New-MgRoleManagementEntitlementManagementRoleDefinition

Module:

Microsoft.Graph.Identity.Governance Module

Create new navigation property to roleDefinitions for roleManagement

Note

To view the beta release of this cmdlet, view New-MgBetaRoleManagementEntitlementManagementRoleDefinition

Syntax

CreateExpanded (Default)

New-MgRoleManagementEntitlementManagementRoleDefinition
    [-ResponseHeadersVariable <String>]
    [-AdditionalProperties <Hashtable>]
    [-Description <String>]
    [-DisplayName <String>]
    [-Id <String>]
    [-InheritsPermissionsFrom <IMicrosoftGraphUnifiedRoleDefinition[]>]
    [-IsBuiltIn]
    [-IsEnabled]
    [-ResourceScopes <String[]>]
    [-RolePermissions <IMicrosoftGraphUnifiedRolePermission[]>]
    [-TemplateId <String>]
    [-Version <String>]
    [-Headers <IDictionary>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Create

New-MgRoleManagementEntitlementManagementRoleDefinition
    -BodyParameter <IMicrosoftGraphUnifiedRoleDefinition>
    [-ResponseHeadersVariable <String>]
    [-Headers <IDictionary>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Description

Create new navigation property to roleDefinitions for roleManagement

Parameters

-AdditionalProperties

Additional Parameters

Parameter properties

Type:	Hashtable
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

CreateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-BodyParameter

unifiedRoleDefinition To construct, see NOTES section for BODYPARAMETER properties and create a hash table.

Parameter properties

Type:	IMicrosoftGraphUnifiedRoleDefinition
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

Create

Position:	Named
Mandatory:	True
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Confirm

Prompts you for confirmation before running the cmdlet.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	cf

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Description

The description for the unifiedRoleDefinition. Read-only when isBuiltIn is true.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

CreateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-DisplayName

The display name for the unifiedRoleDefinition. Read-only when isBuiltIn is true. Required. Supports $filter (eq, in).

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

CreateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Headers

Optional headers that will be added to the request.

Parameter properties

Type:	IDictionary
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Id

The unique identifier for an entity. Read-only.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

CreateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-InheritsPermissionsFrom

Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles (isBuiltIn is true) support this attribute. Supports $expand. To construct, see NOTES section for INHERITSPERMISSIONSFROM properties and create a hash table.

Parameter properties

Type:	IMicrosoftGraphUnifiedRoleDefinition[]
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

CreateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-IsBuiltIn

Flag indicating whether the role definition is part of the default set included in Microsoft Entra or a custom definition. Read-only. Supports $filter (eq, in).

Parameter properties

Type:	SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

CreateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-IsEnabled

Flag indicating whether the role is enabled for assignment. If false the role is not available for assignment. Read-only when isBuiltIn is true.

Parameter properties

Type:	SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

CreateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ResourceScopes

List of the scopes or permissions the role definition applies to. Currently only / is supported. Read-only when isBuiltIn is true. DO NOT USE. This will be deprecated soon. Attach scope to role assignment.

Parameter properties

Type:	String[]
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

CreateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ResponseHeadersVariable

Optional Response Headers Variable.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	RHV

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-RolePermissions

List of permissions included in the role. Read-only when isBuiltIn is true. Required. To construct, see NOTES section for ROLEPERMISSIONS properties and create a hash table.

Parameter properties

Type:	IMicrosoftGraphUnifiedRolePermission[]
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

CreateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-TemplateId

Custom template identifier that can be set when isBuiltIn is false but is read-only when isBuiltIn is true. This identifier is typically used if one needs an identifier to be the same across different directories.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

CreateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Version

Indicates version of the role definition. Read-only when isBuiltIn is true.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

CreateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	wi

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

Microsoft.Graph.PowerShell.Models.IMicrosoftGraphUnifiedRoleDefinition

System.Collections.IDictionary

Outputs

Microsoft.Graph.PowerShell.Models.IMicrosoftGraphUnifiedRoleDefinition

Notes

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

BODYPARAMETER <IMicrosoftGraphUnifiedRoleDefinition>: unifiedRoleDefinition

• [(Any) <Object>]: This indicates any property can be added to this object.
• [Id <String>]: The unique identifier for an entity. Read-only.
• [Description <String>]: The description for the unifiedRoleDefinition. Read-only when isBuiltIn is true.
• [DisplayName <String>]: The display name for the unifiedRoleDefinition. Read-only when isBuiltIn is true. Required. Supports $filter (eq, in).
• [InheritsPermissionsFrom <IMicrosoftGraphUnifiedRoleDefinition- []>]: Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles (isBuiltIn is true) support this attribute. Supports $expand.
• [IsBuiltIn <Boolean?>]: Flag indicating whether the role definition is part of the default set included in Microsoft Entra or a custom definition. Read-only. Supports $filter (eq, in).
• [IsEnabled <Boolean?>]: Flag indicating whether the role is enabled for assignment. If false the role is not available for assignment. Read-only when isBuiltIn is true.
• [ResourceScopes <String- []>]: List of the scopes or permissions the role definition applies to. Currently only / is supported. Read-only when isBuiltIn is true. DO NOT USE. This will be deprecated soon. Attach scope to role assignment.
• [RolePermissions <IMicrosoftGraphUnifiedRolePermission- []>]: List of permissions included in the role. Read-only when isBuiltIn is true. Required.
  • [AllowedResourceActions <String- []>]: Set of tasks that can be performed on a resource. Required.
  • [Condition <String>]: Optional constraints that must be met for the permission to be effective. Not supported for custom roles.
  • [ExcludedResourceActions <String- []>]: Set of tasks that may not be performed on a resource. Not yet supported.
• [TemplateId <String>]: Custom template identifier that can be set when isBuiltIn is false but is read-only when isBuiltIn is true. This identifier is typically used if one needs an identifier to be the same across different directories.
• [Version <String>]: Indicates version of the role definition. Read-only when isBuiltIn is true.

INHERITSPERMISSIONSFROM <IMicrosoftGraphUnifiedRoleDefinition- []>: Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles (isBuiltIn is true) support this attribute. Supports $expand.

• [Id <String>]: The unique identifier for an entity. Read-only.
• [Description <String>]: The description for the unifiedRoleDefinition. Read-only when isBuiltIn is true.
• [DisplayName <String>]: The display name for the unifiedRoleDefinition. Read-only when isBuiltIn is true. Required. Supports $filter (eq, in).
• [InheritsPermissionsFrom <IMicrosoftGraphUnifiedRoleDefinition- []>]: Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles (isBuiltIn is true) support this attribute. Supports $expand.
• [IsBuiltIn <Boolean?>]: Flag indicating whether the role definition is part of the default set included in Microsoft Entra or a custom definition. Read-only. Supports $filter (eq, in).
• [IsEnabled <Boolean?>]: Flag indicating whether the role is enabled for assignment. If false the role is not available for assignment. Read-only when isBuiltIn is true.
• [ResourceScopes <String- []>]: List of the scopes or permissions the role definition applies to. Currently only / is supported. Read-only when isBuiltIn is true. DO NOT USE. This will be deprecated soon. Attach scope to role assignment.
• [RolePermissions <IMicrosoftGraphUnifiedRolePermission- []>]: List of permissions included in the role. Read-only when isBuiltIn is true. Required.
  • [AllowedResourceActions <String- []>]: Set of tasks that can be performed on a resource. Required.
  • [Condition <String>]: Optional constraints that must be met for the permission to be effective. Not supported for custom roles.
  • [ExcludedResourceActions <String- []>]: Set of tasks that may not be performed on a resource. Not yet supported.
• [TemplateId <String>]: Custom template identifier that can be set when isBuiltIn is false but is read-only when isBuiltIn is true. This identifier is typically used if one needs an identifier to be the same across different directories.
• [Version <String>]: Indicates version of the role definition. Read-only when isBuiltIn is true.

ROLEPERMISSIONS <IMicrosoftGraphUnifiedRolePermission- []>: List of permissions included in the role. Read-only when isBuiltIn is true. Required.

• [AllowedResourceActions <String- []>]: Set of tasks that can be performed on a resource. Required.
• [Condition <String>]: Optional constraints that must be met for the permission to be effective. Not supported for custom roles.
• [ExcludedResourceActions <String- []>]: Set of tasks that may not be performed on a resource. Not yet supported.

Related Links

• https://learn.microsoft.com/powershell/module/microsoft.graph.identity.governance/new-mgrolemanagemententitlementmanagementroledefinition