityScheduleRequests/26bc6813-5457-4302-a482-afafd4e2962a
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/get-unifiedroleeligibilityschedulerequest-csharp-snippets.md)]
GET https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilitySch
### Response
-**Note:** The response object shown here might be shortened for readability.
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 200 OK
Content-Type: application/json {
- "value": {
- "id": "a2e242a0-42a0-a2e2-a042-e2a2a042e2a2",
- "action": "String",
- "principalId": "String",
- "roleDefinitionId": "String",
- "directoryScopeId": "String",
- "appScopeId": "String",
- "isValidationOnly": "Boolean",
- "targetScheduleId": "String",
- "justification": "String",
- "scheduleInfo": {
- "@odata.type": "microsoft.graph.requestSchedule"
- },
- "ticketInfo": {
- "@odata.type": "microsoft.graph.ticketInfo"
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleEligibilityScheduleRequests/$entity",
+ "id": "26bc6813-5457-4302-a482-afafd4e2962a",
+ "status": "Provisioned",
+ "createdDateTime": "2021-07-26T18:15:33.08Z",
+ "completedDateTime": "2021-07-26T18:15:33.127Z",
+ "approvalId": null,
+ "customData": null,
+ "action": "AdminAssign",
+ "principalId": "fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
+ "roleDefinitionId": "fdd7a751-b60b-444a-984c-02652fe8fa1c",
+ "directoryScopeId": "/",
+ "appScopeId": null,
+ "isValidationOnly": false,
+ "targetScheduleId": "26bc6813-5457-4302-a482-afafd4e2962a",
+ "justification": "Assign User Admin eligibility to IT Helpdesk (User) group",
+ "createdBy": {
+ "application": null,
+ "device": null,
+ "user": {
+ "displayName": null,
+ "id": "fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f"
+ }
+ },
+ "scheduleInfo": {
+ "startDateTime": "2021-07-26T18:15:33.1266138Z",
+ "recurrence": null,
+ "expiration": {
+ "type": "afterDateTime",
+ "endDateTime": "2022-06-30T00:00:00Z",
+ "duration": null
}
+ },
+ "ticketInfo": {
+ "ticketNumber": null,
+ "ticketSystem": null
} } ```
v1.0 Unifiedroleeligibilityschedulerequest List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleeligibilityschedulerequest-list.md
Title: "List unifiedRoleEligibilityScheduleRequests" description: "Get a list of the unifiedRoleEligibilityScheduleRequest objects and their properties."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
GET https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilitySch
### Response
-**Note:** The response object shown here might be shortened for readability.
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 200 OK
Content-Type: application/json {
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleEligibilityScheduleRequests",
"value": [ {
- "id": "a2e242a0-42a0-a2e2-a042-e2a2a042e2a2",
- "action": "String",
- "principalId": "String",
- "roleDefinitionId": "String",
- "directoryScopeId": "String",
- "appScopeId": "String",
- "isValidationOnly": "Boolean",
- "targetScheduleId": "String",
- "justification": "String",
+ "id": "19757c21-7844-4478-b4b6-68aed0cd2d52",
+ "status": "Provisioned",
+ "createdDateTime": "2021-07-13T19:17:33.373Z",
+ "completedDateTime": "2021-07-13T19:17:33.427Z",
+ "approvalId": null,
+ "customData": null,
+ "action": "AdminAssign",
+ "principalId": "5659e4d9-9ab6-4678-9f1b-72322d469e9b",
+ "roleDefinitionId": "fdd7a751-b60b-444a-984c-02652fe8fa1c",
+ "directoryScopeId": "/",
+ "appScopeId": null,
+ "isValidationOnly": false,
+ "targetScheduleId": "19757c21-7844-4478-b4b6-68aed0cd2d52",
+ "justification": null,
+ "createdBy": {
+ "application": null,
+ "device": null,
+ "user": {
+ "displayName": null,
+ "id": "fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f"
+ }
+ },
"scheduleInfo": {
- "@odata.type": "microsoft.graph.requestSchedule"
+ "startDateTime": "2021-07-13T19:17:33.4258055Z",
+ "recurrence": null,
+ "expiration": {
+ "type": "afterDateTime",
+ "endDateTime": "2022-07-13T19:16:02.506Z",
+ "duration": null
+ }
}, "ticketInfo": {
- "@odata.type": "microsoft.graph.ticketInfo"
+ "ticketNumber": null,
+ "ticketSystem": null
} } ] }
+
```
v1.0 Unifiedroleeligibilityschedulerequest Post Unifiedroleeligibilityschedulerequests https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleeligibilityschedulerequest-post-unifiedroleeligibilityschedulerequests.md
Title: "Create unifiedRoleEligibilityScheduleRequest" description: "Create a new unifiedRoleEligibilityScheduleRequest object."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Create a new [unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md) object.
+Create a new [unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md) object. This operation allows both admins and eligible users to add, revoke, or extend eligible assignments.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
The following table shows the properties that are required when you create the [
|Property|Type|Description| |:|:|:|
-|id|String|The unique identifier for the unifiedRoleEligibilityScheduleRequest. Key, not nullable, Read-only.|
-|action|String|Representing the type of the operation on the role assignment. The value can be <ul><li>`AdminAdd`: Administrators assign users/groups to roles;</li><li>`UserAdd`: Users activate eligible assignments;</li><li> `AdminUpdate`: Administrators change existing role assignments</li><li>`AdminRemove`: Administrators remove users/groups from roles;<li>`UserRemove`: Users deactivate active assignments;<li>`UserExtend`: Users request to extend their expiring assignments;</li><li>`AdminExtend`: Administrators extend expiring assignments.</li><li>`UserRenew`: Users request to renew their expired assignments;</li><li>`AdminRenew`: Administrators extend expiring assignments.</li></ul>|
-|principalId|String|Objectid of the principal to which the assignment is being granted to.|
-|roleDefinitionId|String|ID of the unifiedRoleDefinition the assignment is for. Read only.|
-|directoryScopeId|String|Id of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only.|
-|appScopeId|String|Id of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only.|
+|action|String|Represents the type of the operation on the role eligibility assignment. The possible values are: <ul><li>`AdminAdd`: For administrators to assign role eligibility to users or groups to roles.</li><li>`AdminExtend`: For administrators to extend expiring assignments.</li><li>`AdminUpdate`: For administrators to change existing role assignments.</li><li>`AdminRenew`: For administrators to renew expired assignments.</li><li>`AdminRemove`: For administrators to remove users or groups from eligible roles.</li><li>`UserAdd`: For users to activate their eligible assignments.</li><li>`UserExtend`: For users to request to extend their expiring eligible assignments.</li><li>`UserRemove`: For users to deactivate their active eligible assignments.</li><li>`UserRenew`: For users to request to renew their expired eligible assignments.</li></ul>|
+|appScopeId|String|Identifier of the app-specific scope when the assignment scope is app-specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use `/` for tenant-wide app scopes. Use **directoryScopeId** to limit the scope to particular directory objects, for example, administrative units or all users.|
+|directoryScopeId|String|Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. Use **appScopeId** to limit the scope to an application only.|
|isValidationOnly|Boolean|A boolean that determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request.|
-|targetScheduleId|String|ID of the schedule object attached to the assignment.|
|justification|String|A message provided by users and administrators when create the request about why it is needed.|
+|principalId|String|Identifier of the principal to which the assignment is being granted to. For example, a user or a group. For groups, they must be assignable to roles, that is, the **isAssignableToRole** of the group property set to `true`.|
+|roleDefinitionId|String|Identifier of the unifiedRoleDefinition the assignment is for. Read only.|
|scheduleInfo|[requestSchedule](../resources/requestschedule.md)|The schedule object of the role assignment request.|
+|targetScheduleId|String|The time period for which the eligibility assignment is valid.|
|ticketInfo|[ticketInfo](../resources/ticketinfo.md)|The ticketInfo object attached to the role assignment request which includes details of the ticket number and ticket system.| ++ ## Response If successful, this method returns a `201 Created` response code and an [unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md) object in the response body. ## Examples
-### Request
+### Example 1: Admin to assign a role eligibility schedule request
+
+In the following request, the admin creates a request to assign eligibility of a role identified by `fdd7a751-b60b-444a-984c-02652fe8fa1c` to a principal identified by **id** `07706ff1-46c7-4847-ae33-3003830675a1`. The scope of the eligibility is all directory objects in the tenant until June 30, 2022 at midnight UTC time.
+
+#### Request
# [HTTP](#tab/http) <!-- {
If successful, this method returns a `201 Created` response code and an [unified
``` http POST https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilityScheduleRequests Content-Type: application/json
-Content-length: 511
{
- "@odata.type": "#Microsoft.Identity.Governance.Common.Data.ExternalModels.V1.unifiedRoleEligibilityScheduleRequest",
- "action": "String",
- "principalId": "String",
- "roleDefinitionId": "String",
- "directoryScopeId": "String",
- "appScopeId": "String",
- "isValidationOnly": "Boolean",
- "targetScheduleId": "String",
- "justification": "String",
+ "action": "AdminAssign",
+ "justification": "Assign User Admin eligibility to IT Helpdesk (User) group",
+ "roleDefinitionId": "fdd7a751-b60b-444a-984c-02652fe8fa1c",
+ "directoryScopeId": "/",
+ "principalId": "07706ff1-46c7-4847-ae33-3003830675a1",
"scheduleInfo": {
- "@odata.type": "microsoft.graph.requestSchedule"
- },
- "ticketInfo": {
- "@odata.type": "microsoft.graph.ticketInfo"
+ "startDateTime": "2021-07-01T00:00:00Z",
+ "expiration": {
+ "endDateTime": "2022-06-30T00:00:00Z",
+ "type": "AfterDateTime"
+ }
} } ```
Content-length: 511
-### Response
-**Note:** The response object shown here might be shortened for readability.
