Microsoft Graph · Schema
appRole
Azure ADCollaborationContactsDocumentsEmailGraphIdentityMicrosoftOffice 365PresentationsProductivitySpreadsheetsT1Tasks
Properties
| Name | Type | Description |
|---|---|---|
| allowedMemberTypes | array | Specifies whether this app role can be assigned to users and groups (by setting to ['User']), to other application's (by setting to ['Application'], or both (by setting to ['User', 'Application']). Ap |
| description | string | The description for the app role. This is displayed when the app role is being assigned and, if the app role functions as an application permission, during consent experiences. |
| displayName | string | Display name for the permission that appears in the app role assignment and consent experiences. |
| id | string | Unique role identifier inside the appRoles collection. When creating a new app role, a new GUID identifier must be provided. |
| isEnabled | boolean | When creating or updating an app role, this must be set to true (which is the default). To delete a role, this must first be set to false. At that point, in a subsequent call, this role may be removed |
| origin | string | Specifies if the app role is defined on the application object or on the servicePrincipal entity. Must not be included in any POST or PATCH requests. Read-only. |
| value | string | Specifies the value to include in the roles claim in ID tokens and access tokens authenticating an assigned user or service principal. Must not exceed 120 characters in length. Allowed characters are |
| @odata.type | string |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "#/components/schemas/microsoft.graph.appRole",
"title": "appRole",
"required": [
"@odata.type"
],
"type": "object",
"properties": {
"allowedMemberTypes": {
"type": "array",
"items": {
"type": "string"
},
"description": "Specifies whether this app role can be assigned to users and groups (by setting to ['User']), to other application's (by setting to ['Application'], or both (by setting to ['User', 'Application']). App roles supporting assignment to other applications' service principals are also known as application permissions. The 'Application' value is only supported for app roles defined on application entities."
},
"description": {
"type": "string",
"description": "The description for the app role. This is displayed when the app role is being assigned and, if the app role functions as an application permission, during consent experiences.",
"nullable": true
},
"displayName": {
"type": "string",
"description": "Display name for the permission that appears in the app role assignment and consent experiences.",
"nullable": true
},
"id": {
"pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$",
"type": "string",
"description": "Unique role identifier inside the appRoles collection. When creating a new app role, a new GUID identifier must be provided.",
"format": "uuid"
},
"isEnabled": {
"type": "boolean",
"description": "When creating or updating an app role, this must be set to true (which is the default). To delete a role, this must first be set to false. At that point, in a subsequent call, this role may be removed."
},
"origin": {
"type": "string",
"description": "Specifies if the app role is defined on the application object or on the servicePrincipal entity. Must not be included in any POST or PATCH requests. Read-only.",
"nullable": true
},
"value": {
"type": "string",
"description": "Specifies the value to include in the roles claim in ID tokens and access tokens authenticating an assigned user or service principal. Must not exceed 120 characters in length. Allowed characters are : ! # $ % & ' ( ) * + , - . / : ; = ? @ [ ] ^ + _ { } ~, and characters in the ranges 0-9, A-Z and a-z. Any other character, including the space character, aren't allowed. May not begin with ..",
"nullable": true
},
"@odata.type": {
"type": "string"
}
}
}