ESC
Type to search...
Navigate Open ESC Close

RoleEligibilitySchedule.ReadWrite.Directory

Export JSON
Export CSV
Copy URL
Print
ApplicationDelegated Read/Write User Scope

Allows the app to read and manage the eligible role-based access control (RBAC) assignments and schedules for your company's directory, without a signed-in user. This includes managing eligible directory role membership, and reading directory role templates, directory roles and eligible memberships.

Permission data: April 6, 2026 at 4:06 AM UTC
Delegated Access App-Only Access

Permission Details

Application Permission

Read, update, and delete all eligible role assignments and schedules for your company's directory

Allows the app to read and manage the eligible role-based access control (RBAC) assignments and schedules for your company's directory, without a signed-in user. This includes managing eligible directory role membership, and reading directory role templates, directory roles and eligible memberships.

Permission ID: fee28b28-e1f3-4841-818e-2704dc62245f
Delegated Permission Admin consent required

Read, update, and delete all eligible role assignments for your company's directory

Allows the app to read and manage the eligible role-based access control (RBAC) assignments for your company's directory, on behalf of the signed-in user. This includes managing eligible directory role membership, and reading directory role templates, directory roles and eligible memberships.

User sees: Allows the app to read and manage the eligible role-based access control (RBAC) assignments for your company's directory, on your behalf. This includes managing eligible directory role membership, and reading directory role templates, directory roles and eligible memberships.
Permission ID: 62ade113-f8e0-4bf9-a6ba-5acb31db32fd

Properties

Microsoft Graph v1.0 endpoint-derived-docs

Properties is shown from stable Microsoft Graph v1.0 metadata.

Property Type Description
directory object
entitlementManagement object Container for roles and assignments for entitlement management resources.

JSON Representation

Microsoft Graph v1.0 endpoint-derived-docs

JSON representation is shown from stable Microsoft Graph v1.0 metadata.

JSON representation 
{
  "@odata.type": "#microsoft.graph.roleManagement"
}

Relationships

Microsoft Graph v1.0 endpoint-derived-docs

Relationships is shown from stable Microsoft Graph v1.0 metadata.

Relationship Type Description
directory rbacApplication Read-only. Nullable.
entitlementManagement rbacApplication Container for roles and assignments for entitlement management resources.
enterpriseApps rbacApplication collection Related enterpriseApps data exposed by this resource.