+#### Response
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 201 Created
Content-Type: application/json {
- "id": "a2e242a0-42a0-a2e2-a042-e2a2a042e2a2",
- "action": "String",
- "principalId": "String",
- "roleDefinitionId": "String",
- "directoryScopeId": "String",
- "appScopeId": "String",
- "isValidationOnly": "Boolean",
- "targetScheduleId": "String",
- "justification": "String",
- "scheduleInfo": {
- "@odata.type": "microsoft.graph.requestSchedule"
- },
- "ticketInfo": {
- "@odata.type": "microsoft.graph.ticketInfo"
- }
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleEligibilityScheduleRequests/$entity",
+ "id": "672c03bf-226a-42ec-a8b7-3bfab96064a1",
+ "status": "Provisioned",
+ "createdDateTime": "2021-07-26T18:08:03.1299669Z",
+ "completedDateTime": "2021-07-26T18:08:06.2081758Z",
+ "approvalId": null,
+ "customData": null,
+ "action": "AdminAssign",
+ "principalId": "07706ff1-46c7-4847-ae33-3003830675a1",
+ "roleDefinitionId": "fdd7a751-b60b-444a-984c-02652fe8fa1c",
+ "directoryScopeId": "/",
+ "appScopeId": null,
+ "isValidationOnly": false,
+ "targetScheduleId": "672c03bf-226a-42ec-a8b7-3bfab96064a1",
+ "justification": "Assign User Admin eligibility to IT Helpdesk (User) group",
+ "createdBy": {
+ "application": null,
+ "device": null,
+ "user": {
+ "displayName": null,
+ "id": "fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f"
+ }
+ },
+ "scheduleInfo": {
+ "startDateTime": "2021-07-26T18:08:06.2081758Z",
+ "recurrence": null,
+ "expiration": {
+ "type": "afterDateTime",
+ "endDateTime": "2022-06-30T00:00:00Z",
+ "duration": null
+ }
+ },
+ "ticketInfo": {
+ "ticketNumber": null,
+ "ticketSystem": null
+ }
+}
+```
+
+### Example 2: Admin to remove an existing role eligibility schedule request
+
+In the following request, the admin creates a request to revoke the eligibility of a role identified by `fdd7a751-b60b-444a-984c-02652fe8fa1c` to a principal identified by **id** `07706ff1-46c7-4847-ae33-3003830675a1`.
+
+#### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "create_unifiedroleeligibilityschedulerequest_from_unifiedroleeligibilityschedulerequests_AdminRemove"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilityScheduleRequests
+Content-Type: application/json
+
+{
+ "action": "AdminRemove",
+ "justification": "Assign User Admin eligibility to IT Helpdesk (User) group",
+ "roleDefinitionId": "fdd7a751-b60b-444a-984c-02652fe8fa1c",
+ "directoryScopeId": "/",
+ "principalId": "07706ff1-46c7-4847-ae33-3003830675a1",
+ "scheduleInfo": {
+ "startDateTime": "2021-07-26T18:08:06.2081758Z",
+ "expiration": {
+ "endDateTime": "2022-06-30T00:00:00Z",
+ "type": "AfterDateTime"
+ }
+ }
} ``` ++
+#### Response
+
+The following is an example of the response. The request returns a response object that shows the status of previously eligible assignment changes as `Revoked`. The principal will no longer see their previously eligible role.
+
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleEligibilityScheduleRequest"
+}
+-->
+``` http
+HTTP/1.1 201 Created
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleEligibilityScheduleRequests/$entity",
+ "id": "7f88a144-f9a9-4f8c-9623-39c321ae93c2",
+ "status": "Revoked",
+ "createdDateTime": "2021-08-06T17:59:12.4263499Z",
+ "completedDateTime": null,
+ "approvalId": null,
+ "customData": null,
+ "action": "AdminRemove",
+ "principalId": "07706ff1-46c7-4847-ae33-3003830675a1",
+ "roleDefinitionId": "fdd7a751-b60b-444a-984c-02652fe8fa1c",
+ "directoryScopeId": "/",
+ "appScopeId": null,
+ "isValidationOnly": false,
+ "targetScheduleId": null,
+ "justification": "Assign User Admin eligibility to IT Helpdesk (User) group",
+ "createdBy": {
+ "application": null,
+ "device": null,
+ "user": {
+ "displayName": null,
+ "id": "fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f"
+ }
+ },
+ "scheduleInfo": {
+ "startDateTime": "2021-07-26T18:08:06.2081758Z",
+ "recurrence": null,
+ "expiration": {
+ "type": "afterDateTime",
+ "endDateTime": "2022-06-30T00:00:00Z",
+ "duration": null
+ }
+ },
+ "ticketInfo": {
+ "ticketNumber": null,
+ "ticketSystem": null
+ }
+}
+```
v1.0 Unifiedrolemanagementpolicy Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedrolemanagementpolicy-get.md
Title: "Get unifiedRoleManagementPolicy" description: "Read the properties and relationships of an unifiedRoleManagementPolicy object."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
v1.0 Unifiedrolemanagementpolicy List Effectiverules https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedrolemanagementpolicy-list-effectiverules.md
Title: "List effectiveRules" description: "Get the unifiedRoleManagementPolicyRule resources from the effectiveRules navigation property."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
v1.0 Unifiedrolemanagementpolicy List Rules https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedrolemanagementpolicy-list-rules.md
Title: "List rules" description: "Get the unifiedRoleManagementPolicyRule resources from the rules navigation property."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
v1.0 Unifiedrolemanagementpolicy List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedrolemanagementpolicy-list.md
Title: "List unifiedRoleManagementPolicies" description: "Get a list of the unifiedRoleManagementPolicy objects and their properties."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
v1.0 Unifiedrolemanagementpolicyassignment Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedrolemanagementpolicyassignment-get.md
Title: "Get unifiedRoleManagementPolicyAssignment" description: "Read the properties and relationships of an unifiedRoleManagementPolicyAssignment object."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
v1.0 Unifiedrolemanagementpolicyassignment List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedrolemanagementpolicyassignment-list.md
Title: "List unifiedRoleManagementPolicyAssignments" description: "Get a list of the unifiedRoleManagementPolicyAssignment objects and their properties."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
v1.0 Unifiedrolemanagementpolicyrule Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedrolemanagementpolicyrule-get.md
Title: "Get unifiedRoleManagementPolicyRule" description: "Read the properties and relationships of an unifiedRoleManagementPolicyRule object."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
v1.0 Unifiedrolemanagementpolicyrule List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedrolemanagementpolicyrule-list.md
Title: "List unifiedRoleManagementPolicyRules" description: "Get a list of the unifiedRoleManagementPolicyRule objects and their properties."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
v1.0 Unifiedrolemanagementpolicyrule Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedrolemanagementpolicyrule-update.md
Title: "Update unifiedRoleManagementPolicyRule" description: "Update the properties of an unifiedRoleManagementPolicyRule object."-+ localization_priority: Normal ms.prod: "governance" doc_type: apiPageType
v1.0 User Getmembergroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/user-getmembergroups.md
Return all the groups that the user is a member of. The check is transitive, unl
[memberOf](../api/user-list-memberof.md) navigation property, which returns only the groups that the user is a direct member of. This function supports Microsoft 365 and other types of groups provisioned in Azure AD. The maximum number of groups each
-request can return is 2046. Note that Microsoft 365 groups cannot contain groups. So membership in a Microsoft 365 group is
+request can return is 11000. Note that Microsoft 365 groups cannot contain groups. So membership in a Microsoft 365 group is
always direct. ## Permissions
v1.0 Approval https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/approval.md
In [Azure AD Entitlement Management](entitlementmanagement-root.md), the approva
In [userConsentRequests](../resources/userconsentrequest.md), the approval object for decisions associated with a request.
+In [Role management](../resources/rolemanagement.md), the decisions to approve or deny role assignments.
+ ## Methods | Method | Return Type | Description |
The following is a JSON representation of the resource.
"blockType": "resource", "keyProperty": "id", "@odata.type": "microsoft.graph.approval",
+ "baseType": "microsoft.graph.entity",
} --> ``` json
v1.0 Externalconnectors Property https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/externalconnectors-property.md
A [schema](externalconnectors-schema.md) property definition for a Microsoft Sea
| Property | Type | Description | |:--|:|:|
-| aliases | String collection | A set of aliases or a friendly names for the property. Maximum 32 characters. Each string must not contain control characters, whitespace, or any of the following: `:`, `;`, `,`, `(`, `)`, `[`, `]`, `{`, `}`, `%`, `$`, `+`, `!`, `*`, `=`, `&`, `?`, `@`, `#`, `\`, `~`, `'`, `"`, `<`, `>`, `|`, `` ` ``, `^`. Optional. |
+| aliases | String collection | A set of aliases or a friendly names for the property. Maximum 32 characters. Only alphanumeric characters allowed. For example, each string may not contain control characters, whitespace, or any of the following: `:`, `;`, `,`, `(`, `)`, `[`, `]`, `{`, `}`, `%`, `$`, `+`, `!`, `*`, `=`, `&`, `?`, `@`, `#`, `\`, `~`, `'`, `"`, `<`, `>`, `` ` ``, `^`. Optional. |
| isQueryable | boolean | Specifies if the property is queryable. Queryable properties can be used in [Keyword Query Language (KQL) queries](/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). Optional. | | isRefinable | boolean | Specifies if the property is refinable. Refinable properties can be used to filter search results in the [Search API](search-api-overview.md) and add a refiner control in the Microsoft Search user experience. Optional. | | isRetrievable | boolean | Specifies if the property is retrievable. Retrievable properties are returned in the result set when items are returned by the search API. Retrievable properties are also available to add to the display template used to render search results. Optional. | | isSearchable | boolean | Specifies if the property is searchable. Only properties of type `string` or `stringCollection` can be searchable. Non-searchable properties are not added to the search index. Optional. | | labels | microsoft.graph.externalConnectors.label collection | Specifies one or more well-known tags added against a property. Labels help Microsoft Search understand the semantics of the data in the connection. Adding appropriate labels would result in an enhanced search experience (e.g. better relevance). Optional.<br><br>The possible values are: `title`, `url`, `createdBy`, `lastModifiedBy`, `authors`, `createdDateTime`, `lastModifiedDateTime`, `fileName`, `fileExtension`, `unknownFutureValue`, `iconUrl`, `containerName`, `containerUrl`. Note that you must use the `Prefer: include-unknown-enum-members` request header to get the following values in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `iconUrl`, `containerName`, `containerUrl`.|
-| name | String | The name of the property. Maximum 32 characters. Must not contain control characters, whitespace, or any of the following: `:`, `;`, `,`, `(`, `)`, `[`, `]`, `{`, `}`, `%`, `$`, `+`, `!`, `*`, `=`, `&`, `?`, `@`, `#`, `\`, `~`, `'`, `"`, `<`, `>`, `|`, `` ` ``, `^`. Required. |
+| name | String | The name of the property. Maximum 32 characters. Only alphanumeric characters allowed. For example, each string may not contain control characters, whitespace, or any of the following: `:`, `;`, `,`, `(`, `)`, `[`, `]`, `{`, `}`, `%`, `$`, `+`, `!`, `*`, `=`, `&`, `?`, `@`, `#`, `\`, `~`, `'`, `"`, `<`, `>`, `` ` ``, `^`. Required. |
| type | microsoft.graph.externalConnectors.propertyType | The data type of the property. Possible values are: `string`, `int64`, `double`, `dateTime`, `boolean`, `stringCollection`, `int64Collection`, `doubleCollection`, `dateTimeCollection`, `unknownFutureValue`. Required. | ## JSON representation
v1.0 Governancepermission https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/governancepermission.md
description: "Represents the access permission that a governanceSubject has to a
localization_priority: Normal doc_type: resourcePageType ms.prod: "governance"-+ # governancePermission resource type
v1.0 Governanceresource https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/governanceresource.md
description: "Represents resources that could be managed by Privileged Identity
localization_priority: Normal doc_type: resourcePageType ms.prod: "governance"-+ # governanceResource resource type
v1.0 Governanceroleassignment https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/governanceroleassignment.md
description: "Represents the assignment of a user or group to a role."
