Role Management Permissions for Microsoft Graph
Application
| Permission | ID | Purpose | Description |
|---|---|---|---|
| RoleManagement.Read.All | c7fbd983-d9aa-4fa7-84b8-17382c103bc4 | Read role management data for all RBAC providers | Allows the app to read role-based access control (RBAC) settings for all RBAC providers without a signed-in user. This includes reading role definitions and role assignments. |
| RoleManagement.Read.CloudPC | 031a549a-bb80-49b6-8032-2068448c6a3c | Read Cloud PC RBAC settings | Allows the app to read the Cloud PC role-based access control (RBAC) settings, without a signed-in user. |
| RoleManagement.Read.Directory | 483bed4a-2ad3-4361-a73b-c83ccdbdc53c | Read all directory RBAC settings | Allows the app to read the role-based access control (RBAC) settings for your company’s directory, without a signed-in user. This includes reading directory role templates, directory roles and memberships. |
| RoleManagement.Read.Exchange | c769435f-f061-4d0b-8ff1-3d39870e5f85 | Read Exchange Online RBAC configuration | Allows the app to read the role-based access control (RBAC) configuration for your organization’s Exchange Online service, without a signed-in user. This includes reading Exchange management role definitions, role groups, role group membership, role assignments, management scopes, and role assignment policies. |
| RoleManagement.ReadWrite.CloudPC | 274d0592-d1b6-44bd-af1d-26d259bcb43a | Read and write all Cloud PC RBAC settings | Allows the app to read and manage the Cloud PC role-based access control (RBAC) settings, without a signed-in user. This includes reading and managing Cloud PC role definitions and memberships. |
| RoleManagement.ReadWrite.Directory | 9e3f62cf-ca93-4989-b6ce-bf83c28f9fe8 | Read and write all directory RBAC settings | Allows the app to read and manage the role-based access control (RBAC) settings for your company’s directory, without a signed-in user. This includes instantiating directory roles and managing directory role membership, and reading directory role templates, directory roles and memberships. |
| RoleManagement.ReadWrite.Exchange | 025d3225-3f02-4882-b4c0-cd5b541a4e80 | Read and write Exchange Online RBAC configuration | Allows the app to read and manage the role-based access control (RBAC) settings for your organization’s Exchange Online service, without a signed-in user. This includes reading, creating, updating, and deleting Exchange management role definitions, role groups, role group membership, role assignments, management scopes, and role assignment policies. |
Delegated
| Permission | ID | Purpose | Description |
|---|---|---|---|
| RoleManagement.Read.All | 48fec646-b2ba-4019-8681-8eb31435aded | Read role management data for all RBAC providers | Allows the app to read the role-based access control (RBAC) settings for all RBAC providers, on behalf of the signed-in user. This includes reading role definitions and role assignments. |
| RoleManagement.Read.CloudPC | 9619b88a-8a25-48a7-9571-d23be0337a79 | Read Cloud PC RBAC settings | Allows the app to read the Cloud PC role-based access control (RBAC) settings, on behalf of the signed-in user. This includes reading Cloud PC role definitions and role assignments. |
| RoleManagement.Read.Directory | 741c54c3-0c1e-44a1-818b-3f97ab4e8c83 | Read directory RBAC settings | Allows the app to read the role-based access control (RBAC) settings for your company’s directory, on behalf of the signed-in user. This includes reading directory role templates, directory roles and memberships. |
| RoleManagement.Read.Exchange | 3bc15058-7858-4141-b24f-ae43b4e80b52 | Read Exchange Online RBAC configuration | Allows the app to read the role-based access control (RBAC) settings for your organization’s Exchange Online service, on behalf of the signed-in user. This includes reading Exchange management role definitions, role groups, role group membership, role assignments, management scopes, and role assignment policies. |
| RoleManagement.ReadWrite.CloudPC | 501d06f8-07b8-4f18-b5c6-c191a4af7a82 | Read and write Cloud PC RBAC settings | Allows the app to read and manage the Cloud PC role-based access control (RBAC) settings, on behalf of the signed-in user. This includes reading and managing Cloud PC role definitions and role assignments. |
| RoleManagement.ReadWrite.Directory | d01b97e9-cbc0-49fe-810a-750afd5527a3 | Read and write directory RBAC settings | Allows the app to read and manage the role-based access control (RBAC) settings for your company’s directory, on behalf of the signed-in user. This includes instantiating directory roles and managing directory role membership, and reading directory role templates, directory roles and memberships. |
| RoleManagement.ReadWrite.Exchange | c1499fe0-52b1-4b22-bed2-7a244e0e879f | Read and write Exchange Online RBAC configuration | Allows the app to read and manage the role-based access control (RBAC) settings for your organization’s Exchange Online service, on behalf of the signed-in user. This includes reading, creating, updating, and deleting Exchange management role definitions, role groups, role group membership, role assignments, management scopes, and role assignment policies. |