Update deviceAndAppManagementRoleDefinition
Namespace: microsoft.graph
Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Update the properties of a deviceAndAppManagementRoleDefinition object.
This API is available in the following national cloud deployments.
Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
---|---|---|---|
✅ | ✅ | ✅ | ✅ |
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
Permission type | Permissions (from least to most privileged) |
---|---|
Delegated (work or school account) | DeviceManagementConfiguration.ReadWrite.All, DeviceManagementRBAC.ReadWrite.All |
Delegated (personal Microsoft account) | Not supported. |
Application | DeviceManagementConfiguration.ReadWrite.All, DeviceManagementRBAC.ReadWrite.All |
HTTP Request
PATCH /deviceManagement/roleDefinitions/{roleDefinitionId}
PATCH /deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments/{roleAssignmentId}/roleDefinition
Request headers
Header | Value |
---|---|
Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
Accept | application/json |
Request body
In the request body, supply a JSON representation for the deviceAndAppManagementRoleDefinition object.
The following table shows the properties that are required when you create the deviceAndAppManagementRoleDefinition.
Property | Type | Description |
---|---|---|
id | String | Key of the entity. This is read-only and automatically generated. Inherited from roleDefinition |
displayName | String | Display Name of the Role definition. Inherited from roleDefinition |
description | String | Description of the Role definition. Inherited from roleDefinition |
permissions | rolePermission collection | List of Role Permissions this role is allowed to perform. These must match the actionName that is defined as part of the rolePermission. Inherited from roleDefinition |
rolePermissions | rolePermission collection | List of Role Permissions this role is allowed to perform. These must match the actionName that is defined as part of the rolePermission. Inherited from roleDefinition |
isBuiltInRoleDefinition | Boolean | Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition. Inherited from roleDefinition |
isBuiltIn | Boolean | Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition. Inherited from roleDefinition |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from roleDefinition |
Response
If successful, this method returns a 200 OK
response code and an updated deviceAndAppManagementRoleDefinition object in the response body.
Example
Request
Here is an example of the request.
PATCH https://graph.microsoft.com/beta/deviceManagement/roleDefinitions/{roleDefinitionId}
Content-type: application/json
Content-length: 1229
{
"@odata.type": "#microsoft.graph.deviceAndAppManagementRoleDefinition",
"displayName": "Display Name value",
"description": "Description value",
"permissions": [
{
"@odata.type": "microsoft.graph.rolePermission",
"actions": [
"Actions value"
],
"resourceActions": [
{
"@odata.type": "microsoft.graph.resourceAction",
"allowedResourceActions": [
"Allowed Resource Actions value"
],
"notAllowedResourceActions": [
"Not Allowed Resource Actions value"
]
}
]
}
],
"rolePermissions": [
{
"@odata.type": "microsoft.graph.rolePermission",
"actions": [
"Actions value"
],
"resourceActions": [
{
"@odata.type": "microsoft.graph.resourceAction",
"allowedResourceActions": [
"Allowed Resource Actions value"
],
"notAllowedResourceActions": [
"Not Allowed Resource Actions value"
]
}
]
}
],
"isBuiltInRoleDefinition": true,
"isBuiltIn": true,
"roleScopeTagIds": [
"Role Scope Tag Ids value"
]
}
Response
Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1278
{
"@odata.type": "#microsoft.graph.deviceAndAppManagementRoleDefinition",
"id": "bca1dfb5-dfb5-bca1-b5df-a1bcb5dfa1bc",
"displayName": "Display Name value",
"description": "Description value",
"permissions": [
{
"@odata.type": "microsoft.graph.rolePermission",
"actions": [
"Actions value"
],
"resourceActions": [
{
"@odata.type": "microsoft.graph.resourceAction",
"allowedResourceActions": [
"Allowed Resource Actions value"
],
"notAllowedResourceActions": [
"Not Allowed Resource Actions value"
]
}
]
}
],
"rolePermissions": [
{
"@odata.type": "microsoft.graph.rolePermission",
"actions": [
"Actions value"
],
"resourceActions": [
{
"@odata.type": "microsoft.graph.resourceAction",
"allowedResourceActions": [
"Allowed Resource Actions value"
],
"notAllowedResourceActions": [
"Not Allowed Resource Actions value"
]
}
]
}
],
"isBuiltInRoleDefinition": true,
"isBuiltIn": true,
"roleScopeTagIds": [
"Role Scope Tag Ids value"
]
}