Namespace: microsoft.graph
Retrieve the properties and relationships of a unifiedRoleAssignment object.
This API is available in the following national cloud deployments.
| Global service |
US Government L4 |
US Government L5 (DOD) |
China operated by 21Vianet |
| ✅ |
✅ |
✅ |
✅ |
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
For the directory (Microsoft Entra ID) provider
| Permission type |
Permissions (from least to most privileged) |
| Delegated (work or school account) |
RoleManagement.Read.Directory, RoleManagement.Read.All, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All |
| Delegated (personal Microsoft account) |
Not supported. |
| Application |
RoleManagement.Read.Directory, RoleManagement.Read.All, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All |
Important
In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported Microsoft Entra role or a custom role with a supported role permission. The following least privileged roles are supported for this operation:
- Directory Readers
- Global Reader
- Privileged Role Administrator
For the entitlement management provider
| Permission type |
Permissions (from least to most privileged) |
| Delegated (work or school account) |
EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
| Delegated (personal Microsoft account) |
Not supported. |
| Application |
EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
HTTP request
Get a role assignment for the directory provider:
GET /roleManagement/directory/roleAssignments/{id}
Get a role assignment for the entitlement management provider:
GET /roleManagement/entitlementManagement/roleAssignments/{id}
Optional query parameters
This method supports th $select and $expand OData query parameters to help customize the response. For general information, see OData query parameters.
Request body
Don't supply a request body for this method.
Response
If successful, this method returns a 200 OK response code and the requested unifiedRoleAssignment object in the response body.
Examples
Example 1 : Get the details of a role assignment
Request
The following example shows a request.
GET https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments/lAPpYvVpN0KRkAEhdxReELhrmgjL6CxJqkHAeKoLUSA-11
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://free.blessedness.top/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.Directory.RoleAssignments["{unifiedRoleAssignment-id}"].GetAsync();
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://free.blessedness.top/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleAssignments, err := graphClient.RoleManagement().Directory().RoleAssignments().ByUnifiedRoleAssignmentId("unifiedRoleAssignment-id").Get(context.Background(), nil)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleAssignment result = graphClient.roleManagement().directory().roleAssignments().byUnifiedRoleAssignmentId("{unifiedRoleAssignment-id}").get();
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
const options = {
authProvider,
};
const client = Client.init(options);
let unifiedRoleAssignment = await client.api('/roleManagement/directory/roleAssignments/lAPpYvVpN0KRkAEhdxReELhrmgjL6CxJqkHAeKoLUSA-11')
.get();
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
<?php
use Microsoft\Graph\GraphServiceClient;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$result = $graphServiceClient->roleManagement()->directory()->roleAssignments()->byUnifiedRoleAssignmentId('unifiedRoleAssignment-id')->get()->wait();
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Import-Module Microsoft.Graph.Identity.Governance
Get-MgRoleManagementDirectoryRoleAssignment -UnifiedRoleAssignmentId $unifiedRoleAssignmentId
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
# To initialize your graph_client, see https://free.blessedness.top/en-us/graph/sdks/create-client?from=snippets&tabs=python
result = await graph_client.role_management.directory.role_assignments.by_unified_role_assignment_id('unifiedRoleAssignment-id').get()
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Response
The following example shows the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#roleManagement/directory/roleAssignments/$entity",
"id": "lAPpYvVpN0KRkAEhdxReELhrmgjL6CxJqkHAeKoLUSA-1",
"principalId": "089a6bb8-e8cb-492c-aa41-c078aa0b5120",
"directoryScopeId": "/",
"roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10"
}
Example 2: Get the details of a role assignment and expand the relationships
Request
The following example shows a request with the $expand query parameter.
GET https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments/lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1?$expand=roleDefinition
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://free.blessedness.top/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.Directory.RoleAssignments["{unifiedRoleAssignment-id}"].GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Expand = new string []{ "roleDefinition" };
});
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphrolemanagement "github.com/microsoftgraph/msgraph-sdk-go/rolemanagement"
//other-imports
)
requestParameters := &graphrolemanagement.DirectoryRoleAssignmentsItemRequestBuilderGetQueryParameters{
Expand: [] string {"roleDefinition"},
}
configuration := &graphrolemanagement.DirectoryRoleAssignmentsItemRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://free.blessedness.top/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleAssignments, err := graphClient.RoleManagement().Directory().RoleAssignments().ByUnifiedRoleAssignmentId("unifiedRoleAssignment-id").Get(context.Background(), configuration)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleAssignment result = graphClient.roleManagement().directory().roleAssignments().byUnifiedRoleAssignmentId("{unifiedRoleAssignment-id}").get(requestConfiguration -> {
requestConfiguration.queryParameters.expand = new String []{"roleDefinition"};
});
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
const options = {
authProvider,
};
const client = Client.init(options);
let unifiedRoleAssignment = await client.api('/roleManagement/directory/roleAssignments/lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1')
.expand('roleDefinition')
.get();
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\RoleManagement\Directory\RoleAssignments\Item\UnifiedRoleAssignmentItemRequestBuilderGetRequestConfiguration;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestConfiguration = new UnifiedRoleAssignmentItemRequestBuilderGetRequestConfiguration();
$queryParameters = UnifiedRoleAssignmentItemRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->expand = ["roleDefinition"];
$requestConfiguration->queryParameters = $queryParameters;
$result = $graphServiceClient->roleManagement()->directory()->roleAssignments()->byUnifiedRoleAssignmentId('unifiedRoleAssignment-id')->get($requestConfiguration)->wait();
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Import-Module Microsoft.Graph.Identity.Governance
Get-MgRoleManagementDirectoryRoleAssignment -UnifiedRoleAssignmentId $unifiedRoleAssignmentId -ExpandProperty "roleDefinition"
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.role_management.directory.role_assignments.item.unified_role_assignment_item_request_builder import UnifiedRoleAssignmentItemRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://free.blessedness.top/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = UnifiedRoleAssignmentItemRequestBuilder.UnifiedRoleAssignmentItemRequestBuilderGetQueryParameters(
expand = ["roleDefinition"],
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.role_management.directory.role_assignments.by_unified_role_assignment_id('unifiedRoleAssignment-id').get(request_configuration = request_configuration)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Response
The following example shows the response.
Note: The response object shown here might be shortened for readability. All the properties will be returned from an actual call.
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#roleManagement/directory/roleAssignments/$entity",
"@odata.type": "#microsoft.graph.unifiedRoleAssignment",
"id": "lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1",
"roleDefinitionId": "c2cf284d-6c41-4e6b-afac-4b80928c9034",
"roleDefinition": {
"id": "c2cf284d-6c41-4e6b-afac-4b80928c9034",
"displayName": "Billing Administrator",
"description": "Can perform common billing related tasks like updating payment information.",
"rolePermissions": [
{
"allowedResourceActions": [
"microsoft.commerce.billing/allEntities/allTasks",
"microsoft.directory/organization/basic/update",
],
"excludedResourceActions": []
}],
"isEnabled": true,
},
"principalId": "f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"directoryScopeId": "28ca5a85-489a-49a0-b555-0a6d81e56f0d"
}