localization_priority: Normal doc_type: resourcePageType ms.prod: "governance"-+ # governanceRoleAssignment resource type
v1.0 Governanceroleassignmentrequest https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/governanceroleassignmentrequest.md
description: "Represents the request for role assignment operations in Priviledg
localization_priority: Normal doc_type: resourcePageType ms.prod: "governance"-+ # governanceRoleAssignmentRequest resource type
v1.0 Governanceroleassignmentrequeststatus https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/governanceroleassignmentrequeststatus.md
description: "Represents the status of the governanceRoleAssignmentRequest."
localization_priority: Normal doc_type: resourcePageType ms.prod: "governance"-+ # governanceRoleAssignmentRequestStatus resource type
v1.0 Governanceroledefinition https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/governanceroledefinition.md
description: "Represents the role definitions. For Azure resources, it can repre
localization_priority: Normal doc_type: resourcePageType ms.prod: "governance"-+ # governanceRoleDefinition resource type
v1.0 Governancerolesetting https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/governancerolesetting.md
description: "Represents a set of configurations on each role definition that ne
localization_priority: Normal doc_type: resourcePageType ms.prod: "governance"-+ # governanceRoleSetting resource type
v1.0 Governancerulesetting https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/governancerulesetting.md
description: "Represents the rules that the role settings are composed of."
localization_priority: Normal doc_type: resourcePageType ms.prod: "governance"-+ # governanceRuleSetting resource type
v1.0 Governanceschedule https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/governanceschedule.md
description: "Represents the schedule for a governanceRoleAssignmentRequest. For
localization_priority: Normal doc_type: resourcePageType ms.prod: "governance"-+ # governanceSchedule resource type
v1.0 Governancesubject https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/governancesubject.md
description: "Represents users, groups, and service principals being managed in
localization_priority: Normal doc_type: resourcePageType ms.prod: "governance"-+ # governanceSubject resource type
v1.0 Identityset https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/identityset.md
description: "The identitySet resource is a keyed collection of identity resources." Previously updated : 09/10/2017 Title: IdentitySet localization_priority: Normal doc_type: resourcePageType # identitySet resource type
v1.0 Policyroot https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/policyroot.md
Title: "policyRoot resource type" description: "Resource type exposing navigation properties for the policies singleton."-+ localization_priority: Normal ms.prod: "governance" doc_type: resourcePageType
v1.0 Privilegedaccess https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/privilegedaccess.md
description: " for example, `privilegedAccess/azureResources` represents PIM man
localization_priority: Normal doc_type: resourcePageType ms.prod: "governance"-+ # privilegedAccess resource type
v1.0 Privilegedapproval https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/privilegedapproval.md
description: "Represents an approval that is requested in Privileged Identity Ma
localization_priority: Normal doc_type: resourcePageType ms.prod: "governance"-+ # privilegedApproval resource type
v1.0 Privilegedidentitymanagement Directory https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/privilegedidentitymanagement-directory.md
Title: "Privileged Identity Management - Azure AD" description: "APIs for Azure AD Privileged Identity Management to manage Azure Active Directory roles." localization_priority: Priority-+ ms.prod: "governance" doc_type: conceptualPageType
v1.0 Privilegedidentitymanagement Resources https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/privilegedidentitymanagement-resources.md
Title: "Privileged Identity Management - Azure resources" description: "APIs for Azure AD Privileged Identity Management to manage Azure resources." localization_priority: Priority-+ ms.prod: "governance" doc_type: conceptualPageType
v1.0 Privilegedidentitymanagement Root https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/privilegedidentitymanagement-root.md
description: "APIs for Azure AD Privileged Identity Management to manage Azure A
localization_priority: Priority doc_type: conceptualPageType ms.prod: "governance"-+ # Privileged Identity Management
v1.0 Privilegedoperationevent https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/privilegedoperationevent.md
description: "Represents an audit event that is generated by Privileged Identity
localization_priority: Normal doc_type: resourcePageType ms.prod: "governance"-+ # privilegedOperationEvent resource type
v1.0 Privilegedrole https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/privilegedrole.md
description: "Represents an Azure AD administrator role, such as: **Global Admin
localization_priority: Normal doc_type: resourcePageType ms.prod: "governance"-+ # privilegedRole resource type
v1.0 Privilegedroleassignment https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/privilegedroleassignment.md
description: "Represents a privileged role assignment for a particular user. "
localization_priority: Normal doc_type: resourcePageType ms.prod: "governance"-+ # privilegedRoleAssignment resource type
v1.0 Privilegedroleassignmentrequest https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/privilegedroleassignmentrequest.md
description: "Represents the request for role assignment operations in Privilegd
localization_priority: Normal doc_type: resourcePageType ms.prod: "governance"-+ # privilegedRoleAssignmentRequest resource type
v1.0 Privilegedrolesettings https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/privilegedrolesettings.md
description: "Represents the settings for a privileged role."
localization_priority: Normal doc_type: resourcePageType ms.prod: "governance"-+ # privilegedRoleSettings resource type
v1.0 Privilegedrolesummary https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/privilegedrolesummary.md
description: "The statistics summary for a particular role."
localization_priority: Normal doc_type: resourcePageType ms.prod: "governance"-+ # privilegedRoleSummary resource type
v1.0 Rbacapplication https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/rbacapplication.md
Title: "rbacApplication resource type"
-description: "Role management navigation property"
+description: "Role management container for unified role definitions and role assignments for Microsoft 365 RBAC providers."
localization_priority: Normal ms.prod: "directory-management"
Role management container for unified role definitions and role assignments for
| [List roleAssignments](../api/rbacapplication-list-roleassignments.md) | [unifiedRoleAssignment](unifiedroleassignment.md) collection | Get a unifiedRoleAssignment object collection. Only specific instances can be queried, by filtering on roleDefitionId or principalId. | | [Create unifiedRoleDefinition](../api/rbacapplication-post-roledefinitions.md) | [unifiedRoleDefinition](unifiedroledefinition.md) | Create a new unifiedRoleDefinition by posting to the roleDefinitions collection. | | [List roleDefinitions](../api/rbacapplication-list-roledefinitions.md) | [unifiedRoleDefinition](unifiedroledefinition.md) collection | Get a unifiedRoleDefinition object collection. |
+| [roleSchedules](../api/rbacapplication-roleschedules.md) | [unifiedRoleScheduleBase](unifiedroleschedulebase.md) collection | Function to retrieve a collection of unifiedRoleScheduleBase objects. |
+| [roleScheduleInstances](../api/rbacapplication-rolescheduleinstances.md) | [unifiedRoleScheduleInstanceBase](unifiedrolescheduleinstancebase.md) collection | Function to retrieve a collection of unifiedRoleScheduleInstanceBase objects. |
## Properties None ## Relationships
+|Relationship|Type|Description|
+|:|:|:|
+|roleAssignments|[unifiedRoleAssignment](../resources/unifiedroleassignment.md) collection| Resource to grant access to users or groups. |
+|roleDefinitions|[unifiedRoleDefinition](../resources/unifiedroledefinition.md) collection| Resource representing the roles allowed by RBAC providers and the permissions assigned to the roles. |
+|roleAssignmentApprovals|[approval](../resources/approval.md) collection| Decisions associated with a role assignment approval.|
+|roleAssignmentScheduleInstances|[unifiedRoleAssignmentScheduleInstance](../resources/unifiedroleassignmentscheduleinstance.md) collection| Instances for active role assignments through Azure AD Privileged Identity Management. |
+|roleAssignmentScheduleRequests|[unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) collection| Requests for active role assignments through Azure AD Privileged Identity Management. |
+|roleAssignmentSchedules|[unifiedRoleAssignmentSchedule](../resources/unifiedRoleAssignmentSchedule.md) collection| Schedule for active role assignments through Azure AD Privileged Identity Management. |
+|roleEligibilityScheduleInstances|[unifiedRoleEligibilityScheduleInstance](../resources/unifiedRoleEligibilityScheduleInstance.md) collection| Instances of eligible role assignments through Azure AD Privileged Identity Management. |
+|roleEligibilityScheduleRequests|[unifiedRoleEligibilityScheduleRequest](../resources/unifiedRoleEligibilityScheduleRequest.md) collection| Requests for eligible role assignments through Azure AD Privileged Identity Management. |
+|roleEligibilitySchedules|[unifiedRoleEligibilitySchedule](../resources/unifiedRoleEligibilitySchedule.md) collection| Schedule for eligible role assignments through Azure AD Privileged Identity Management. |
+
-None
## JSON representation
v1.0 Request https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/request.md
+
+ Title: "request resource type"
+description: "An abstract entity type to model the asynchronized request workflow to create, update, and delete an object."
