Create privilegedRoleAssignment

Important: APIs under the /beta version in Microsoft Graph are in preview and are subject to change. Use of these APIs in production applications is not supported.

Use this API to create a new privilegedRoleAssignment.

Prerequisites

The following scopes are required to execute this API: Directory.AccessAsUser.All

The requestor needs to have Privileged Role Administrator role.

HTTP request

POST /privilegedRoleAssignments

Request headers

Name Description
Authorization Bearer {token}. Required.

Request body

In the request body, supply a JSON representation of privilegedRoleAssignment object.

Response

If successful, this method returns 201, Created response code and privilegedRoleAssignment object in the response body.

Note that the tenant needs to be registered to PIM. Otherwise, the HTTP 403 Forbidden status code will be returned.

Example

Request

Here is an example of the request.

POST https://graph.microsoft.com/beta/privilegedRoleAssignments
Content-type: application/json
Content-length: 164

{
  "userId": "userId-value",
  "roleId": "roleId-value"
}

In the request body, supply a JSON representation of privilegedRoleAssignment object.

Response

Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 201 Created
Content-type: application/json
Content-length: 184

{
  "id": "id-value",
  "userId": "userId-value",
  "roleId": "roleId-value",
  "isElevated": true,
  "expirationDateTime": "2016-10-19T10:37:00Z",
  "resultMessage": "resultMessage-value"
}