Set-EntraRoleDefinition.
Update an existing Microsoft Entra ID roleDefinition.
Syntax
Set-EntraRoleDefinition.
[-TemplateId <String>]
[-DisplayName <String>][-RolePermissions <System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]>]-Id <String>
[-Description <String>]
[-Version <String>]
[-IsEnabled <Boolean>][-ResourceScopes <System.Collections.Generic.List`1[System.String]>]
[<CommonParameters>]
Description
Updates a Microsoft Entra roleDefinition object identified by ID. You cannot update built-in roles. This feature requires a Microsoft Entra ID P1 or P2 license.
Examples
Example 1: Update an roleDefinition
Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory'
Set-EntraRoleDefinition -ID a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 -DisplayName 'UpdatedDisplayName'
This example updates the specified role definition in Microsoft Entra ID.
Example 2: Update an roleDefinition with Description
Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory'
Set-EntraRoleDefinition -Id a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 -Description 'MYROLEUPDATE1S'
This example updates the Description of specified role definition in Microsoft Entra ID.
Example 3: Update an roleDefinition with IsEnabled
Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory'
Set-EntraRoleDefinition -Id a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 -IsEnabled $true
This example updates the IsEnabled of specified role definition in Microsoft Entra ID.
Example 4: Update an roleDefinition
Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory'
$RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission
$RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/standard/read")
$params = @{
Id = 'a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1'
Description = 'Update'
DisplayName = 'Update'
ResourceScopes = '/'
IsEnabled = $false
RolePermissions = $RolePermissions
TemplateId = '54d418b2-4cc0-47ee-9b39-e8f84ed8e073'
Version = 2
}
Set-EntraRoleDefinition @params
This example updates the RolePermissions, TemplateId, TemplateId, ResourceScopes of specified role definition in Microsoft Entra ID.
Parameters
-Description
Specifies a description for the role definition.
Type: | System.String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DisplayName
Specifies a display name for the role definition.
Type: | System.String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Id
The unique identifier of an object in Microsoft Entra ID
Type: | System.String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-IsEnabled
Specifies whether the role definition is enabled. Flag indicating if the role is enabled for assignment. If false, the role is not available for assignment. Read-only when isBuiltIn
is true.
Type: | System.Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ResourceScopes
Specifies the resource scopes for the role definition.
Type: | System.Collections.Generic.List`1[System.String] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-RolePermissions
Specifies permissions for the role definition. List of permissions included in the role. Read-only when isBuiltIn
is true
.
Type: | System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-TemplateId
Specifies template ID for the role definition. Custom template identifier that can be set when isBuiltIn1 is 1false
. This identifier is typically used if one needs an identifier to be the same across different directories. Read-only when isBuiltIn
is true
.
Type: | System.String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Version
Specifies version for the role definition. Indicates version of the role definition. Read-only when isBuiltIn
is true
.
Type: | System.String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
String
Related Links
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for