Graph Methods

Delegated access App-only access
Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /roleManagement/directory/roleEligibilityScheduleInstances
GET /roleManagement/directory/roleEligibilityScheduleInstances/{unifiedRoleEligibilityScheduleInstanceId}
GET /roleManagement/directory/roleEligibilityScheduleInstances/filterByCurrentUser(on='parameterValue')
GET /roleManagement/directory/roleEligibilityScheduleRequests
GET /roleManagement/directory/roleEligibilityScheduleRequests/{unifiedRoleEligibilityScheduleRequestId}
GET /roleManagement/directory/roleEligibilityScheduleRequests/filterByCurrentUser(on='parameterValue')
GET /roleManagement/directory/roleEligibilitySchedules
GET /roleManagement/directory/roleEligibilitySchedules/{unifiedRoleEligibilityScheduleId}
GET /roleManagement/directory/roleEligibilitySchedules/filterByCurrentUser(on='parameterValue')
POST /roleManagement/directory/roleEligibilityScheduleRequests
POST /roleManagement/directory/roleEligibilityScheduleRequests/{unifiedRoleEligibilityScheduleRequestId}/cancel
Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /roleManagement/directory/roleEligibilityScheduleInstances
GET /roleManagement/directory/roleEligibilityScheduleInstances/{unifiedRoleEligibilityScheduleInstancesId}
GET /roleManagement/directory/roleEligibilityScheduleInstances/filterByCurrentUser(on='principal')
GET /roleManagement/directory/roleEligibilityScheduleRequests
GET /roleManagement/directory/roleEligibilityScheduleRequests/{unifiedRoleEligibilityScheduleRequestsId}
GET /roleManagement/directory/RoleEligibilityScheduleRequests/filterByCurrentUser(on='principal')
GET /roleManagement/directory/roleEligibilitySchedules
GET /roleManagement/directory/roleEligibilitySchedules/{unifiedRoleEligibilitySchedulesId}
GET /roleManagement/directory/roleEligibilitySchedules/filterByCurrentUser(on='principal')
POST /roleManagement/directory/roleEligibilityScheduleRequests
POST /roleManagement/directory/roleEligibilityScheduleRequests/{unifiedRoleEligibilityScheduleRequestsId}/cancel
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Get-MgRoleManagementDirectoryRoleEligibilitySchedule /roleManagement/directory/roleEligibilitySchedules
List roleEligibilitySchedules
Get-MgRoleManagementDirectoryRoleEligibilitySchedule /roleManagement/directory/roleEligibilitySchedules/{unifiedRoleEligibilityScheduleId}
Get unifiedRoleEligibilitySchedule
Get-MgRoleManagementDirectoryRoleEligibilityScheduleInstance /roleManagement/directory/roleEligibilityScheduleInstances
List roleEligibilityScheduleInstances
Get-MgRoleManagementDirectoryRoleEligibilityScheduleInstance /roleManagement/directory/roleEligibilityScheduleInstances/{unifiedRoleEligibilityScheduleInstanceId}
Get unifiedRoleEligibilityScheduleInstance
Get-MgRoleManagementDirectoryRoleEligibilityScheduleRequest /roleManagement/directory/roleEligibilityScheduleRequests
List roleEligibilityScheduleRequests
Get-MgRoleManagementDirectoryRoleEligibilityScheduleRequest /roleManagement/directory/roleEligibilityScheduleRequests/{unifiedRoleEligibilityScheduleRequestId}
Get unifiedRoleEligibilityScheduleRequest
Invoke-MgFilterRoleManagementDirectoryRoleEligibilityScheduleByCurrentUser /roleManagement/directory/roleEligibilitySchedules/filterByCurrentUser(on='parameterValue')
unifiedRoleEligibilitySchedule: filterByCurrentUser
Invoke-MgFilterRoleManagementDirectoryRoleEligibilityScheduleInstanceByCurrentUser /roleManagement/directory/roleEligibilityScheduleInstances/filterByCurrentUser(on='parameterValue')
unifiedRoleEligibilityScheduleInstance: filterByCurrentUser
Invoke-MgFilterRoleManagementDirectoryRoleEligibilityScheduleRequestByCurrentUser /roleManagement/directory/roleEligibilityScheduleRequests/filterByCurrentUser(on='parameterValue')
unifiedRoleEligibilityScheduleRequest: filterByCurrentUser
New-MgRoleManagementDirectoryRoleEligibilityScheduleRequest /roleManagement/directory/roleEligibilityScheduleRequests
Create roleEligibilityScheduleRequest
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Get-MgBetaRoleManagementDirectoryRoleEligibilitySchedule /roleManagement/directory/roleEligibilitySchedules
List roleEligibilitySchedules
Get-MgBetaRoleManagementDirectoryRoleEligibilitySchedule /roleManagement/directory/roleEligibilitySchedules/{unifiedRoleEligibilitySchedulesId}
Get unifiedRoleEligibilitySchedule
Get-MgBetaRoleManagementDirectoryRoleEligibilityScheduleInstance /roleManagement/directory/roleEligibilityScheduleInstances
List roleEligibilityScheduleInstances
Get-MgBetaRoleManagementDirectoryRoleEligibilityScheduleInstance /roleManagement/directory/roleEligibilityScheduleInstances/{unifiedRoleEligibilityScheduleInstancesId}
Get unifiedRoleEligibilityScheduleInstance
Get-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest /roleManagement/directory/roleEligibilityScheduleRequests
List roleEligibilityScheduleRequests
Get-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest /roleManagement/directory/roleEligibilityScheduleRequests/{unifiedRoleEligibilityScheduleRequestsId}
Get unifiedRoleEligibilityScheduleRequest
Invoke-MgBetaFilterRoleManagementDirectoryRoleEligibilityScheduleByCurrentUser /roleManagement/directory/roleEligibilitySchedules/filterByCurrentUser(on='principal')
unifiedRoleEligibilitySchedule: filterByCurrentUser
Invoke-MgBetaFilterRoleManagementDirectoryRoleEligibilityScheduleInstanceByCurrentUser /roleManagement/directory/roleEligibilityScheduleInstances/filterByCurrentUser(on='principal')
unifiedRoleEligibilityScheduleInstance: filterByCurrentUser
Invoke-MgBetaFilterRoleManagementDirectoryRoleEligibilityScheduleRequestByCurrentUser /roleManagement/directory/RoleEligibilityScheduleRequests/filterByCurrentUser(on='principal')
unifiedRoleEligibilityScheduleRequest: filterByCurrentUser
New-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest /roleManagement/directory/roleEligibilityScheduleRequests
Create roleEligibilityScheduleRequests

