Namespace: microsoft.graph
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Update the properties of a roleAssignment object.
This API is available in the following national cloud deployments.
| Global service |
US Government L4 |
US Government L5 (DOD) |
China operated by 21Vianet |
| ✅ |
✅ |
✅ |
✅ |
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
| Permission type |
Permissions (from least to most privileged) |
| Delegated (work or school account) |
DeviceManagementRBAC.ReadWrite.All |
| Delegated (personal Microsoft account) |
Not supported. |
| Application |
DeviceManagementRBAC.ReadWrite.All |
HTTP Request
PATCH /deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments/{roleAssignmentId}
Request body
In the request body, supply a JSON representation for the roleAssignment object.
The following table shows the properties that are required when you create the roleAssignment.
| Property |
Type |
Description |
| id |
String |
Key of the entity. This is read-only and automatically generated. |
| displayName |
String |
The display or friendly name of the role Assignment. |
| description |
String |
Description of the Role Assignment. |
| resourceScopes |
String collection |
List of ids of role scope member security groups. These are IDs from Azure Active Directory. |
Response
If successful, this method returns a 200 OK response code and an updated roleAssignment object in the response body.
Example
Request
Here is an example of the request.
PATCH https://graph.microsoft.com/v1.0/deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments/{roleAssignmentId}
Content-type: application/json
Content-length: 193
{
"@odata.type": "#microsoft.graph.roleAssignment",
"displayName": "Display Name value",
"description": "Description value",
"resourceScopes": [
"Resource Scopes value"
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new RoleAssignment
{
OdataType = "#microsoft.graph.roleAssignment",
DisplayName = "Display Name value",
Description = "Description value",
ResourceScopes = new List<string>
{
"Resource Scopes value",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.DeviceManagement.RoleDefinitions["{roleDefinition-id}"].RoleAssignments["{roleAssignment-id}"].PatchAsync(requestBody);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
mgc device-management role-definitions role-assignments patch --role-definition-id {roleDefinition-id} --role-assignment-id {roleAssignment-id} --body '{\
"@odata.type": "#microsoft.graph.roleAssignment",\
"displayName": "Display Name value",\
"description": "Description value",\
"resourceScopes": [\
"Resource Scopes value"\
]\
}\
'
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewRoleAssignment()
displayName := "Display Name value"
requestBody.SetDisplayName(&displayName)
description := "Description value"
requestBody.SetDescription(&description)
resourceScopes := []string {
"Resource Scopes value",
}
requestBody.SetResourceScopes(resourceScopes)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleAssignments, err := graphClient.DeviceManagement().RoleDefinitions().ByRoleDefinitionId("roleDefinition-id").RoleAssignments().ByRoleAssignmentId("roleAssignment-id").Patch(context.Background(), requestBody, nil)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
RoleAssignment roleAssignment = new RoleAssignment();
roleAssignment.setOdataType("#microsoft.graph.roleAssignment");
roleAssignment.setDisplayName("Display Name value");
roleAssignment.setDescription("Description value");
LinkedList<String> resourceScopes = new LinkedList<String>();
resourceScopes.add("Resource Scopes value");
roleAssignment.setResourceScopes(resourceScopes);
RoleAssignment result = graphClient.deviceManagement().roleDefinitions().byRoleDefinitionId("{roleDefinition-id}").roleAssignments().byRoleAssignmentId("{roleAssignment-id}").patch(roleAssignment);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
const options = {
authProvider,
};
const client = Client.init(options);
const roleAssignment = {
'@odata.type': '#microsoft.graph.roleAssignment',
displayName: 'Display Name value',
description: 'Description value',
resourceScopes: [
'Resource Scopes value'
]
};
await client.api('/deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments/{roleAssignmentId}')
.update(roleAssignment);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\RoleAssignment;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new RoleAssignment();
$requestBody->setOdataType('#microsoft.graph.roleAssignment');
$requestBody->setDisplayName('Display Name value');
$requestBody->setDescription('Description value');
$requestBody->setResourceScopes(['Resource Scopes value', ]);
$result = $graphServiceClient->deviceManagement()->roleDefinitions()->byRoleDefinitionId('roleDefinition-id')->roleAssignments()->byRoleAssignmentId('roleAssignment-id')->patch($requestBody)->wait();
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Import-Module Microsoft.Graph.DeviceManagement.Administration
$params = @{
"@odata.type" = "#microsoft.graph.roleAssignment"
displayName = "Display Name value"
description = "Description value"
resourceScopes = @(
"Resource Scopes value"
)
}
Update-MgDeviceManagementRoleDefinitionRoleAssignment -RoleDefinitionId $roleDefinitionId -RoleAssignmentId $roleAssignmentId -BodyParameter $params
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.role_assignment import RoleAssignment
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = RoleAssignment(
odata_type = "#microsoft.graph.roleAssignment",
display_name = "Display Name value",
description = "Description value",
resource_scopes = [
"Resource Scopes value",
],
)
result = await graph_client.device_management.role_definitions.by_role_definition_id('roleDefinition-id').role_assignments.by_role_assignment_id('roleAssignment-id').patch(request_body)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Response
Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 242
{
"@odata.type": "#microsoft.graph.roleAssignment",
"id": "b3234d24-4d24-b323-244d-23b3244d23b3",
"displayName": "Display Name value",
"description": "Description value",
"resourceScopes": [
"Resource Scopes value"
]
}