+
+localization_priority: Normal
++
+# request resource type
+
+Namespace: microsoft.graph
++
+An abstract entity type to model the asynchronized request workflow to create, update, and delete an object.
+
+Inherits from [entity](entity.md).
++
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|approvalId|String|The identifier of the approval of the request.|
+|completedDateTime|DateTimeOffset|The request completion date time.|
+|createdBy|[identitySet](identityset.md)|The user who created this request.|
+|createdDateTime|DateTimeOffset|The request creation date time.|
+|customData|String|Free text field to define any custom data for the request. Not used.|
+|status|String|The status of the request. Not nullable. The possible values are: `Canceled`, `Denied`, `Failed`, `Granted`, `PendingAdminDecision`, `PendingApproval`, `PendingProvisioning`, `PendingScheduleCreation`, `Provisioned`, `Revoked`, and `ScheduleCreated`. Not nullable.|
+|id|String|Identifier of the request. Read-only. Not nullable. Inherited from [entity](entity.md).|
+
+## Relationships
+|Relationship|Type|Description|
+|:|:|:|
+|approval|[approval](../resources/approval.md)|Represents the approval object that the request is linked to.|
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.request",
+ "baseType": "microsoft.graph.entity",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.request",
+ "id": "String (identifier)",
+ "approvalId": "String (identifier)",
+ "completedDateTime": "String (timestamp)",
+ "createdBy": {
+ "@odata.type": "microsoft.graph.identitySet"
+ },
+ "createdDateTime": "String (timestamp)",
+ "customData": "String",
+ "status": "String",
+}
+```
+
v1.0 Requestschedule https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/requestschedule.md
The following is a JSON representation of the resource.
{ "startDateTime": "2020-08-11T23:06:53.307Z", "expiration": {
- "endDateTime": "2020-09-10T23:06:53.307Z",
- "type": "afterDateTime"
+ "@odata.type": "microsoft.graph.expirationPattern"
} } ```
v1.0 Serviceprincipal https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/serviceprincipal.md
This resource supports using [delta query](/graph/delta-query-overview) to track
|samlMetadataUrl|String|The url where the service exposes SAML metadata for federation.| |samlSingleSignOnSettings|[samlSingleSignOnSettings](samlsinglesignonsettings.md)|The collection for settings related to saml single sign-on.| |servicePrincipalNames|String collection|Contains the list of **identifiersUris**, copied over from the associated [application](application.md). Additional values can be added to hybrid applications. These values can be used to identify the permissions exposed by this app within Azure AD. For example,<ul><li>Client apps can specify a resource URI which is based on the values of this property to acquire an access token, which is the URI returned in the ΓÇ£audΓÇ¥ claim.</li></ul><br>The any operator is required for filter expressions on multi-valued properties. Not nullable. <br><br> Supports `$filter` (`eq`, `NOT`, `ge`, `le`, `startsWith`).|
-|servicePrincipalType|String|Identifies if the service principal represents an application or a managed identity. This is set by Azure AD internally. For a service principal that represents an [application](./application.md) this is set as __Application__. For a service principal that represent a [managed identity](/azure/active-directory/managed-identities-azure-resources/overview) this is set as __ManagedIdentity__.|
+|servicePrincipalType|String|Identifies if the service principal represents an application or a managed identity. This is set by Azure AD internally. For a service principal that represents an [application](./application.md) this is set as __Application__. For a service principal that represent a [managed identity](/azure/active-directory/managed-identities-azure-resources/overview) this is set as __ManagedIdentity__. The __SocialIdp__ type is for internal use. |
| signInAudience | String | Specifies the Microsoft accounts that are supported for the current application. Read-only. <br><br>Supported values are:<ul><li>`AzureADMyOrg`: Users with a Microsoft work or school account in my organizationΓÇÖs Azure AD tenant (single-tenant).</li><li>`AzureADMultipleOrgs`: Users with a Microsoft work or school account in any organizationΓÇÖs Azure AD tenant (multi-tenant).</li><li>`AzureADandPersonalMicrosoftAccount`: Users with a personal Microsoft account, or a work or school account in any organizationΓÇÖs Azure AD tenant.</li><li>`PersonalMicrosoftAccount`: Users with a personal Microsoft account only.</li></ul> | |tags|String collection| Custom strings that can be used to categorize and identify the service principal. Not nullable. <br><br>Supports `$filter` (`eq`, `NOT`, `ge`, `le`, `startsWith`).| |tokenEncryptionKeyId|String|Specifies the keyId of a public key from the keyCredentials collection. When configured, Azure AD issues tokens for this application encrypted using the key specified by this property. The application code that receives the encrypted token must use the matching private key to decrypt the token before it can be used for the signed-in user.|
v1.0 Ticketinfo https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/ticketinfo.md
Title: "ticketInfo resource type" description: "The object that represents ticket information related to role assignment requests"-+ localization_priority: Normal ms.prod: "governance" doc_type: resourcePageType
v1.0 Unifiedroleassignmentschedule https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedroleassignmentschedule.md
Title: "unifiedRoleAssignmentSchedule resource type" description: "Represents a schedule for an active role assignment operations through Azure AD Privileged Identity Management."-+ localization_priority: Normal ms.prod: "governance" doc_type: resourcePageType
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Represents the schedule for an active role assignment through Azure AD Privileged Identity Management. A `roleAssignmentSchedule` is created by `roleAssignmentScheduleRequest` and is used to instantiate a `roleAssignmentInstance`. We support list and get operations to retrieve the schedule for the purpose of viewing current and future assignments.
+Represents the schedule for an active role assignment through Azure AD Privileged Identity Management. A **unifiedRoleAssignmentSchedule** is created by a [unifiedRoleAssignmentScheduleRequest](unifiedroleassignmentschedulerequest.md) and is used to instantiate a [unifiedRoleAssignmentScheduleInstance](unifiedroleassignmentscheduleinstance.md). This resource supports list and get operations to retrieve the schedule for the purpose of viewing current and future assignments.
+
+Inherits from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md).
## Methods |Method|Return type|Description|
Represents the schedule for an active role assignment through Azure AD Privilege
## Properties |Property|Type|Description| |:|:|:|
-|appScopeId|String|Id of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|appScopeId|String|Identifier of the app-specific scope when the assignment scope is app-specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use `/` for tenant-wide app scopes. Use **directoryScopeId** to limit the scope to particular directory objects, for example, administrative units. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
|assignmentType|String|Type of the assignment. It can either be `Assigned` or `Activated`.| |createdDateTime|DateTimeOffset|Time that the schedule was created. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)| |createdUsing|String|ID of the roleAssignmentScheduleRequest that created this schedule. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
-|directoryScopeId|String|Id of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|directoryScopeId|String|Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. Use **appScopeId** to limit the scope to an application only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
|id|String|The unique identifier for the unifiedRoleAssignmentSchedule. Key, not nullable, Read-only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)| |memberType|String|Membership type of the assignment. It can either be `Inherited`, `Direct`, or `Group`.| |modifiedDateTime|DateTimeOffset|Last time the schedule was updated. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
-|principalId|String| Objectid of the principal to which the assignment is being granted to. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
-|roleDefinitionId|String|ID of the unifiedRoleDefinition the assignment is for. Read only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|principalId|String| Objectid of the principal to which the assignment is being granted to. Can be a group or a user. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md). <br> Supports `$filter` (`eq`).|
+|roleDefinitionId|String|ID of the unifiedRoleDefinition the assignment is for. Read only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md). <br> Supports `$filter` (`eq`).|
|scheduleInfo|[requestSchedule](../resources/requestschedule.md)|The schedule object of the role assignment request.|
-|status|String|Status for the `roleAssignmentSchedule`. It can include state related messages like `Provisioned`, `Revoked`, `Pending Provisioning`, and `Pending Approval`. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|status|String|Status for the `roleAssignmentSchedule`. It can include state related messages like `Provisioned`, `Revoked`, `Pending Provisioning`, and `Pending Approval`. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md).<br> Supports `$filter` (`eq`).|
## Relationships |Relationship|Type|Description|
v1.0 Unifiedroleassignmentscheduleinstance https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedroleassignmentscheduleinstance.md
Title: "unifiedRoleAssignmentScheduleInstance resource type" description: "Represents a schedule instance for an active role assignment operations through Azure AD Privileged Identity Management."-+ localization_priority: Normal ms.prod: "governance" doc_type: resourcePageType
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Represents the instance for an active role assignment through Azure AD Privileged Identity Management. A `roleAssignmentInstance` is created by `roleAssignmentSchedule` and and represents an actual roleAssignment created through Privileged Identity Management. We support list and get operations on the roleAssignmentInstance for the purpose of viewing current and future assignments.
+Represents the instance for an active role assignment through Azure AD Privileged Identity Management. A **unifiedRoleAssignmentScheduleInstance** is created by [unifiedRoleAssignmentSchedule](unifiedroleassignmentschedule.md) and and represents an actual role assignment created through Privileged Identity Management. This resource supports the List and Get operations for the purpose of viewing current and future assignments.
Inherits from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md).
Inherits from [unifiedRoleScheduleInstanceBase](../resources/unifiedroleschedule
## Properties |Property|Type|Description| |:|:|:|
-|appScopeId|String|Id of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
+|appScopeId|String|Identifier of the app-specific scope when the assignment scope is app-specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use `/` for tenant-wide app scopes. Use **directoryScopeId** to limit the scope to particular directory objects, for example, administrative units. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md).|
|assignmentType|String|Type of the assignment. It can either be `Assigned` or `Activated`.| |createdDateTime|DateTimeOffset|Time that the schedule was created.|
-|directoryScopeId|String|Id of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
+|directoryScopeId|String|Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. Use **appScopeId** to limit the scope to an application only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
|endDateTime|DateTimeOffset|Time that the roleAssignmentInstance will expire| |id|String|The unique identifier for the unifiedRoleAssignmentScheduleInstance. Key, not nullable, Read-only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)| |memberType|String|Membership type of the assignment. It can either be `Inherited`, `Direct`, or `Group`.|
-|principalId|String|Objectid of the principal to which the assignment is being granted to. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
+|principalId|String|Identifier of the principal to which the assignment is being granted to. Can be a group or a user. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
|roleAssignmentOriginId|String|ID of the roleAssignment in the directory| |roleAssignmentScheduleId|String|ID of the parent roleAssignmentSchedule for this instance|
-|roleDefinitionId|String|ID of the unifiedRoleDefinition the assignment is for. Read only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
+|roleDefinitionId|String|Identifier of the unifiedRoleDefinition the assignment is for. Read only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md). <br> Supports `$filter` (`eq`).|
|startDateTime|DateTimeOffset|Time that the roleAssignmentInstance will start| ## Relationships
v1.0 Unifiedroleassignmentschedulerequest https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedroleassignmentschedulerequest.md
Title: "unifiedRoleAssignmentScheduleRequest resource type" description: "Represents the request for active role assignment operations through Azure AD Privileged Identity Management."-+ localization_priority: Normal ms.prod: "governance" doc_type: resourcePageType
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Represents the request for active role assignment operations through Azure AD Privileged Identity Management.
