編輯

共用方式為


unifiedRoleAssignmentScheduleInstance resource type

Namespace: microsoft.graph

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

Represents the instance for an active role assignment in your tenant. The active assignment might have been made through PIM assignments and activation requests, or directly through the role assignments API.

Inherits from unifiedRoleScheduleInstanceBase.

Methods

Method Return type Description
List unifiedRoleAssignmentScheduleInstance collection Get the instances of active role assignments.
Get unifiedRoleAssignmentScheduleInstance Get the instance of an active role assignment.
Filter by current user unifiedRoleAssignmentScheduleInstance collection Get the instances of active role assignments for the calling principal.

Properties

Property Type Description
appScopeId String Identifier of the app-specific scope when the assignment is scoped to an app. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use / for tenant-wide app scopes. Use directoryScopeId to limit the scope to particular directory objects, for example, administrative units. Supports $filter (eq, ne, and on null values). Inherited from unifiedRoleScheduleInstanceBase.
assignmentType String The type of the assignment that can either be Assigned or Activated. Supports $filter (eq, ne).
directoryScopeId String Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. Use appScopeId to limit the scope to an application only. Supports $filter (eq, ne, and on null values). Inherited from unifiedRoleScheduleInstanceBase.
endDateTime DateTimeOffset The end date of the schedule instance.
id String The unique identifier for the unifiedRoleAssignmentScheduleInstance object. Inherited from entity.
memberType String How the assignment is inherited. It can either be Inherited, Direct, or Group. It can further imply whether the unifiedRoleAssignmentSchedule can be managed by the caller. Supports $filter (eq, ne).
principalId String Identifier of the principal that has been granted the role assignment. Inherited from unifiedRoleScheduleInstanceBase. Supports $filter (eq, ne).
roleAssignmentOriginId String The identifier of the role assignment in Microsoft Entra ID.
roleAssignmentScheduleId String The identifier of the unifiedRoleAssignmentSchedule object from which this instance was created.
roleDefinitionId String The identifier of the unifiedRoleDefinition object that is being assigned to the principal. Inherited from unifiedRoleScheduleInstanceBase. Supports $filter (eq, ne).
startDateTime DateTimeOffset When this instance starts.

Relationships

Relationship Type Description
activatedUsing unifiedRoleEligibilityScheduleInstance If the request is from an eligible administrator to activate a role, this parameter shows the related eligible assignment for that activation. Otherwise, it's null. Supports $expand and $select nested in $expand.
appScope appScope Read-only property with details of the app-specific scope when the assignment is scoped to an app. Nullable. Supports $expand.
directoryScope directoryObject The directory object that is the scope of the assignment. Read-only. Supports $expand.
principal directoryObject The principal that's getting a role assignment through the request. Supports $expand and $select nested in $expand for id only.
roleDefinition unifiedRoleDefinition Detailed information for the roleDefinition object that is referenced through the roleDefinitionId property. Supports $expand and $select nested in $expand.

JSON representation

The following JSON representation shows the resource type.

{
  "@odata.type": "#microsoft.graph.unifiedRoleAssignmentScheduleInstance",
  "id": "String (identifier)",
  "principalId": "String",
  "roleDefinitionId": "String",
  "directoryScopeId": "String",
  "appScopeId": "String",
  "startDateTime": "String (timestamp)",
  "endDateTime": "String (timestamp)",
  "assignmentType": "String",
  "memberType": "String",
  "roleAssignmentOriginId": "String",
  "roleAssignmentScheduleId": "String"
}