ESC
Type to search...
Navigate Open ESC Close

RoleManagementPolicy.Read.Directory

Export JSON
Export CSV
Copy URL
Print
ApplicationDelegated Full Control User Scope

Allows the app to read policies for privileged role-based access control (RBAC) assignments of your company's directory, without a signed-in user.

Permission data: April 6, 2026 at 4:06 AM UTC
Delegated Access App-Only Access

Permission Details

Application Permission

Read all policies for privileged role assignments of your company's directory

Allows the app to read policies for privileged role-based access control (RBAC) assignments of your company's directory, without a signed-in user.

Permission ID: fdc4c997-9942-4479-bfcb-75a36d1138df
Delegated Permission Admin consent required

Read all policies for privileged role assignments of your company's directory

Allows the app to read policies for privileged role-based access control (RBAC) assignments of your company's directory, on behalf of the signed-in user.

User sees: Allows the app to read policies for privileged role-based access control (RBAC) assignments of your company's directory, on your behalf.
Permission ID: 3de2cdbe-0ff5-47d5-bdee-7f45b4749ead

Properties

Properties metadata is not available for this permission mapping. View on Microsoft Learn

JSON Representation

JSON representation is not available for this permission mapping. View on Microsoft Learn

Relationships

Relationships metadata is not available for this permission mapping.

View resource documentation

Graph Methods

Delegated access App-only access
Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /policies/roleManagementPolicies?$filter=scopeId eq '{groupId}' and scopeType eq 'Group'
GET /policies/roleManagementPolicies?$filter=scopeId eq '/' and scopeType eq 'DirectoryRole'
GET /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}
GET /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/rules
GET /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/rules/{unifiedRoleManagementPolicyRuleId}
GET /policies/roleManagementPolicyAssignments?$filter=scopeId eq '{groupId}' and scopeType eq 'Group'
GET /policies/roleManagementPolicyAssignments?$filter=scopeId eq '/' and scopeType eq 'DirectoryRole'
GET /policies/roleManagementPolicyAssignments/{unifiedRoleManagementPolicyAssignmentId}
Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /policies/roleManagementPolicies?$filter=scopeId eq '{groupId}' and scopeType eq 'Group'
GET /policies/roleManagementPolicies?$filter=scopeId eq '/' and scopeType eq 'DirectoryRole'
GET /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}
GET /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/effectiveRules
GET /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/rules
GET /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/rules/{unifiedRoleManagementPolicyRuleId}
GET /policies/roleManagementPolicyAssignments?$filter=scopeId eq '{groupId}' and scopeType eq 'Group'
GET /policies/roleManagementPolicyAssignments?$filter=scopeId eq '/' and scopeType eq 'DirectoryRole'
GET /policies/roleManagementPolicyAssignments/{unifiedRoleManagementPolicyAssignmentId}
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Get-MgPolicyRoleManagementPolicy /policies/roleManagementPolicies?$filter=scopeId eq '/' and scopeType eq 'DirectoryRole'
List roleManagementPolicies
Get-MgPolicyRoleManagementPolicy /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}
Get unifiedRoleManagementPolicy
Get-MgPolicyRoleManagementPolicyAssignment /policies/roleManagementPolicyAssignments?$filter=scopeId eq '/' and scopeType eq 'DirectoryRole'
List roleManagementPolicyAssignments
Get-MgPolicyRoleManagementPolicyAssignment /policies/roleManagementPolicyAssignments/{unifiedRoleManagementPolicyAssignmentId}
Get unifiedRoleManagementPolicyAssignment
Get-MgPolicyRoleManagementPolicyRule /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/rules
List rules (for a role management policy)
Get-MgPolicyRoleManagementPolicyRule /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/rules/{unifiedRoleManagementPolicyRuleId}
Get unifiedRoleManagementPolicyRule
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Get-MgBetaPolicyRoleManagementPolicy /policies/roleManagementPolicies?$filter=scopeId eq '/' and scopeType eq 'DirectoryRole'
List roleManagementPolicies
Get-MgBetaPolicyRoleManagementPolicy /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}
Get unifiedRoleManagementPolicy
Get-MgBetaPolicyRoleManagementPolicyAssignment /policies/roleManagementPolicyAssignments?$filter=scopeId eq '/' and scopeType eq 'DirectoryRole'
List roleManagementPolicyAssignments
Get-MgBetaPolicyRoleManagementPolicyAssignment /policies/roleManagementPolicyAssignments/{unifiedRoleManagementPolicyAssignmentId}
Get unifiedRoleManagementPolicyAssignment
Get-MgBetaPolicyRoleManagementPolicyEffectiveRule /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/effectiveRules
List effectiveRules
Get-MgBetaPolicyRoleManagementPolicyRule /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/rules
List rules (for a role management policy)
Get-MgBetaPolicyRoleManagementPolicyRule /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/rules/{unifiedRoleManagementPolicyRuleId}
Get unifiedRoleManagementPolicyRule

Code Examples

C# / .NET SDK
Get unifiedRoleManagementPolicy
View official example on Microsoft Learn
// Code snippets are only available for the latest version. Current version is 5.x

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Policies.RoleManagementPolicies["{unifiedRoleManagementPolicy-id}"].GetAsync();
JavaScript
Get unifiedRoleManagementPolicy
View official example on Microsoft Learn
const options = {
	authProvider,
};

const client = Client.init(options);

let unifiedRoleManagementPolicy = await client.api('/policies/roleManagementPolicies/Directory_cab01047-8ad9-4792-8e42-569340767f1b_70c808b5-0d35-4863-a0ba-07888e99d448')
	.get();
PowerShell
Get unifiedRoleManagementPolicy
View official example on Microsoft Learn
Import-Module Microsoft.Graph.Identity.SignIns

Get-MgPolicyRoleManagementPolicy -UnifiedRoleManagementPolicyId $unifiedRoleManagementPolicyId
Python
Get unifiedRoleManagementPolicy
View official example on Microsoft Learn
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python

result = await graph_client.policies.role_management_policies.by_unified_role_management_policy_id('unifiedRoleManagementPolicy-id').get()

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Application permissions or delegated permissions and search for RoleManagementPolicy.Read.Directory

4

Grant Admin Consent

Application permissions always require admin consent.