Update-MgBetaRoleManagementEnterpriseAppTransitiveRoleAssignment
Update the navigation property transitiveRoleAssignments in roleManagement
Syntax
Update-MgBetaRoleManagementEnterpriseAppTransitiveRoleAssignment
-RbacApplicationId <String>
-UnifiedRoleAssignmentId <String>
[-ResponseHeadersVariable <String>]
[-AdditionalProperties <Hashtable>]
[-AppScope <IMicrosoftGraphAppScope>]
[-AppScopeId <String>]
[-Condition <String>]
[-DirectoryScope <IMicrosoftGraphDirectoryObject>]
[-DirectoryScopeId <String>]
[-Id <String>]
[-Principal <IMicrosoftGraphDirectoryObject>]
[-PrincipalId <String>]
[-PrincipalOrganizationId <String>]
[-ResourceScope <String>]
[-RoleDefinition <IMicrosoftGraphUnifiedRoleDefinition>]
[-RoleDefinitionId <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Update-MgBetaRoleManagementEnterpriseAppTransitiveRoleAssignment
-RbacApplicationId <String>
-UnifiedRoleAssignmentId <String>
-BodyParameter <IMicrosoftGraphUnifiedRoleAssignment>
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Update-MgBetaRoleManagementEnterpriseAppTransitiveRoleAssignment
-InputObject <IIdentityGovernanceIdentity>
[-ResponseHeadersVariable <String>]
[-AdditionalProperties <Hashtable>]
[-AppScope <IMicrosoftGraphAppScope>]
[-AppScopeId <String>]
[-Condition <String>]
[-DirectoryScope <IMicrosoftGraphDirectoryObject>]
[-DirectoryScopeId <String>]
[-Id <String>]
[-Principal <IMicrosoftGraphDirectoryObject>]
[-PrincipalId <String>]
[-PrincipalOrganizationId <String>]
[-ResourceScope <String>]
[-RoleDefinition <IMicrosoftGraphUnifiedRoleDefinition>]
[-RoleDefinitionId <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Update-MgBetaRoleManagementEnterpriseAppTransitiveRoleAssignment
-InputObject <IIdentityGovernanceIdentity>
-BodyParameter <IMicrosoftGraphUnifiedRoleAssignment>
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Update the navigation property transitiveRoleAssignments in roleManagement
Parameters
-AdditionalProperties
Additional Parameters
Type: | Hashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-AppScope
appScope To construct, see NOTES section for APPSCOPE properties and create a hash table.
Type: | IMicrosoftGraphAppScope |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-AppScopeId
Identifier of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by a resource application only. For the entitlement management provider, use this property to specify a catalog. For example, /AccessPackageCatalog/beedadfe-01d5-4025-910b-84abb9369997. Supports $filter (eq, in). For example /roleManagement/entitlementManagement/roleAssignments$filter=appScopeId eq '/AccessPackageCatalog/{catalog id}'.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-BodyParameter
unifiedRoleAssignment To construct, see NOTES section for BODYPARAMETER properties and create a hash table.
Type: | IMicrosoftGraphUnifiedRoleAssignment |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Condition
.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DirectoryScope
directoryObject To construct, see NOTES section for DIRECTORYSCOPE properties and create a hash table.
Type: | IMicrosoftGraphDirectoryObject |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DirectoryScopeId
Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications, unlike app scopes that are defined and understood by a resource application only. Supports $filter (eq, in).
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Headers
Optional headers that will be added to the request.
Type: | IDictionary |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Id
The unique identifier for an entity. Read-only.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-InputObject
Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
Type: | IIdentityGovernanceIdentity |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Principal
directoryObject To construct, see NOTES section for PRINCIPAL properties and create a hash table.
Type: | IMicrosoftGraphDirectoryObject |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PrincipalId
Identifier of the principal to which the assignment is granted. Supported principals are users, role-assignable groups, and service principals. Supports $filter (eq, in).
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PrincipalOrganizationId
Identifier of the home tenant for the principal to which the assignment is granted.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ProgressAction
{{ Fill ProgressAction Description }}
Type: | ActionPreference |
Aliases: | proga |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-RbacApplicationId
The unique identifier of rbacApplication
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ResourceScope
The scope at which the unifiedRoleAssignment applies. This is / for service-wide. DO NOT USE. This property will be deprecated soon.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ResponseHeadersVariable
Optional Response Headers Variable.
Type: | String |
Aliases: | RHV |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-RoleDefinition
unifiedRoleDefinition To construct, see NOTES section for ROLEDEFINITION properties and create a hash table.