+Represents the request for active role assignment operations through Azure Active Directory (Azure AD) Privileged Identity Management.
-`unifiedRoleAssignmentScheduleRequest` is a ticket-modeled entity used to manage the lifecycle of active role assignments in the directory. It represents the intention/decision of the users and administrators, and also provides the flexibility to enable implementation of recurrent scheduling, approval gates, and so on, as compared to directly exposing `POST`, `PUT`, and `DELETE` operations on `unifiedRoleAssignmentSchedule` and `unifiedRoleAssignmentInstance`.
+**unifiedRoleAssignmentScheduleRequest** is a ticket-modeled entity used to manage the lifecycle of active role assignments in the directory. It represents the intention or decision of the users and administrators, and also provides the flexibility to enable implementation of recurrent scheduling, approval gates, and so on, as compared to directly exposing `POST`, `PUT`, and `DELETE` operations on `unifiedRoleAssignmentSchedule` and `unifiedRoleAssignmentInstance`.
-Administrators can use `unifiedRoleAssignmentScheduleRequest` to create active role assignments with or without start and end time. While an eligible administrator can use it to create a request to activate an eligible role assignment.
+Administrators can use `unifiedRoleAssignmentScheduleRequest` to create active role assignments with or without start and end time. While an admin can use it to create a request to activate an eligible role assignment represented by [unifiedRoleEligibilityScheduleRequest](unifiedroleeligibilityschedulerequest.md).
+Inherits from [request](request.md).
## Methods |Method|Return type|Description|
Administrators can use `unifiedRoleAssignmentScheduleRequest` to create active r
## Properties |Property|Type|Description| |:|:|:|
-|action|String|Representing the type of the operation on the role assignment. The value can be <ul><li>`AdminAdd`: Administrators assign users/groups to roles;</li><li>`UserAdd`: Users activate eligible assignments;</li><li> `AdminUpdate`: Administrators change existing role assignments</li><li>`AdminRemove`: Administrators remove users/groups from roles;<li>`UserRemove`: Users deactivate active assignments;<li>`UserExtend`: Users request to extend their expiring assignments;</li><li>`AdminExtend`: Administrators extend expiring assignments.</li><li>`UserRenew`: Users request to renew their expired assignments;</li><li>`AdminRenew`: Administrators extend expiring assignments.</li></ul>|
-|appScopeId|String|Id of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only.|
-|directoryScopeId|String|Id of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only.|
+|action|String|Represents the type of the operation on the role assignment. The possible values are: <ul><li>`AdminAssign`: For administrators to assign roles to users or groups.</li><li>`AdminRemove`: For administrators to remove users or groups from roles.</li><li> `AdminUpdate`: For administrators to change existing role assignments.</li><li>`AdminExtend`: For administrators to extend expiring assignments.</li><li>`AdminRenew`: For administrators to renew expired assignments.</li><li>`SelfActivate`: For users to activate their assignments.</li><li>`SelfDeactivate`: For users to deactivate their active assignments.</li><li>`SelfExtend`: For users to request to extend their expiring assignments.</li><li>`SelfRenew`: For users to request to renew their expired assignments.</li></ul>|
+|approvalId|String|The identifier of the approval of the request. Inherited from [request](request.md).|
+|appScopeId|String|Identifier of the app-specific scope when the assignment scope is app-specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use `/` for tenant-wide app scopes. Use **directoryScopeId** to limit the scope to particular directory objects, for example, administrative units.|
+|completedDateTime|DateTimeOffset|The request completion date time. Inherited from [request](request.md).|
+|createdBy|[identitySet](identityset.md)|The user who created this request. Inherited from [request](request.md).|
+|createdDateTime|DateTimeOffset|The request creation date time. Inherited from [request](request.md).|
+|customData|String|Free text field to define any custom data for the request. Not used. Inherited from [request](request.md).|
+|directoryScopeId|String|Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. Use **appScopeId** to limit the scope to an application only.|
|id|String|The unique identifier for the unifiedRoleAssignmentScheduleRequest. Key, not nullable, Read-only.| |isValidationOnly|Boolean|A boolean that determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request.| |justification|String|A message provided by users and administrators when create the request about why it is needed.|
-|principalId|String| Objectid of the principal to which the assignment is being granted to.|
-|roleDefinitionId|String|ID of the unifiedRoleDefinition the assignment is for. Read only.|
+|principalId|String| Identifier of the principal to which the assignment is being granted to.|
+|roleDefinitionId|String|Identifier of the unifiedRoleDefinition the assignment is for. Read only.|
|scheduleInfo|[requestSchedule](../resources/requestschedule.md)|The schedule object of the role assignment request.|
-|targetScheduleId|String|ID of the schedule object attached to the assignment.|
+|status|String|The schedule object of the role assignment request. Inherited from [request](request.md).|
+|targetScheduleId|String|Identifier of the schedule object attached to the assignment.|
|ticketInfo|[ticketInfo](../resources/ticketinfo.md)|The ticketInfo object attached to the role assignment request which includes details of the ticket number and ticket system.| ## Relationships
Administrators can use `unifiedRoleAssignmentScheduleRequest` to create active r
|directoryScope|[directoryObject](../resources/directoryobject.md)|Property referencing the directory object that is the scope of the assignment. Provided so that callers can get the directory object using `$expand` at the same time as getting the role assignment. Read-only. | |principal|[directoryObject](../resources/directoryobject.md)|Property referencing the principal that is getting a role assignment through the request. Provided so that callers can get the principal using `$expand` at the same time as getting the role assignment. Read-only. | |roleDefinition|[unifiedRoleDefinition](../resources/unifiedroledefinition.md)|Property indicating the roleDefinition the assignment is for. Provided so that callers can get the role definition using `$expand` at the same time as getting the role assignment. roleDefinition.Id will be auto expanded.|
+|targetSchedule|[unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md)| Property indicating the schedule for an eligible role assignment. |
## JSON representation The following is a JSON representation of the resource.
The following is a JSON representation of the resource.
"blockType": "resource", "keyProperty": "id", "@odata.type": "microsoft.graph.unifiedRoleAssignmentScheduleRequest",
+ "baseType": "microsoft.graph.request",
"openType": false } -->
v1.0 Unifiedroleeligibilityschedule https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedroleeligibilityschedule.md
Title: "unifiedRoleEligibilitySchedule resource type" description: "Represents a schedule for an eligible role assignment operations through Azure AD Privileged Identity Management."-+ localization_priority: Normal ms.prod: "governance" doc_type: resourcePageType
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Represents the schedule for an eligible role assignment through Azure AD Privileged Identity Management. A `roleEligibilitySchedule` is created by `roleEligibilityScheduleRequest` and is used to instantiate a `roleEligibilityInstance`. We support list and get operations to retrieve the schedule for the purpose of viewing current and future eligible assignments.
+Represents the schedule for an eligible role assignment through Azure AD Privileged Identity Management. A **unifiedRoleEligibilitySchedule** is created by [unifiedRoleEligibilityScheduleRequest](unifiedroleeligibilityschedulerequest.md) and is used to instantiate a [unifiedRoleEligibilityScheduleInstance](unifiedroleeligibilityscheduleinstance.md). This resource supports the List and Get operations to retrieve the schedule for the purpose of viewing current and future eligible assignments.
Inherits from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md).
Inherits from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)
## Properties |Property|Type|Description| |:|:|:|
-|appScopeId|String|Id of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
-|createdDateTime|DateTimeOffset|Time that the schedule was created. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
-|createdUsing|String|ID of the RoleEligibilityScheduleRequest that created this schedule. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
-|directoryScopeId|String|Id of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
-|id|String|The unique identifier for the unifiedRoleEligibilitySchedule. Key, not nullable, Read-only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|appScopeId|String|Identifier of the app-specific scope when the assignment scope is app-specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use `/` for tenant-wide app scopes. Use **directoryScopeId** to limit the scope to particular directory objects, for example, administrative units. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md).|
+|createdDateTime|DateTimeOffset|Time that the schedule was created. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md).|
+|createdUsing|String|Identifier of the roleEligibilityScheduleRequest that created this schedule. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md).|
+|directoryScopeId|String|Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. Use **appScopeId** to limit the scope to an application only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md).|
+|id|String|The unique identifier for the unifiedRoleEligibilitySchedule. Key, not nullable, Read-only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md).|
|memberType|String|Membership type of the eligible assignment. It can either be `Inherited`, `Direct`, or `Group`.|
-|modifiedDateTime|DateTimeOffset|Last time the schedule was updated. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
-|principalId|String| Objectid of the principal to which the eligible assignment is being granted to. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
-|roleDefinitionId|String|ID of the unifiedRoleDefinition the eligible assignment is for. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|modifiedDateTime|DateTimeOffset|Last time the schedule was updated. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md).|
+|principalId|String| Identifier of the principal to which the eligible assignment is being granted to. Can be a group or a user. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md).<br> Supports `$filter` (`eq`).|
+|roleDefinitionId|String|Identifier of the unifiedRoleDefinition the assignment is for. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md).<br> Supports `$filter` (`eq`).|
|scheduleInfo|[requestSchedule](../resources/requestschedule.md)|The schedule object of the eligible role assignment request.|
-|status|String|Status for the `roleEligibilitySchedule`. It can include state related messages like `Provisioned`, `Revoked`, `Pending Provisioning`, and `Pending Approval`. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|status|String|Status for the `roleEligibilitySchedule`. It can include state related messages like `Provisioned`, `Revoked`, `Pending Provisioning`, and `Pending Approval`. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md).<br> Supports `$filter` (`eq`).|
## Relationships |Relationship|Type|Description|
v1.0 Unifiedroleeligibilityscheduleinstance https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedroleeligibilityscheduleinstance.md
Title: "unifiedRoleEligibilityScheduleInstance resource type" description: "Represents a schedule instance for an eligible role assignment operations through Azure AD Privileged Identity Management."-+ localization_priority: Normal ms.prod: "governance" doc_type: resourcePageType
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Represents the instance for an eligible role assignment through Azure AD Privileged Identity Management. A `roleEligibilityInstance` is created by `roleEligibilitySchedule` and and represents an actual eligible role Assignment created through Privileged Identity Management. We support list and get operations on the roleEligibilityInstance for the purpose of viewing current and future assignments.
