{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "#/components/schemas/microsoft.graph.unifiedRoleManagementPolicy",
  "title": "microsoft.graph.unifiedRoleManagementPolicy",
  "allOf": [
    {
      "$ref": "#/components/schemas/microsoft.graph.entity"
    },
    {
      "title": "unifiedRoleManagementPolicy",
      "required": [
        "@odata.type"
      ],
      "type": "object",
      "properties": {
        "description": {
          "type": "string",
          "description": "Description for the policy."
        },
        "displayName": {
          "type": "string",
          "description": "Display name for the policy."
        },
        "isOrganizationDefault": {
          "type": "boolean",
          "description": "This can only be set to true for a single tenant-wide policy which will apply to all scopes and roles. Set the scopeId to / and scopeType to Directory. Supports $filter (eq, ne).",
          "nullable": true
        },
        "lastModifiedBy": {
          "anyOf": [
            {
              "$ref": "#/components/schemas/microsoft.graph.identity"
            },
            {
              "type": "object",
              "nullable": true
            }
          ],
          "description": "The identity who last modified the role setting."
        },
        "lastModifiedDateTime": {
          "pattern": "^[0-9]{4,}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])T([01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]([.][0-9]{1,12})?(Z|[+-][0-9][0-9]:[0-9][0-9])$",
          "type": "string",
          "description": "The time when the role setting was last modified.",
          "format": "date-time",
          "nullable": true
        },
        "scopeId": {
          "type": "string",
          "description": "The identifier of the scope where the policy is created. Can be / for the tenant or a group ID. Required."
        },
        "scopeType": {
          "type": "string",
          "description": "The type of the scope where the policy is created. One of Directory, DirectoryRole, Group. Required."
        },
        "effectiveRules": {
          "type": "array",
          "items": {
            "$ref": "#/components/schemas/microsoft.graph.unifiedRoleManagementPolicyRule"
          },
          "description": "The list of effective rules like approval rules and expiration rules evaluated based on inherited referenced rules. For example, if there is a tenant-wide policy to enforce enabling an approval rule, the effective rule will be to enable approval even if the policy has a rule to disable approval. Supports $expand.",
          "x-ms-navigationProperty": true
        },
        "rules": {
          "type": "array",
          "items": {
            "$ref": "#/components/schemas/microsoft.graph.unifiedRoleManagementPolicyRule"
          },
          "description": "The collection of rules like approval rules and expiration rules. Supports $expand.",
          "x-ms-navigationProperty": true
        },
        "@odata.type": {
          "type": "string"
        }
      }
    }
  ],
  "x-ms-discriminator-value": "#microsoft.graph.unifiedRoleManagementPolicy"
}