Type: | IMicrosoftGraphUnifiedRoleDefinition |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-RoleDefinitionId
Identifier of the unifiedRoleDefinition the assignment is for. Read-only. Supports $filter (eq, in).
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-UnifiedRoleAssignmentId
The unique identifier of unifiedRoleAssignment
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
Microsoft.Graph.Beta.PowerShell.Models.IIdentityGovernanceIdentity
Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphUnifiedRoleAssignment
System.Collections.IDictionary
Outputs
Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphUnifiedRoleAssignment
Notes
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
APPSCOPE <IMicrosoftGraphAppScope>
: appScope
[(Any) <Object>]
: This indicates any property can be added to this object.[Id <String>]
: The unique identifier for an entity. Read-only.[DisplayName <String>]
: Provides the display name of the app-specific resource represented by the app scope. Provided for display purposes since appScopeId is often an immutable, non-human-readable ID. Read only.[Type <String>]
: Describes the type of app-specific resource represented by the app scope. For display purposes, so a user interface can convey to the user the kind of app specific resource represented by the app scope. Read only.
BODYPARAMETER <IMicrosoftGraphUnifiedRoleAssignment>
: unifiedRoleAssignment
[(Any) <Object>]
: This indicates any property can be added to this object.[Id <String>]
: The unique identifier for an entity. Read-only.[AppScope <IMicrosoftGraphAppScope>]
: appScope[(Any) <Object>]
: This indicates any property can be added to this object.[Id <String>]
: The unique identifier for an entity. Read-only.[DisplayName <String>]
: Provides the display name of the app-specific resource represented by the app scope. Provided for display purposes since appScopeId is often an immutable, non-human-readable ID. Read only.[Type <String>]
: Describes the type of app-specific resource represented by the app scope. For display purposes, so a user interface can convey to the user the kind of app specific resource represented by the app scope. Read only.
[AppScopeId <String>]
: Identifier of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by a resource application only. For the entitlement management provider, use this property to specify a catalog. For example, /AccessPackageCatalog/beedadfe-01d5-4025-910b-84abb9369997. Supports $filter (eq, in). For example /roleManagement/entitlementManagement/roleAssignments?$filter=appScopeId eq '/AccessPackageCatalog/{catalog id}'.[Condition <String>]
:[DirectoryScope <IMicrosoftGraphDirectoryObject>]
: directoryObject[(Any) <Object>]
: This indicates any property can be added to this object.[Id <String>]
: The unique identifier for an entity. Read-only.[DeletedDateTime <DateTime?>]
: Date and time when this object was deleted. Always null when the object hasn't been deleted.
[DirectoryScopeId <String>]
: Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications, unlike app scopes that are defined and understood by a resource application only. Supports $filter (eq, in).[Principal <IMicrosoftGraphDirectoryObject>]
: directoryObject[PrincipalId <String>]
: Identifier of the principal to which the assignment is granted. Supported principals are users, role-assignable groups, and service principals. Supports $filter (eq, in).[PrincipalOrganizationId <String>]
: Identifier of the home tenant for the principal to which the assignment is granted.[ResourceScope <String>]
: The scope at which the unifiedRoleAssignment applies. This is / for service-wide. DO NOT USE. This property will be deprecated soon.[RoleDefinition <IMicrosoftGraphUnifiedRoleDefinition>]
: unifiedRoleDefinition[(Any) <Object>]
: This indicates any property can be added to this object.[Id <String>]
: The unique identifier for an entity. Read-only.[AllowedPrincipalTypes <String>]
: allowedRolePrincipalTypes[Description <String>]
: The description for the unifiedRoleDefinition. Read-only when isBuiltIn is true.[DisplayName <String>]
: The display name for the unifiedRoleDefinition. Read-only when isBuiltIn is true. Required. Supports $filter (eq and startsWith).[InheritsPermissionsFrom <IMicrosoftGraphUnifiedRoleDefinition-
[]>]
: Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles support this attribute.[IsBuiltIn <Boolean?>]
: Flag indicating if the unifiedRoleDefinition is part of the default set included with the product or custom. Read-only. Supports $filter (eq).[IsEnabled <Boolean?>]
: Flag indicating if the role is enabled for assignment. If false the role is not available for assignment. Read-only when isBuiltIn is true.[IsPrivileged <Boolean?>]
: Flag indicating if the role is privileged. Microsoft Entra ID defines a role as privileged if it contains at least one sensitive resource action in the rolePermissions and allowedResourceActions objects. Applies only for actions in the microsoft.directory resource namespace. Read-only. Supports $filter (eq).[ResourceScopes <String-
[]>]
: List of scopes permissions granted by the role definition apply to. Currently only / is supported. Read-only when isBuiltIn is true. DO NOT USE. This will be deprecated soon. Attach scope to role assignment.[RolePermissions <IMicrosoftGraphUnifiedRolePermission-
[]>]
: List of permissions included in the role. Read-only when isBuiltIn is true. Required.[AllowedResourceActions <String-
[]>]
: Set of tasks that can be performed on a resource.[Condition <String>]
: Optional constraints that must be met for the permission to be effective. Not supported for custom roles.[ExcludedResourceActions <String-
[]>]
:
[TemplateId <String>]
: Custom template identifier that can be set when isBuiltIn is false. This identifier is typically used if one needs an identifier to be the same across different directories. Read-only when isBuiltIn is true.[Version <String>]
: Indicates the version of the unifiedRoleDefinition object. Read-only when isBuiltIn is true.