+Represents the instance for an eligible role assignment through Azure AD Privileged Identity Management. A **unifiedRoleEligibilityScheduleInstance** is created by [unifiedRoleEligibilitySchedule](unifiedroleeligibilityschedule.md) and and represents an actual eligible role Assignment created through Privileged Identity Management. This resource supports the List and Get operations on for the purpose of viewing current and future assignments.
Inherits from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md).
Inherits from [unifiedRoleScheduleInstanceBase](../resources/unifiedroleschedule
## Properties |Property|Type|Description| |:|:|:|
-|appScopeId|String|Id of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
-|directoryScopeId|String|Id of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
-|endDateTime|DateTimeOffset|Time that the roleEligibilityScheduleInstance will expire|
-|id|String|The unique identifier for the roleEligibilityScheduleInstance. Key, not nullable, Read-only.Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
+|appScopeId|String|Identifier of the app-specific scope when the assignment scope is app-specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use `/` for tenant-wide app scopes. Use **directoryScopeId** to limit the scope to particular directory objects, for example, administrative units. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md).|
+|directoryScopeId|String|Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. Use **appScopeId** to limit the scope to an application only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md).|
+|endDateTime|DateTimeOffset|Time that the roleEligibilityScheduleInstance will expire.|
+|id|String|The unique identifier for the roleEligibilityScheduleInstance. Key, not nullable, Read-only.Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md).|
|memberType|String|Membership type of the assignment. It can either be `Inherited`, `Direct`, or `Group`.|
-|principalId|String|Objectid of the principal to which the assignment is being granted to. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
-|roleDefinitionId|String|ID of the unifiedRoleDefinition the assignment is for. Read only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
-|roleEligibilityScheduleId|String|ID of the parent roleEligibilitySchedule for this instance|
-|startDateTime|DateTimeOffset|Time that the roleEligibilityScheduleInstance will start|
+|principalId|String|Identifier of the principal to which the assignment is being granted to. Can be a group or a user. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md).|
+|roleDefinitionId|String|Identifier of the unifiedRoleDefinition the assignment is for. Read only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md).<br> Supports `$filter` (`eq`).|
+|roleEligibilityScheduleId|String|Identifier of the parent roleEligibilitySchedule for this instance.|
+|startDateTime|DateTimeOffset|Time that the roleEligibilityScheduleInstance will start.|
## Relationships |Relationship|Type|Description|
v1.0 Unifiedroleeligibilityschedulerequest https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedroleeligibilityschedulerequest.md
Title: "unifiedRoleEligibilityScheduleRequest resource type" description: "Represents the request for eligible role assignment operations through Azure AD Privileged Identity Management."-+ localization_priority: Normal ms.prod: "governance" doc_type: resourcePageType
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Represents the request for eligible role assignment operations through Azure AD Privileged Identity Management.
+Represents the request for eligible role assignment through Azure AD Privileged Identity Management.
-`unifiedRoleEligibilityScheduleRequest` is a ticket-modeled entity used to manage the lifecycle of eligible role assignments in the directory. It represents the intention/decision of the users and administrators, and also provides the flexibility to enable implementation of recurrent scheduling, approval gates, and so on, as compared to directly exposing `POST`, `PUT`, and `DELETE` operations on `unifiedRoleEligibilitySchedule` and `unifiedRoleEligibilityInstance`.
+**unifiedRoleEligibilityScheduleRequest** is a ticket-modeled entity used to manage the lifecycle of eligible role assignments in the directory. It represents the intention or decision of the users and administrators, and also provides the flexibility to enable the implementation of recurrent scheduling, approval gates, and so on, as compared to directly exposing `POST`, `PUT`, and `DELETE` operations on **unifiedRoleEligibilitySchedule** and **unifiedRoleEligibilityInstance** resources.
-Administrators can use `unifiedRoleEligibilityScheduleRequest` to create and/or update eligible role assignments with or without start and end time. While eligible administrators, can use it to create a request to extend or renew their eligible assignments.
+Administrators can use **unifiedRoleEligibilityScheduleRequest`** to create and/or update eligible role assignments with or without start and end time. While eligible administrators, can use it to create a request to extend or renew their eligible assignments.
+
+Inherits from [request](request.md).
## Methods |Method|Return type|Description|
Administrators can use `unifiedRoleEligibilityScheduleRequest` to create and/or
## Properties |Property|Type|Description| |:|:|:|
-|action|String|Representing the type of the operation on the role assignment. The value can be <ul><li>`AdminAdd`: Administrators assign users/groups to roles;</li><li>`UserAdd`: Users activate eligible assignments;</li><li> `AdminUpdate`: Administrators change existing role assignments</li><li>`AdminRemove`: Administrators remove users/groups from roles;<li>`UserRemove`: Users deactivate active assignments;<li>`UserExtend`: Users request to extend their expiring assignments;</li><li>`AdminExtend`: Administrators extend expiring assignments.</li><li>`UserRenew`: Users request to renew their expired assignments;</li><li>`AdminRenew`: Administrators extend expiring assignments.</li></ul>|
-|appScopeId|String|Id of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only.|
-|directoryScopeId|String|Id of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only.|
-|id|String|The unique identifier for the unifiedRoleEligibilityScheduleRequest.|
+|action|String|Represents the type of the operation on the role eligibility assignment. The possible values are: <ul><li>`AdminAdd`: For administrators to assign role eligibility to users or groups to roles.</li><li>`AdminExtend`: For administrators to extend expiring assignments.</li><li>`AdminUpdate`: For administrators to change existing role assignments.</li><li>`AdminRenew`: For administrators to renew expired assignments.</li><li>`AdminRemove`: For administrators to remove users or groups from eligible roles.</li><li>`UserAdd`: For users to activate their eligible assignments.</li><li>`UserExtend`: For users to request to extend their expiring eligible assignments.</li><li>`UserRemove`: For users to deactivate their active eligible assignments.</li><li>`UserRenew`: For users to request to renew their expired eligible assignments.</li></ul>|
+|approvalId|String|The identifier of the approval of the request. Inherited from [request](request.md).|
+|appScopeId|String|Identifier of the app-specific scope when the assignment scope is app-specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use `/` for tenant-wide app scopes. Use **directoryScopeId** to limit the scope to particular directory objects, for example, administrative units.|
+|completedDateTime|DateTimeOffset|The request completion date time. Inherited from [request](request.md).|
+|createdBy|[identitySet](identityset.md)|The user who created this request. Inherited from [request](request.md).|
+|createdDateTime|DateTimeOffset|The request creation date time. Inherited from [request](request.md).|
+|customData|String|Free text field to define any custom data for the request. Not used. Inherited from [request](request.md).|
+|directoryScopeId|String|Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. Use **appScopeId** to limit the scope to an application only.|
+|id|String|The unique identifier for the unifiedRoleEligibilityScheduleRequest. Read-only.|
|isValidationOnly|Boolean|A boolean that determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request.| |justification|String|A message provided by users and administrators when create the request about why it is needed.|
-|principalId|String| Objectid of the principal to which the assignment is being granted to.|
-|roleDefinitionId|String|ID of the unifiedRoleDefinition the assignment is for. Read only.|
+|principalId|String| Identifier of the principal to which the assignment is being granted to. For example, a user or a group. For groups, they must be assignable to roles, that is, the **isAssignableToRole** of the group property set to `true`.|
+|roleDefinitionId|String|Identifier of the unifiedRoleDefinition the assignment is for. Read only.|
|scheduleInfo|[requestSchedule](../resources/requestschedule.md)|The schedule object of the role assignment request.|
-|targetScheduleId|String|ID of the schedule object attached to the assignment.|
-|ticketInfo|[ticketInfo](../resources/ticketinfo.md)|The ticketInfo object attached to the role assignment request which includes details of the ticket number and ticket system.|
+|status|String|The schedule object of the role eligibility request. Inherited from [request](request.md).|
+|targetScheduleId|String|The time period for which the eligibility assignment is valid.|
+|ticketInfo|[ticketInfo](../resources/ticketinfo.md)|The details of the ticket number and ticket system that is attached to the role assignment request.|
## Relationships |Relationship|Type|Description| |:|:|:|
-|appScope|[appScope](../resources/appscope.md)|Read-only property with details of the app specific scope when the assignment scope is app specific. Containment entity.|
+|appScope|[appScope](../resources/appscope.md)|Read-only property with details of the app-specific scope when the assignment scope is app-specific. Containment entity.|
|directoryScope|[directoryObject](../resources/directoryobject.md)|Property referencing the directory object that is the scope of the assignment. Provided so that callers can get the directory object using `$expand` at the same time as getting the role assignment. Read-only.| |principal|[directoryObject](../resources/directoryobject.md)|Property referencing the principal that is getting a role assignment through the request. Provided so that callers can get the principal using `$expand` at the same time as getting the role assignment. Read-only. |
-|roleDefinition|[unifiedRoleDefinition](../resources/unifiedroledefinition.md)|Property indicating the roleDefinition the assignment is for. Provided so that callers can get the role definition using `$expand` at the same time as getting the role assignment. roleDefinition.Id will be auto expanded|
+|roleDefinition|[unifiedRoleDefinition](../resources/unifiedroledefinition.md)|Property indicating the roleDefinition the assignment is for. Provided so that callers can get the role definition using `$expand` at the same time as getting the role assignment. roleDefinition.Id will be auto expanded.|
+|targetSchedule|[unifiedRoleEligibilitySchedule](../resources/unifiedroleeligibilityschedule.md)| Property indicating the schedule for an eligible role assignment. |
## JSON representation The following is a JSON representation of the resource.
The following is a JSON representation of the resource.
