How to find the roleDefinitionId of Unified roles in Microsoft graph API when creating delegated admin relationship POST
I intend to integrate PHP CRM with Microsoft graph and partner center so that i can be able create delegated admin relationship from CRM for customers i manage. This is the Microsoft article that is illustrating the create admin relationship object.
I need assistance to know how to get roleDefinitionId for a specific administrative role in the tenant so i can pass it in the body of the POST request or how i can list the unified roles and get the roleDefinitionId programmatically. thanks.
On POST request body we have roleDefinitionId and it's required which translates to a unified role being requested. The unified role is administrative role being requested for example Global admin, User administrator etc.. from the customer tenant.
Below its Microsoft POST request body, i just dont know how they know the 'roleDefinitionIdin the body stands for whichadministrative role`
POST https://graph.microsoft.com/v1.0/tenantRelationships/delegatedAdminRelationships
Content-Type: application/json
{
"displayName": "Contoso admin relationship",
"duration": "P730D",
"customer": {
"tenantId": "4b827261-d21f-4aa9-b7db-7fa1f56fb163",
"displayName": "Contoso subsidiary Inc"
},
"accessDetails": {
"unifiedRoles": [
{
"roleDefinitionId": "29232cdf-9323-42fd-ade2-1d097af3e4de"
},
{
"roleDefinitionId": "3a2c62db-5318-420d-8d74-23affee5d9d5"
}
]
},
"autoExtendDuration": "P180D"
}
In my html form of course i need to have user select administrative role based on its name eg global admin, then backend to have ability to translate to its roleDefinitionId just as how to it works partner center GUI. At the moment in my form i need to input the roleDefinitionId.
My design flow
You can use the /v1.0/roleManagement/directory/roleDefinitions endpoint to list all administrative role.
If you want to filter a specific role like the Global Administrator or the User Administrator:
/v1.0/roleManagement/directory/roleDefinitions?$filter=displayName eq 'Global Administrator'&$select=id,displayName
- Get-MgPrivilegedAccessResource is not recognized require an alternative to Get-AzureADMSPrivilegedResource
- Msgraph-sdk-python get sharepoint site id from name
- How to configure MS Graph via SDK / graph service client to allow creation of 30 day subscriptions?
- getting templates from Microsoft 365 admin center with ps
- How to find the roleDefinitionId of Unified roles in Microsoft graph API when creating delegated admin relationship POST
- Update automaticRepliesSetting via PowerShell with Microsoft Graph PowerShell SDK
- Paginate over AzureAD PIM role eligible assignments using Microsoft Graph API
- Cannot create Microsoft Graph API subscription using self signed C# X509Certificate2
- Grant admin consent using SPN is not working using powershell
- Using update-mguser to add / update user's authentication email methods in powershell unattended script
- Microsoft graph get user by email or Mail
- Is there any Filter condition for string "contains" in MS Graph API V1.0
- Why do I keep getting "401 unauthorized" response when sending mails through Graph API with delegated access?
- Create Teams OnlineMeeting via Graph API using delagated permission now get "No application access policy"
- Azure DevOps - load provided Graph avatars via OAuth 2.0
- I need help figuring out how to interpret Call Records
- Assigning a Token Lifetime Policy to an application in Microsoft EntraID seems to have no effect
- How do I send email using client credentials flow such that sender's mail is included?
- OneDrive Picture Download using python msal fails with 401 Error "unauthenticated"
- Scope "allsites.write" doesn't exist on the resource
- Azure Automation Runbook: 'Invalid JWT access token' error with Connect-MgGraph -Identity
- RestSharp returns "Invalid Content-Range header." on final file chunk with MS Graph API
- Graph Subscription Email Resource For All Emails
- How to fix error 403 Forbidden when accessing partner center API to retrieve customers and users
- Sharing Microsoft Graph Authentication Tokens Between Separate Applications (Silent Refresh Issue)
- How to Restore Deleted Files from SharePoint Embedded via Microsoft Graph API
- Inconsistent number of rows from calling Graph API with the same time range
- 412 (Precondition Failed) when add attachments at same time
- MS Graph API - How to query additional pages
- Get eDiscovery cases as application