[RoleDefinitionId <String>]
: Identifier of the unifiedRoleDefinition the assignment is for. Read-only. Supports $filter (eq, in).
DIRECTORYSCOPE <IMicrosoftGraphDirectoryObject>
: directoryObject
[(Any) <Object>]
: This indicates any property can be added to this object.[Id <String>]
: The unique identifier for an entity. Read-only.[DeletedDateTime <DateTime?>]
: Date and time when this object was deleted. Always null when the object hasn't been deleted.
INPUTOBJECT <IIdentityGovernanceIdentity>
: Identity Parameter
[AccessPackageAssignmentId <String>]
: The unique identifier of accessPackageAssignment[AccessPackageAssignmentPolicyId <String>]
: The unique identifier of accessPackageAssignmentPolicy[AccessPackageAssignmentRequestId <String>]
: The unique identifier of accessPackageAssignmentRequest[AccessPackageAssignmentResourceRoleId <String>]
: The unique identifier of accessPackageAssignmentResourceRole[AccessPackageCatalogId <String>]
: The unique identifier of accessPackageCatalog[AccessPackageId <String>]
: The unique identifier of accessPackage[AccessPackageId1 <String>]
: The unique identifier of accessPackage[AccessPackageResourceEnvironmentId <String>]
: The unique identifier of accessPackageResourceEnvironment[AccessPackageResourceId <String>]
: The unique identifier of accessPackageResource[AccessPackageResourceRequestId <String>]
: The unique identifier of accessPackageResourceRequest[AccessPackageResourceRoleId <String>]
: The unique identifier of accessPackageResourceRole[AccessPackageResourceRoleScopeId <String>]
: The unique identifier of accessPackageResourceRoleScope[AccessPackageResourceScopeId <String>]
: The unique identifier of accessPackageResourceScope[AccessPackageSubjectId <String>]
: The unique identifier of accessPackageSubject[AccessReviewDecisionId <String>]
: The unique identifier of accessReviewDecision[AccessReviewHistoryDefinitionId <String>]
: The unique identifier of accessReviewHistoryDefinition[AccessReviewHistoryInstanceId <String>]
: The unique identifier of accessReviewHistoryInstance[AccessReviewId <String>]
: The unique identifier of accessReview[AccessReviewId1 <String>]
: The unique identifier of accessReview[AccessReviewInstanceDecisionItemId <String>]
: The unique identifier of accessReviewInstanceDecisionItem[AccessReviewInstanceDecisionItemId1 <String>]
: The unique identifier of accessReviewInstanceDecisionItem[AccessReviewInstanceId <String>]
: The unique identifier of accessReviewInstance[AccessReviewReviewerId <String>]
: The unique identifier of accessReviewReviewer[AccessReviewScheduleDefinitionId <String>]
: The unique identifier of accessReviewScheduleDefinition[AccessReviewStageId <String>]
: The unique identifier of accessReviewStage[AgreementAcceptanceId <String>]
: The unique identifier of agreementAcceptance[AgreementFileLocalizationId <String>]
: The unique identifier of agreementFileLocalization[AgreementFileVersionId <String>]
: The unique identifier of agreementFileVersion[AgreementId <String>]
: The unique identifier of agreement[AppConsentRequestId <String>]
: The unique identifier of appConsentRequest[ApprovalId <String>]
: The unique identifier of approval[ApprovalStepId <String>]
: The unique identifier of approvalStep[BusinessFlowTemplateId <String>]
: The unique identifier of businessFlowTemplate[ConnectedOrganizationId <String>]
: The unique identifier of connectedOrganization[CustomAccessPackageWorkflowExtensionId <String>]
: The unique identifier of customAccessPackageWorkflowExtension[CustomCalloutExtensionId <String>]
: The unique identifier of customCalloutExtension[CustomExtensionHandlerId <String>]
: The unique identifier of customExtensionHandler[CustomExtensionStageSettingId <String>]
: The unique identifier of customExtensionStageSetting[CustomTaskExtensionId <String>]
: The unique identifier of customTaskExtension[DirectoryObjectId <String>]
: The unique identifier of directoryObject[EndDateTime <DateTime?>]
