deviceAndAppManagementRoleDefinition resource type

Namespace: microsoft.graph

Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.

The Role Definition resource. The role definition is the foundation of role based access in Intune. The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource. There are two types of roles, built-in and custom. Built-in roles cannot be modified. Both built-in roles and custom roles must have assignments to be enforced. Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role.

Inherits from roleDefinition


Method Return Type Description
List deviceAndAppManagementRoleDefinitions deviceAndAppManagementRoleDefinition collection List properties and relationships of the deviceAndAppManagementRoleDefinition objects.
Get deviceAndAppManagementRoleDefinition deviceAndAppManagementRoleDefinition Read properties and relationships of the deviceAndAppManagementRoleDefinition object.
Create deviceAndAppManagementRoleDefinition deviceAndAppManagementRoleDefinition Create a new deviceAndAppManagementRoleDefinition object.
Delete deviceAndAppManagementRoleDefinition None Deletes a deviceAndAppManagementRoleDefinition.
Update deviceAndAppManagementRoleDefinition deviceAndAppManagementRoleDefinition Update the properties of a deviceAndAppManagementRoleDefinition object.


Property Type Description
id String Key of the entity. This is read-only and automatically generated. Inherited from roleDefinition
displayName String Display Name of the Role definition. Inherited from roleDefinition
description String Description of the Role definition. Inherited from roleDefinition
rolePermissions rolePermission collection List of Role Permissions this role is allowed to perform. These must match the actionName that is defined as part of the rolePermission. Inherited from roleDefinition
isBuiltIn Boolean Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition. Inherited from roleDefinition


Relationship Type Description
roleAssignments roleAssignment collection List of Role assignments for this role definition. Inherited from roleDefinition

JSON Representation

Here is a JSON representation of the resource.

  "@odata.type": "#microsoft.graph.deviceAndAppManagementRoleDefinition",
  "id": "String (identifier)",
  "displayName": "String",
  "description": "String",
  "rolePermissions": [
      "@odata.type": "microsoft.graph.rolePermission",
      "resourceActions": [
          "@odata.type": "microsoft.graph.resourceAction",
          "allowedResourceActions": [
          "notAllowedResourceActions": [
  "isBuiltIn": true