Microsoft Graph list RBACRoleAssignments by resourceScope


I would like list roleAssignments of a group with GraphAPI. But I only see an <a href="https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/api/intune_rbac_deviceandappmanagementroleassignment_list" rel="nofollow">API</a> to list whole roleAssignments.<br /> I tried to filter by resourceScopes/scopeMembers using $filter clause but it's not working.

Should I filter this whole list myself or is there any other way to do it?


It seems like you are looking for <a href="https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal" rel="nofollow">Azure RBAC</a> role assignments.

These are different from what you've linked to, which are Intune device management role assignments (which are specific to <a href="https://docs.microsoft.com/en-us/intune/role-based-access-control" rel="nofollow">Intune RBAC roles</a>). They are also different from <a href="https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/resources/approleassignment" rel="nofollow">Azure AD app role assignments</a> (which are for assigning an app or a user/group to another app's role), and Azure AD directory role membership (which is for assigning users to directory roles).

You can <a href="https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-rest#list-all-role-assignments" rel="nofollow">list all Azure RBAC role assignments</a> using the Azure Management API. You can also filter this request by scope and/or by which user, group or app the role assignment is for.

For example, to list all the scopes a group {group-id} has been assigned to for a subscription {sub-id}:

GET https://management.azure.com/subscriptions/{sub-id}/providers/Microsoft.Authorization/roleAssignments?api-version=2015-07-01&$filter=principalId%20eq%20'{group-id}'

For more details, you can read <a href="https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-rest#list-all-role-assignments" rel="nofollow">Manage Role-Based Access Control with the REST API</a>.


  • read Microsoft Intune app configuration properties from cordova
  • Python. How to optimize search functions
  • simplemembership MVC4 get username by userId
  • How would you audit ASP.NET Membership tables, while recording what user made the changes?
  • Process.StartTime Access Denied
  • Giving security priviliege to a scheduler in Java EE 6
  • Multiple versions of iTunesArtwork in one project?
  • Can't access Tomcat 7 Manager app when running from Eclipse
  • Is it better to have roles as a column on my users table, or do it through join tables (Roles &
  • Command line installation of Code Signing certificates, .p12 files, and mobileprovisions
  • Cross platform UI spacing/padding
  • Eclipse MTJ doesn't see Java ME SDK 3.0 devices
  • blade.php method outputting it's result to the form
  • Bash if statement with multiple conditions
  • cygwin cannot exec 'git-add--interactive' permission denied
  • MS Access - How to change the linked table path by amend the table
  • Copy to all folders batch file?
  • Ajax calls do not work in IE unless you fiddle with security settings
  • Alternative to overridePendingTransition() - Android
  • Rails Find when some params will be blank
  • MongoError: Incorrect arguments
  • Database structure design with variable amounts of fields
  • Checking free space on FTP server
  • C++ Partial template specialization - design simplification
  • Change Inet root folder for iis 7
  • Highlight one bar in a series in highcharts?
  • How to make a tree having multiple type of nodes and each node can have multiple child nodes in java
  • Sony Xperia Z Tablet not found by adb
  • Cassandra Data Model
  • Can I make an Android app that runs a web view in Chrome 39?
  • Updated Ionic CLI but shows previous version (Windows)
  • XCode can't find symbols for a specific iOS library/framework project
  • Matrix multiplication with MKL
  • Codeigniter doesn't let me update entry, because some fields must be unique
  • CSS Applying specific rule for a specific monitor resolution with only CSS is posible?
  • What are the advantages and disadvantages of reading an entire file into a single String as opposed
  • Authorize attributes not working in MVC 4
  • EntityFramework adding new object to nested object collection
  • How to get NHibernate ISession to cache entity not retrieved by primary key
  • Converting MP3 duration time