"blockType": "resource", "keyProperty": "id", "@odata.type": "microsoft.graph.unifiedRoleEligibilityScheduleRequest",
+ "baseType": "microsoft.graph.request",
"openType": false } -->
v1.0 Unifiedrolemanagementpolicy https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedrolemanagementpolicy.md
Title: "unifiedRoleManagementPolicy resource type" description: "A unifiedRoleManagementPolicy specifies the various policies associated with a scope and role definition. It is derived from microsoft.graph.policyBase."-+ localization_priority: Normal ms.prod: "governance" doc_type: resourcePageType
v1.0 Unifiedrolemanagementpolicyapprovalrule https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedrolemanagementpolicyapprovalrule.md
Title: "unifiedRoleManagementPolicyApprovalRule resource type" description: "A unifiedRoleManagementPolicyApprovalRule specifies the approval rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule."-+ localization_priority: Normal ms.prod: "governance" doc_type: resourcePageType
v1.0 Unifiedrolemanagementpolicyassignment https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedrolemanagementpolicyassignment.md
Title: "unifiedRoleManagementPolicyAssignment resource type" description: "A unifiedRoleManagementPolicyAssignment assigns the policy to a specific scope and role definition."-+ localization_priority: Normal ms.prod: "governance" doc_type: resourcePageType
v1.0 Unifiedrolemanagementpolicyauthenticationcontextrule https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedrolemanagementpolicyauthenticationcontextrule.md
Title: "unifiedRoleManagementPolicyAuthenticationContextRule resource type" description: "A unifiedRoleManagementPolicyAuthenticationContextRule specifies the enablement rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule."-+ localization_priority: Normal ms.prod: "governance" doc_type: resourcePageType
v1.0 Unifiedrolemanagementpolicyenablementrule https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedrolemanagementpolicyenablementrule.md
Title: "unifiedRoleManagementPolicyEnablementRule resource type" description: "A unifiedRoleManagementPolicyEnablementRule specifies the enablement rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule."-+ localization_priority: Normal ms.prod: "governance" doc_type: resourcePageType
v1.0 Unifiedrolemanagementpolicyexpirationrule https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedrolemanagementpolicyexpirationrule.md
Title: "unifiedRoleManagementPolicyExpirationRule resource type" description: "A unifiedRoleManagementPolicyExpirationRule specifies the enablement rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule."-+ localization_priority: Normal ms.prod: "governance" doc_type: resourcePageType
v1.0 Unifiedrolemanagementpolicynotificationrule https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedrolemanagementpolicynotificationrule.md
Title: "unifiedRoleManagementPolicyNotificationRule resource type" description: "A unifiedRoleManagementPolicyNotificationRule specifies the notification rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule."-+ localization_priority: Normal ms.prod: "governance" doc_type: resourcePageType
v1.0 Unifiedrolemanagementpolicyrule https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedrolemanagementpolicyrule.md
Title: "unifiedRoleManagementPolicyRule resource type" description: "A unifiedRoleManagementPolicyRule specifies the rule associated with a role management policy. It is abstract."-+ localization_priority: Normal ms.prod: "governance" doc_type: resourcePageType
v1.0 Unifiedrolemanagementpolicyruletarget https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedrolemanagementpolicyruletarget.md
Title: "unifiedRoleManagementPolicyRuleTarget resource type" description: "A unifiedRoleManagementPolicyRuleTarget specifies the target associated with the role management policy."-+ localization_priority: Normal ms.prod: "governance" doc_type: resourcePageType
v1.0 Unifiedroleschedulebase https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedroleschedulebase.md
Title: "unifiedRoleScheduleBase resource type" description: "Base property of unified role schedules that combines unified role assignment schedules and unified role eligibility schedules"-+ localization_priority: Normal ms.prod: "governance" doc_type: resourcePageType
Base property of unified role schedules that combines unified role assignment sc
| Property | Type | Description | | : | :- | : |
-| appScopeId | String | Id of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only. |
+| appScopeId | String | Identifier of the app-specific scope when the assignment scope is app-specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use `/` for tenant-wide app scopes. Use **directoryScopeId** to limit the scope to particular directory objects, for example, administrative units or all users. |
| createdDateTime | DateTimeOffset | Time that the schedule was created. |
-| createdUsing | String | ID of the roleAssignmentScheduleRequest that created this schedule. |
-| directoryScopeId | String | Id of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only. |
+| createdUsing | String | Identifier of the roleAssignmentScheduleRequest that created this schedule. |
+| directoryScopeId | String | Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. Use **appScopeId** to limit the scope to an application only. |
| id | String | The unique identifier for the unifiedRoleAssignmentSchedule. Key, not nullable, Read-only. | | modifiedDateTime | DateTimeOffset | Last time the schedule was updated. |
-| principalId | String | Objectid of the principal to which the assignment is being granted to. |
-| roleDefinitionId | String | ID of the unifiedRoleDefinition the assignment is for. Read only. |
-| status | String | Status for the `roleAssignmentSchedule`. It can include state related messages like `Provisioned`, `Revoked`, `Pending Provisioning`, and `Pending Approval`. |
+| principalId | String | Identifier of the principal to which the assignment is being granted to. Supports `$filter` (`eq`). |
+| roleDefinitionId | String | Identifier of the unifiedRoleDefinition the assignment is for. Read only. Supports `$filter` (`eq`). |
+| status | String | Status for the `roleAssignmentSchedule`. It can include state related messages like `Provisioned`, `Revoked`, `Pending Provisioning`, and `Pending Approval`. Supports `$filter` (`eq`). |
## Relationships | Relationship | Type | Description | | :- | : | : |
-| activeInstance | [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md) | Will be deprecated. |
+| activeInstance (Deprecated) | [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md) | Deprecated. |
| appScope | [appScope](../resources/appscope.md) | Read-only property with details of the app specific scope when the assignment scope is app specific. Containment entity. | | directoryScope | [directoryObject](../resources/directoryobject.md) | Property referencing the directory object that is the scope of the assignment. Provided so that callers can get the directory object using `$expand` at the same time as getting the role assignment. Read-only. | | principal | [directoryObject](../resources/directoryobject.md) | Property referencing the principal that is getting a role assignment through the request. Provided so that callers can get the principal using `$expand` at the same time as getting the role assignment. Read-only. |
v1.0 Unifiedrolescheduleinstancebase https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedrolescheduleinstancebase.md
Title: "unifiedRoleScheduleInstanceBase resource type" description: "Base property of unified role schedule instance that combines unified role assignment schedule instance and unified role eligibility schedule instance"-+ localization_priority: Normal ms.prod: "governance" doc_type: resourcePageType
doc_type: resourcePageType
Namespace: microsoft.graph
-"Base property of unified role schedule instance that combines unified role assignment schedule instance and unified role eligibility schedule instance
+Base property of unified role schedule instance that combines unified role assignment schedule instances and unified role eligibility schedule instances.
## Properties |Property|Type|Description| |:|:|:|
-|appScopeId|String|Id of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only.|
-|directoryScopeId|String|Id of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only.|
+|appScopeId|String|Identifier of the app-specific scope when the assignment scope is app-specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use `/` for tenant-wide app scopes. Use **directoryScopeId** to limit the scope to particular directory objects, for example, administrative units. |
+|directoryScopeId|String|Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. Use **appScopeId** to limit the scope to an application only. |
|id|String|The unique identifier for the unifiedRoleAssignmentScheduleInstance. Key, not nullable, Read-only.|
-|principalId|String|Objectid of the principal to which the assignment is being granted to.|
-|roleDefinitionId|String|ID of the unifiedRoleDefinition the assignment is for. Read only.|
+|principalId|String|Identifier of the principal to which the assignment is being granted to. Can be a group or a user. |
+|roleDefinitionId|String|Identifier of the unifiedRoleDefinition the assignment is for. Read only. <br> Supports `$filter` (`eq`).|
## Relationships |Relationship|Type|Description|
v1.0 Externalconnectors Schema Create https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/externalconnectors-schema-create.md
When registering a custom item schema, the `schema` object MUST have the `baseTy
## Response
-With the `Prefer: respond-async` header included in the request, if successful, this method returns a `202 Accepted` response code and a URL in the `Location` response header that can be used to [get the operation status](../api/externalconnectors-connectionoperation-get.md).
-
-Without the `Prefer: respond-async` header included in the request, if successful, this method returns a `201 Created` response code and a new [schema](../resources/externalconnectors-schema.md) object in the response body.
-
-> [!NOTE]
-> Creating a schema is a long-running process prone to gateway timeouts. We recommend using the `Prefer: respond-async` header to avoid timeout errors.
+If successful, this method returns a `202 Accepted` response code and a URL in the `Location` response header that can be used to [get the operation status](../api/externalconnectors-connectionoperation-get.md).
## Examples
The following is an example of the request.
```http POST https://graph.microsoft.com/v1.0/external/connections/contosohr/schema Content-type: application/json
-Prefer: respond-async
{ "baseType": "microsoft.graph.externalItem",
v1.0 Group Post Groups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/group-post-groups.md
The following table shows the properties of the [group](../resources/group.md) r
| description | string | A description for the group. Max. length: 1024 characters. Optional. | | isAssignableToRole | Boolean | Set to **true** to enable the group to be assigned to an Azure AD role. Only Privileged Role Administrator and Global Administrator can set the value of this property. Optional. | | mailEnabled | boolean | Set to **true** for mail-enabled groups. Required. |
-| mailNickname | string | The mail alias for the group. Max. length: 64 characters. These characters cannot be used in the mailNickName: `@()\[]";:.<>,SPACE`. Required. |
+| mailNickname | string | The mail alias for the group. Max. length: 64 characters. This property can contain only characters in the [ASCII character set 0 - 127](/office/vba/language/reference/user-interface-help/character-set-0127) except the following: ` @ () \ [] " ; : . <> , SPACE `. Required. |
| securityEnabled | boolean | Set to **true** for security-enabled groups, including Microsoft 365 groups. Required. | | owners | string collection | This property represents the owners for the group at creation time. Owners aren't automatically added as group members unless specified in the **members** property. Optional. | | members | string collection | This property represents the members for the group at creation time. Optional. |
v1.0 Onlinemeeting Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/onlinemeeting-get.md
GET /users/{userId}/onlineMeetings?$filter=JoinWebUrl%20eq%20'{joinWebUrl}'
> - `userId` is the object ID of a user in [Azure user management portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade). For more details, see [application access policy](/graph/cloud-communication-online-meeting-application-access-policy). > - `meetingId` is the **id** of an [onlineMeeting](../resources/onlinemeeting.md) object. > - **videoTeleconferenceId** is generated for Cloud-Video-Interop licensed users and can be found in an [onlineMeeting](../resources/onlinemeeting.md) object. Refer to [VTC conference id](/microsoftteams/cloud-video-interop-for-teams-set-up) for more details.