: Usage: endDateTime={endDateTime}[FindingId <String>]
: The unique identifier of finding[GovernanceInsightId <String>]
: The unique identifier of governanceInsight[GovernanceResourceId <String>]
: The unique identifier of governanceResource[GovernanceRoleAssignmentId <String>]
: The unique identifier of governanceRoleAssignment[GovernanceRoleAssignmentRequestId <String>]
: The unique identifier of governanceRoleAssignmentRequest[GovernanceRoleDefinitionId <String>]
: The unique identifier of governanceRoleDefinition[GovernanceRoleSettingId <String>]
: The unique identifier of governanceRoleSetting[IncompatibleAccessPackageId <String>]
: Usage: incompatibleAccessPackageId='{incompatibleAccessPackageId}'[LongRunningOperationId <String>]
: The unique identifier of longRunningOperation[ObjectId <String>]
: Alternate key of accessPackageSubject[On <String>]
: Usage: on='{on}'[PermissionsCreepIndexDistributionId <String>]
: The unique identifier of permissionsCreepIndexDistribution[PermissionsRequestChangeId <String>]
: The unique identifier of permissionsRequestChange[PrivilegedAccessGroupAssignmentScheduleId <String>]
: The unique identifier of privilegedAccessGroupAssignmentSchedule[PrivilegedAccessGroupAssignmentScheduleInstanceId <String>]
: The unique identifier of privilegedAccessGroupAssignmentScheduleInstance[PrivilegedAccessGroupAssignmentScheduleRequestId <String>]
: The unique identifier of privilegedAccessGroupAssignmentScheduleRequest[PrivilegedAccessGroupEligibilityScheduleId <String>]
: The unique identifier of privilegedAccessGroupEligibilitySchedule[PrivilegedAccessGroupEligibilityScheduleInstanceId <String>]
: The unique identifier of privilegedAccessGroupEligibilityScheduleInstance[PrivilegedAccessGroupEligibilityScheduleRequestId <String>]
: The unique identifier of privilegedAccessGroupEligibilityScheduleRequest[PrivilegedAccessId <String>]
: The unique identifier of privilegedAccess[PrivilegedApprovalId <String>]
: The unique identifier of privilegedApproval[PrivilegedOperationEventId <String>]
: The unique identifier of privilegedOperationEvent[PrivilegedRoleAssignmentId <String>]
: The unique identifier of privilegedRoleAssignment[PrivilegedRoleAssignmentId1 <String>]
: The unique identifier of privilegedRoleAssignment[PrivilegedRoleAssignmentRequestId <String>]
: The unique identifier of privilegedRoleAssignmentRequest[PrivilegedRoleId <String>]
: The unique identifier of privilegedRole[ProgramControlId <String>]
: The unique identifier of programControl[ProgramControlId1 <String>]
: The unique identifier of programControl[ProgramControlTypeId <String>]
: The unique identifier of programControlType[ProgramId <String>]
: The unique identifier of program[RbacApplicationId <String>]
: The unique identifier of rbacApplication[RunId <String>]
: The unique identifier of run[StartDateTime <DateTime?>]
: Usage: startDateTime={startDateTime}[TaskDefinitionId <String>]
: The unique identifier of taskDefinition[TaskId <String>]
: The unique identifier of task[TaskProcessingResultId <String>]
: The unique identifier of taskProcessingResult[TaskReportId <String>]
: The unique identifier of taskReport[UnifiedRbacResourceActionId <String>]
: The unique identifier of unifiedRbacResourceAction[UnifiedRbacResourceNamespaceId <String>]
: The unique identifier of unifiedRbacResourceNamespace[UnifiedRoleAssignmentId <String>]
: The unique identifier of unifiedRoleAssignment[UnifiedRoleAssignmentScheduleId <String>]
: The unique identifier of unifiedRoleAssignmentSchedule[UnifiedRoleAssignmentScheduleInstanceId <String>]
: The unique identifier of unifiedRoleAssignmentScheduleInstance[UnifiedRoleAssignmentScheduleRequestId <String>]
: The unique identifier of unifiedRoleAssignmentScheduleRequest[UnifiedRoleDefinitionId <String>]
: The unique identifier of unifiedRoleDefinition[UnifiedRoleDefinitionId1 <String>]
