This example shows how to use the New-MgDeviceManagementRoleAssignment Cmdlet.
Parameters
-AdditionalProperties
Additional Parameters
Parameter properties
Type:
System.Collections.Hashtable
Supports wildcards:
False
DontShow:
False
Parameter sets
CreateExpanded
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-BodyParameter
The Role Assignment resource.
Role assignments tie together a role definition with members and scopes.
There can be one or more role assignments per role.
This applies to custom and built-in roles.
To construct, see NOTES section for BODYPARAMETER properties and create a hash table.
The list of ids of role member security groups.
These are IDs from Azure Active Directory.
Parameter properties
Type:
System.String[]
Supports wildcards:
False
DontShow:
False
Parameter sets
CreateExpanded
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Proxy
The URI for the proxy server to use
Parameter properties
Type:
System.Uri
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-ProxyCredential
Credentials for a proxy server to use for the remote call
Parameter properties
Type:
System.Management.Automation.PSCredential
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-ProxyUseDefaultCredentials
Use the default credentials for the proxy
Parameter properties
Type:
System.Management.Automation.SwitchParameter
Default value:
False
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-ResourceScopes
List of ids of role scope member security groups.
These are IDs from Azure Active Directory.
Parameter properties
Type:
System.String[]
Supports wildcards:
False
DontShow:
False
Parameter sets
CreateExpanded
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-ResponseHeadersVariable
Optional Response Headers Variable.
Parameter properties
Type:
System.String
Supports wildcards:
False
DontShow:
False
Aliases:
RHV
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-RoleDefinition
The Role Definition resource.
The role definition is the foundation of role based access in Intune.
The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource.
There are two types of roles, built-in and custom.
Built-in roles cannot be modified.
Both built-in roles and custom roles must have assignments to be enforced.
Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role.
To construct, see NOTES section for ROLEDEFINITION properties and create a hash table.
Runs the command in a mode that only reports what would happen without performing the actions.
Parameter properties
Type:
System.Management.Automation.SwitchParameter
Supports wildcards:
False
DontShow:
False
Aliases:
wi
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters.
To create the parameters described below, construct a hash table containing the appropriate properties.
For information on hash tables, run Get-Help about_Hash_Tables.
BODYPARAMETER <IMicrosoftGraphDeviceAndAppManagementRoleAssignment>: The Role Assignment resource.
Role assignments tie together a role definition with members and scopes.
There can be one or more role assignments per role.
This applies to custom and built-in roles.
[(Any) <Object>]: This indicates any property can be added to this object.
[Description <String>]: Description of the Role Assignment.
[DisplayName <String>]: The display or friendly name of the role Assignment.
[ResourceScopes <String[]>]: List of ids of role scope member security groups.
These are IDs from Azure Active Directory.
[RoleDefinition <IMicrosoftGraphRoleDefinition>]: The Role Definition resource.
The role definition is the foundation of role based access in Intune.
The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource.
There are two types of roles, built-in and custom.
Built-in roles cannot be modified.
Both built-in roles and custom roles must have assignments to be enforced.
Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role.
[(Any) <Object>]: This indicates any property can be added to this object.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Description <String>]: Description of the Role definition.
[DisplayName <String>]: Display Name of the Role definition.
[IsBuiltIn <Boolean?>]: Type of Role.
Set to True if it is built-in, or set to False if it is a custom role definition.
[RoleAssignments <IMicrosoftGraphRoleAssignment[]>]: List of Role assignments for this role definition.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Description <String>]: Description of the Role Assignment.
[DisplayName <String>]: The display or friendly name of the role Assignment.
[ResourceScopes <String[]>]: List of ids of role scope member security groups.
These are IDs from Azure Active Directory.
[RoleDefinition <IMicrosoftGraphRoleDefinition>]: The Role Definition resource.
The role definition is the foundation of role based access in Intune.
The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource.
There are two types of roles, built-in and custom.
Built-in roles cannot be modified.
Both built-in roles and custom roles must have assignments to be enforced.
Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role.
[RolePermissions <IMicrosoftGraphRolePermission[]>]: List of Role Permissions this role is allowed to perform.
These must match the actionName that is defined as part of the rolePermission.
[ResourceActions <IMicrosoftGraphResourceAction[]>]: Resource Actions each containing a set of allowed and not allowed permissions.
[AllowedResourceActions <String[]>]: Allowed Actions
[NotAllowedResourceActions <String[]>]: Not Allowed Actions.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Members <String[]>]: The list of ids of role member security groups.
These are IDs from Azure Active Directory.
ROLEDEFINITION <IMicrosoftGraphRoleDefinition>: The Role Definition resource.
The role definition is the foundation of role based access in Intune.
The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource.
There are two types of roles, built-in and custom.
Built-in roles cannot be modified.
Both built-in roles and custom roles must have assignments to be enforced.
Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role.
[(Any) <Object>]: This indicates any property can be added to this object.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Description <String>]: Description of the Role definition.
[DisplayName <String>]: Display Name of the Role definition.
[IsBuiltIn <Boolean?>]: Type of Role.
Set to True if it is built-in, or set to False if it is a custom role definition.
[RoleAssignments <IMicrosoftGraphRoleAssignment[]>]: List of Role assignments for this role definition.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Description <String>]: Description of the Role Assignment.
[DisplayName <String>]: The display or friendly name of the role Assignment.
[ResourceScopes <String[]>]: List of ids of role scope member security groups.
These are IDs from Azure Active Directory.
[RoleDefinition <IMicrosoftGraphRoleDefinition>]: The Role Definition resource.
The role definition is the foundation of role based access in Intune.
The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource.
There are two types of roles, built-in and custom.
Built-in roles cannot be modified.
Both built-in roles and custom roles must have assignments to be enforced.
Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role.
[RolePermissions <IMicrosoftGraphRolePermission[]>]: List of Role Permissions this role is allowed to perform.
These must match the actionName that is defined as part of the rolePermission.
[ResourceActions <IMicrosoftGraphResourceAction[]>]: Resource Actions each containing a set of allowed and not allowed permissions.
[AllowedResourceActions <String[]>]: Allowed Actions
[NotAllowedResourceActions <String[]>]: Not Allowed Actions.