-> - \* This scenario only supports application token and does not support application access policy.
+> - \* This scenario only supports application token and doesn't support application access policy.
> - `joinWebUrl` must be URL encoded. ## Optional query parameters
Content-Type: application/json
``` ### Example 3: Retrieve an online meeting by JoinWebUrl
-You can retrieve meeting information via JoinWebUrl by using either a user or application token. This option is available to support use cases where the meeting ID is not known but the JoinWebUrl is, such as when a user creates a meeting (for example in the Microsoft Teams client), and a separate application needs to retrieve meeting details as a followup action.
+You can retrieve meeting information via JoinWebUrl by using either a user or application token. This option is available to support use cases where the meeting ID isn't known but the JoinWebUrl is, such as when a user creates a meeting (for example, in the Microsoft Teams client), and a separate application needs to retrieve meeting details as a follow-up action.
#### Request
v1.0 Presence Clearpresence https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/presence-clearpresence.md
ms.prod: "cloud-communications"
Namespace: microsoft.graph - Clear the application's presence session for a user. If it is the user's only presence session, the user's presence will change to `Offline/Offline`. For details about presences sessions, see [presence: setPresence](presence-setpresence.md#presence-sessions).
v1.0 Presence Setpresence https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/presence-setpresence.md
ms.prod: "cloud-communications"
Namespace: microsoft.graph - Set the state of a user's presence session as an application. ### Presence sessions
v1.0 User Getmembergroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/user-getmembergroups.md
Return all the groups that the user is a member of. The check is transitive, unl
[memberOf](../api/user-list-memberof.md) navigation property, which returns only the groups that the user is a direct member of. This function supports Microsoft 365 and other types of groups provisioned in Azure AD. The maximum number of groups each
-request can return is 2046. Note that Microsoft 365 groups cannot contain groups. So membership in a Microsoft 365 group is
+request can return is 11000. Note that Microsoft 365 groups cannot contain groups. So membership in a Microsoft 365 group is
always direct. ## Permissions
v1.0 Externalconnectors Property https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/externalconnectors-property.md
A [schema](externalconnectors-schema.md) property definition for a Microsoft Sea
## Properties |Property|Type|Description| |:|:|:|
-|aliases|String collection|A set of aliases or a friendly names for the property. Maximum 32 characters. Each string must not contain control characters, whitespace, or any of the following: `:`, `;`, `,`, `(`, `)`, `[`, `]`, `{`, `}`, `%`, `$`, `+`, `!`, `*`, `=`, `&`, `?`, `@`, `#`, `\`, `~`, `'`, `"`, `<`, `>`, `|`, `` ` ``, `^`. Optional.|
+|aliases|String collection|A set of aliases or a friendly names for the property. Maximum 32 characters. Only alphanumeric characters allowed. For example, each string may not contain control characters, whitespace, or any of the following: `:`, `;`, `,`, `(`, `)`, `[`, `]`, `{`, `}`, `%`, `$`, `+`, `!`, `*`, `=`, `&`, `?`, `@`, `#`, `\`, `~`, `'`, `"`, `<`, `>`, `` ` ``, `^`. Optional.|
|isQueryable|Boolean|Specifies if the property is queryable. Queryable properties can be used in [Keyword Query Language (KQL) queries](/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). Optional.| |isRefinable|Boolean|Specifies if the property is refinable. Refinable properties can be used to filter search results in the [Search API](search-api-overview.md) and add a refiner control in the Microsoft Search user experience. Optional.| |isRetrievable|Boolean|Specifies if the property is retrievable. Retrievable properties are returned in the result set when items are returned by the search API. Retrievable properties are also available to add to the display template used to render search results. Optional.| |isSearchable|Boolean|Specifies if the property is searchable. Only properties of type `String` or `StringCollection` can be searchable. Non-searchable properties are not added to the search index. Optional.| |labels|microsoft.graph.externalConnectors.label collection|Specifies one or more well-known tags added against a property. Labels help Microsoft Search understand the semantics of the data in the connection. Adding appropriate labels would result in an enhanced search experience (e.g. better relevance). The possible values are: `title`, `url`, `createdBy`, `lastModifiedBy`, `authors`, `createdDateTime`, `lastModifiedDateTime`, `fileName`, `fileExtension`, `unknownFutureValue`. Optional.|
-|name|String|The name of the property. Maximum 32 characters. Must not contain control characters, whitespace, or any of the following: `:`, `;`, `,`, `(`, `)`, `[`, `]`, `{`, `}`, `%`, `$`, `+`, `!`, `*`, `=`, `&`, `?`, `@`, `#`, `\`, `~`, `'`, `"`, `<`, `>`, `|`, `` ` ``, `^`. Required.|
+|name|String|The name of the property. Maximum 32 characters. Only alphanumeric characters allowed. For example, each string may not contain control characters, whitespace, or any of the following: `:`, `;`, `,`, `(`, `)`, `[`, `]`, `{`, `}`, `%`, `$`, `+`, `!`, `*`, `=`, `&`, `?`, `@`, `#`, `\`, `~`, `'`, `"`, `<`, `>`, `` ` ``, `^`. Required.|
|type|microsoft.graph.externalConnectors.propertyType|The data type of the property. Possible values are: `string`, `int64`, `double`, `dateTime`, `boolean`, `stringCollection`, `int64Collection`, `doubleCollection`, `dateTimeCollection`, `unknownFutureValue`.| ## Relationships
v1.0 Serviceprincipal https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/serviceprincipal.md
This resource supports using [delta query](/graph/delta-query-overview) to track
|replyUrls|String collection|The URLs that user tokens are sent to for sign in with the associated application, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to for the associated application. Not nullable. | |samlSingleSignOnSettings|[samlSingleSignOnSettings](samlsinglesignonsettings.md)|The collection for settings related to saml single sign-on.| |servicePrincipalNames|String collection|Contains the list of **identifiersUris**, copied over from the associated [application](application.md). Additional values can be added to hybrid applications. These values can be used to identify the permissions exposed by this app within Azure AD. For example,<ul><li>Client apps can specify a resource URI which is based on the values of this property to acquire an access token, which is the URI returned in the ΓÇ£audΓÇ¥ claim.</li></ul><br>The any operator is required for filter expressions on multi-valued properties. Not nullable. <br><br> Supports `$filter` (`eq`, `NOT`, `ge`, `le`, `startsWith`).|
-|servicePrincipalType|String|Identifies whether the service principal represents an application, a managed identity, or a legacy application. This is set by Azure AD internally. The **servicePrincipalType** property can be set to three different values: <ul><li>__Application__ - A service principal that represents an application or service. The **appId** property identifies the associated app registration, and matches the **appId** of an [application](application.md), possibly from a different tenant. If the associated app registration is missing, tokens are not issued for the service principal.</li><li>__ManagedIdentity__ - A service principal that represents a [managed identity](/azure/active-directory/managed-identities-azure-resources/overview). Service principals representing managed identities can be granted access and permissions, but cannot be updated or modified directly.</li><li>__Legacy__ - A service principal that represents an app created before app registrations, or through legacy experiences. Legacy service principal can have credentials, service principal names, reply URLs, and other properties which are editable by an authorized user, but does not have an associated app registration. The **appId** value does not associate the service principal with an app registration. The service principal can only be used in the tenant where it was created.</li></ul>|
+|servicePrincipalType|String|Identifies whether the service principal represents an application, a managed identity, or a legacy application. This is set by Azure AD internally. The **servicePrincipalType** property can be set to three different values: <ul><li>__Application__ - A service principal that represents an application or service. The **appId** property identifies the associated app registration, and matches the **appId** of an [application](application.md), possibly from a different tenant. If the associated app registration is missing, tokens are not issued for the service principal.</li><li>__ManagedIdentity__ - A service principal that represents a [managed identity](/azure/active-directory/managed-identities-azure-resources/overview). Service principals representing managed identities can be granted access and permissions, but cannot be updated or modified directly.</li><li>__Legacy__ - A service principal that represents an app created before app registrations, or through legacy experiences. Legacy service principal can have credentials, service principal names, reply URLs, and other properties which are editable by an authorized user, but does not have an associated app registration. The **appId** value does not associate the service principal with an app registration. The service principal can only be used in the tenant where it was created.</li><li>__SocialIdp__ - For internal use. </ul>|
| signInAudience | String | Specifies the Microsoft accounts that are supported for the current application. Read-only. <br><br>Supported values are:<ul><li>`AzureADMyOrg`: Users with a Microsoft work or school account in my organizationΓÇÖs Azure AD tenant (single-tenant).</li><li>`AzureADMultipleOrgs`: Users with a Microsoft work or school account in any organizationΓÇÖs Azure AD tenant (multi-tenant).</li><li>`AzureADandPersonalMicrosoftAccount`: Users with a personal Microsoft account, or a work or school account in any organizationΓÇÖs Azure AD tenant.</li><li>`PersonalMicrosoftAccount`: Users with a personal Microsoft account only.</li></ul> | |tags|String collection| Custom strings that can be used to categorize and identify the service principal. Not nullable. <br><br>Supports `$filter` (`eq`, `NOT`, `ge`, `le`, `startsWith`). | | tokenEncryptionKeyId |String|Specifies the keyId of a public key from the keyCredentials collection. When configured, Azure AD issues tokens for this application encrypted using the key specified by this property. The application code that receives the encrypted token must use the matching private key to decrypt the token before it can be used for the signed-in user.|