: The unique identifier of unifiedRoleDefinition[UnifiedRoleEligibilityScheduleId <String>]
: The unique identifier of unifiedRoleEligibilitySchedule[UnifiedRoleEligibilityScheduleInstanceId <String>]
: The unique identifier of unifiedRoleEligibilityScheduleInstance[UnifiedRoleEligibilityScheduleRequestId <String>]
: The unique identifier of unifiedRoleEligibilityScheduleRequest[UnifiedRoleManagementAlertConfigurationId <String>]
: The unique identifier of unifiedRoleManagementAlertConfiguration[UnifiedRoleManagementAlertDefinitionId <String>]
: The unique identifier of unifiedRoleManagementAlertDefinition[UnifiedRoleManagementAlertId <String>]
: The unique identifier of unifiedRoleManagementAlert[UnifiedRoleManagementAlertIncidentId <String>]
: The unique identifier of unifiedRoleManagementAlertIncident[UniqueName <String>]
: Alternate key of accessPackageCatalog[UserConsentRequestId <String>]
: The unique identifier of userConsentRequest[UserId <String>]
: The unique identifier of user[UserProcessingResultId <String>]
: The unique identifier of userProcessingResult[WorkflowId <String>]
: The unique identifier of workflow[WorkflowTemplateId <String>]
: The unique identifier of workflowTemplate[WorkflowVersionNumber <Int32?>]
: The unique identifier of workflowVersion
PRINCIPAL <IMicrosoftGraphDirectoryObject>
: directoryObject
[(Any) <Object>]
: This indicates any property can be added to this object.[Id <String>]
: The unique identifier for an entity. Read-only.[DeletedDateTime <DateTime?>]
: Date and time when this object was deleted. Always null when the object hasn't been deleted.
ROLEDEFINITION <IMicrosoftGraphUnifiedRoleDefinition>
: unifiedRoleDefinition
[(Any) <Object>]
: This indicates any property can be added to this object.[Id <String>]
: The unique identifier for an entity. Read-only.[AllowedPrincipalTypes <String>]
: allowedRolePrincipalTypes[Description <String>]
: The description for the unifiedRoleDefinition. Read-only when isBuiltIn is true.[DisplayName <String>]
: The display name for the unifiedRoleDefinition. Read-only when isBuiltIn is true. Required. Supports $filter (eq and startsWith).[InheritsPermissionsFrom <IMicrosoftGraphUnifiedRoleDefinition-
[]>]
: Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles support this attribute.[IsBuiltIn <Boolean?>]
: Flag indicating if the unifiedRoleDefinition is part of the default set included with the product or custom. Read-only. Supports $filter (eq).[IsEnabled <Boolean?>]
: Flag indicating if the role is enabled for assignment. If false the role is not available for assignment. Read-only when isBuiltIn is true.[IsPrivileged <Boolean?>]
: Flag indicating if the role is privileged. Microsoft Entra ID defines a role as privileged if it contains at least one sensitive resource action in the rolePermissions and allowedResourceActions objects. Applies only for actions in the microsoft.directory resource namespace. Read-only. Supports $filter (eq).[ResourceScopes <String-
[]>]
: List of scopes permissions granted by the role definition apply to. Currently only / is supported. Read-only when isBuiltIn is true. DO NOT USE. This will be deprecated soon. Attach scope to role assignment.[RolePermissions <IMicrosoftGraphUnifiedRolePermission-
[]>]
: List of permissions included in the role. Read-only when isBuiltIn is true. Required.[AllowedResourceActions <String-
[]>]
: Set of tasks that can be performed on a resource.[Condition <String>]
: Optional constraints that must be met for the permission to be effective. Not supported for custom roles.[ExcludedResourceActions <String-
[]>]
:
[TemplateId <String>]
: Custom template identifier that can be set when isBuiltIn is false. This identifier is typically used if one needs an identifier to be the same across different directories. Read-only when isBuiltIn is true.[Version <String>]
: Indicates the version of the unifiedRoleDefinition object. Read-only when isBuiltIn is true.