List assignments

Retrieve a list of privilegedRoleAssignment objects that are associated with the role. Each privilegedRoleAssignment represents a role assignment to a user.

Prerequisites

The following scopes are required to execute this API: Directory.AccessAsUser.All

The requestor needs to have one of the following roles: Privileged Role Administrator, Global Administrator, Security Administrator, or Security Reader.

HTTP request

GET /privilegedRoles/{id}/assignments

Note that <id> is the target role id.

Optional query parameters

This method supports the OData Query Parameters to help customize the response.

Request headers

Name Description
Authorization Bearer

Request body

Do not supply a request body for this method.

Response

If successful, this method returns a 200 OK response code and collection of privilegedRoleAssignment objects in the response body.

Example

Request

Here is an example of the request.

GET https://graph.microsoft.com/beta/privilegedRoles/{id}/assignments
Response

Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-type: application/json
Content-length: 237

{
  "value": [
    {
      "id": "id-value",
      "userId": "userId-value",
      "roleId": "roleId-value",
      "isElevated": true,
      "expirationDateTime": "2016-10-19T10:37:00Z",
      "resultMessage": "resultMessage-value"
    }
  ]
}