Update-MgRoleManagementEntitlementManagementRoleDefinitionInheritPermissionFrom

Module:

Microsoft.Graph.Identity.Governance Module

Update the navigation property inheritsPermissionsFrom in roleManagement

Note

To view the beta release of this cmdlet, view Update-MgBetaRoleManagementEntitlementManagementRoleDefinitionInheritPermissionFrom

Syntax

UpdateExpanded (Default)

Update-MgRoleManagementEntitlementManagementRoleDefinitionInheritPermissionFrom

    -UnifiedRoleDefinitionId <String>
    -UnifiedRoleDefinitionId1 <String>
    [-ResponseHeadersVariable <String>]
    [-AdditionalProperties <Hashtable>]
    [-Description <String>]
    [-DisplayName <String>]
    [-Id <String>]
    [-InheritsPermissionsFrom <IMicrosoftGraphUnifiedRoleDefinition[]>]
    [-IsBuiltIn]
    [-IsEnabled]
    [-ResourceScopes <String[]>]
    [-RolePermissions <IMicrosoftGraphUnifiedRolePermission[]>]
    [-TemplateId <String>]
    [-Version <String>]
    [-Headers <IDictionary>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Update

Update-MgRoleManagementEntitlementManagementRoleDefinitionInheritPermissionFrom

    -UnifiedRoleDefinitionId <String>
    -UnifiedRoleDefinitionId1 <String>
    -BodyParameter <IMicrosoftGraphUnifiedRoleDefinition>
    [-ResponseHeadersVariable <String>]
    [-Headers <IDictionary>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

UpdateViaIdentityExpanded

Update-MgRoleManagementEntitlementManagementRoleDefinitionInheritPermissionFrom

    -InputObject <IIdentityGovernanceIdentity>
    [-ResponseHeadersVariable <String>]
    [-AdditionalProperties <Hashtable>]
    [-Description <String>]
    [-DisplayName <String>]
    [-Id <String>]
    [-InheritsPermissionsFrom <IMicrosoftGraphUnifiedRoleDefinition[]>]
    [-IsBuiltIn]
    [-IsEnabled]
    [-ResourceScopes <String[]>]
    [-RolePermissions <IMicrosoftGraphUnifiedRolePermission[]>]
    [-TemplateId <String>]
    [-Version <String>]
    [-Headers <IDictionary>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

UpdateViaIdentity

Update-MgRoleManagementEntitlementManagementRoleDefinitionInheritPermissionFrom

    -InputObject <IIdentityGovernanceIdentity>
    -BodyParameter <IMicrosoftGraphUnifiedRoleDefinition>
    [-ResponseHeadersVariable <String>]
    [-Headers <IDictionary>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Description

Update the navigation property inheritsPermissionsFrom in roleManagement

Parameters

-AdditionalProperties

Additional Parameters

Parameter properties

Type:	Hashtable
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-BodyParameter

unifiedRoleDefinition To construct, see NOTES section for BODYPARAMETER properties and create a hash table.

Parameter properties

Type:	IMicrosoftGraphUnifiedRoleDefinition
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

Update

Position:	Named
Mandatory:	True
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentity

Position:	Named
Mandatory:	True
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Confirm

Prompts you for confirmation before running the cmdlet.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	cf

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Description

The description for the unifiedRoleDefinition. Read-only when isBuiltIn is true.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-DisplayName

The display name for the unifiedRoleDefinition. Read-only when isBuiltIn is true. Required. Supports $filter (eq, in).

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Headers

Optional headers that will be added to the request.

Parameter properties

Type:	IDictionary
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Id

The unique identifier for an entity. Read-only.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-InheritsPermissionsFrom

Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles (isBuiltIn is true) support this attribute. Supports $expand. To construct, see NOTES section for INHERITSPERMISSIONSFROM properties and create a hash table.

Parameter properties

Type:	IMicrosoftGraphUnifiedRoleDefinition[]
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-InputObject

Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.

