microsoft-graph-docs "condition" property of "roleDefinitions" not documented

"condition" property of "roleDefinitions" not documented

Open cnotin opened this issue 1 year ago • 1 comments

The properties of a "roleDefinitions" objects are described as: https://learn.microsoft.com/en-us/graph/api/resources/unifiedroledefinition?view=graph-rest-1.0#properties

However, it's missing the "condition" property that exists too. We can see it when requesting the API, as proven in the example responses: https://learn.microsoft.com/en-us/graph/api/rbacapplication-list-roledefinitions?view=graph-rest-1.0&tabs=http#response-2

Its value isn't always "null" (contrary to the previous example), for example with the "User" built-in role:

    {
      "id": "a0b1b346-4d3e-4e8b-98f8-753987be4970",
      "description": "Default role for member users. Can read all and write a limited set of directory information.",
      "displayName": "User",
      "isBuiltIn": true,
      "isEnabled": true,
      "isPrivileged": false,
[...]
      "rolePermissions": [
        {
          "allowedResourceActions": [
            "microsoft.directory/administrativeUnits/standard/read",
            "microsoft.directory/administrativeUnits/members/read",
[...]
          ],
          "condition": null
        },
        {
          "allowedResourceActions": [
            "microsoft.directory/applications/delete",
            "microsoft.directory/applications/appRoles/update",
[...]
          ],
          "condition": "$SubjectIsOwner"
        },
        {
          "allowedResourceActions": [
            "microsoft.directory/users/changePassword",
            "microsoft.directory/users/invalidateAllRefreshTokens",
[...]
          ],
          "condition": "$ResourceIsSelf"
        }
      ],
      "[email protected]": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleDefinitions('a0b1b346-4d3e-4e8b-98f8-753987be4970')/inheritsPermissionsFrom",
      "inheritsPermissionsFrom": []
    },

Can you please document this condition and its possible values?

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

ID: aa367574-a801-486d-8790-aee27158548b
Version Independent ID: 82200805-4d04-4c29-fbc5-3e8b88a23f33
Content: unifiedRoleDefinition resource type - Microsoft Graph v1.0
Content Source: api-reference/v1.0/resources/unifiedroledefinition.md
Product: directory-management
Technology: microsoft-graph
GitHub Login: @DougKirschner
Microsoft Alias: MSGraphDocsVteam

Jun 01 '23 13:06 cnotin

microsoft-graph-docs microsoft-graph-docs copied to clipboard

"condition" property of "roleDefinitions" not documented

Document Details

microsoft-graph-docs
microsoft-graph-docs copied to clipboard