Code Examples

C# / .NET SDK
Create roleEligibilityScheduleRequest
View official example on Microsoft Learn
// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new UnifiedRoleEligibilityScheduleRequest
{
	Action = UnifiedRoleScheduleRequestActions.AdminAssign,
	Justification = "Assign Attribute Assignment Admin eligibility to restricted user",
	RoleDefinitionId = "8424c6f0-a189-499e-bbd0-26c1753c96d4",
	DirectoryScopeId = "/",
	PrincipalId = "071cc716-8147-4397-a5ba-b2105951cc0b",
	ScheduleInfo = new RequestSchedule
	{
		StartDateTime = DateTimeOffset.Parse("2022-04-10T00:00:00Z"),
		Expiration = new ExpirationPattern
		{
			Type = ExpirationPatternType.AfterDateTime,
			EndDateTime = DateTimeOffset.Parse("2024-04-10T00:00:00Z"),
		},
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.Directory.RoleEligibilityScheduleRequests.PostAsync(requestBody);
JavaScript
Create roleEligibilityScheduleRequest
View official example on Microsoft Learn
const options = {
	authProvider,
};

const client = Client.init(options);

const unifiedRoleEligibilityScheduleRequest = {
    action: 'adminAssign',
    justification: 'Assign Attribute Assignment Admin eligibility to restricted user',
    roleDefinitionId: '8424c6f0-a189-499e-bbd0-26c1753c96d4',
    directoryScopeId: '/',
    principalId: '071cc716-8147-4397-a5ba-b2105951cc0b',
    scheduleInfo: {
        startDateTime: '2022-04-10T00:00:00Z',
        expiration: {
            type: 'afterDateTime',
            endDateTime: '2024-04-10T00:00:00Z'
        }
    }
};

await client.api('/roleManagement/directory/roleEligibilityScheduleRequests')
	.post(unifiedRoleEligibilityScheduleRequest);
PowerShell
Create roleEligibilityScheduleRequest
View official example on Microsoft Learn
Import-Module Microsoft.Graph.Identity.Governance

$params = @{
	action = "adminAssign"
	justification = "Assign Attribute Assignment Admin eligibility to restricted user"
	roleDefinitionId = "8424c6f0-a189-499e-bbd0-26c1753c96d4"
	directoryScopeId = "/"
	principalId = "071cc716-8147-4397-a5ba-b2105951cc0b"
	scheduleInfo = @{
		startDateTime = [System.DateTime]::Parse("2022-04-10T00:00:00Z")
		expiration = @{
			type = "afterDateTime"
			endDateTime = [System.DateTime]::Parse("2024-04-10T00:00:00Z")
		}
	}
}

New-MgRoleManagementDirectoryRoleEligibilityScheduleRequest -BodyParameter $params
Python
Create roleEligibilityScheduleRequest
View official example on Microsoft Learn
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.unified_role_eligibility_schedule_request import UnifiedRoleEligibilityScheduleRequest
from msgraph.generated.models.unified_role_schedule_request_actions import UnifiedRoleScheduleRequestActions
from msgraph.generated.models.request_schedule import RequestSchedule
from msgraph.generated.models.expiration_pattern import ExpirationPattern
from msgraph.generated.models.expiration_pattern_type import ExpirationPatternType
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = UnifiedRoleEligibilityScheduleRequest(
	action = UnifiedRoleScheduleRequestActions.AdminAssign,
	justification = "Assign Attribute Assignment Admin eligibility to restricted user",
	role_definition_id = "8424c6f0-a189-499e-bbd0-26c1753c96d4",
	directory_scope_id = "/",
	principal_id = "071cc716-8147-4397-a5ba-b2105951cc0b",
	schedule_info = RequestSchedule(
		start_date_time = "2022-04-10T00:00:00Z",
		expiration = ExpirationPattern(
			type = ExpirationPatternType.AfterDateTime,
			end_date_time = "2024-04-10T00:00:00Z",
		),
	),
)

result = await graph_client.role_management.directory.role_eligibility_schedule_requests.post(request_body)

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Application permissions or delegated permissions and search for RoleEligibilitySchedule.ReadWrite.Directory

4

Grant Admin Consent

Application permissions always require admin consent.