Parameter properties

Type:	IIdentityGovernanceIdentity
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	True
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentity

Position:	Named
Mandatory:	True
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

-IsBuiltIn

Flag indicating whether the role definition is part of the default set included in Microsoft Entra or a custom definition. Read-only. Supports $filter (eq, in).

Parameter properties

Type:	SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-IsEnabled

Flag indicating whether the role is enabled for assignment. If false the role is not available for assignment. Read-only when isBuiltIn is true.

Parameter properties

Type:	SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ResourceScopes

List of the scopes or permissions the role definition applies to. Currently only / is supported. Read-only when isBuiltIn is true. DO NOT USE. This will be deprecated soon. Attach scope to role assignment.

Parameter properties

Type:	String[]
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ResponseHeadersVariable

Optional Response Headers Variable.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	RHV

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-RolePermissions

List of permissions included in the role. Read-only when isBuiltIn is true. Required. To construct, see NOTES section for ROLEPERMISSIONS properties and create a hash table.

Parameter properties

Type:	IMicrosoftGraphUnifiedRolePermission[]
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-TemplateId

Custom template identifier that can be set when isBuiltIn is false but is read-only when isBuiltIn is true. This identifier is typically used if one needs an identifier to be the same across different directories.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-UnifiedRoleDefinitionId

The unique identifier of unifiedRoleDefinition

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

Update

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-UnifiedRoleDefinitionId1

The unique identifier of unifiedRoleDefinition

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

Update

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Version

Indicates version of the role definition. Read-only when isBuiltIn is true.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	wi

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

Microsoft.Graph.PowerShell.Models.IIdentityGovernanceIdentity

Microsoft.Graph.PowerShell.Models.IMicrosoftGraphUnifiedRoleDefinition

System.Collections.IDictionary

Outputs

Microsoft.Graph.PowerShell.Models.IMicrosoftGraphUnifiedRoleDefinition

Notes

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

BODYPARAMETER <IMicrosoftGraphUnifiedRoleDefinition>: unifiedRoleDefinition

• [(Any) <Object>]: This indicates any property can be added to this object.
• [Id <String>]: The unique identifier for an entity. Read-only.
• [Description <String>]: The description for the unifiedRoleDefinition. Read-only when isBuiltIn is true.
• [DisplayName <String>]: The display name for the unifiedRoleDefinition. Read-only when isBuiltIn is true. Required. Supports $filter (eq, in).
• [InheritsPermissionsFrom <IMicrosoftGraphUnifiedRoleDefinition- []>]: Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles (isBuiltIn is true) support this attribute. Supports $expand.
• [IsBuiltIn <Boolean?>]: Flag indicating whether the role definition is part of the default set included in Microsoft Entra or a custom definition. Read-only. Supports $filter (eq, in).
• [IsEnabled <Boolean?>]: Flag indicating whether the role is enabled for assignment. If false the role is not available for assignment. Read-only when isBuiltIn is true.
• [ResourceScopes <String- []>]: List of the scopes or permissions the role definition applies to. Currently only / is supported. Read-only when isBuiltIn is true. DO NOT USE. This will be deprecated soon. Attach scope to role assignment.
• [RolePermissions <IMicrosoftGraphUnifiedRolePermission- []>]: List of permissions included in the role. Read-only when isBuiltIn is true. Required.
  • [AllowedResourceActions <String- []>]: Set of tasks that can be performed on a resource. Required.
  • [Condition <String>]: Optional constraints that must be met for the permission to be effective. Not supported for custom roles.
  • [ExcludedResourceActions <String- []>]: Set of tasks that may not be performed on a resource. Not yet supported.
• [TemplateId <String>]: Custom template identifier that can be set when isBuiltIn is false but is read-only when isBuiltIn is true. This identifier is typically used if one needs an identifier to be the same across different directories.
• [Version <String>]: Indicates version of the role definition. Read-only when isBuiltIn is true.

INHERITSPERMISSIONSFROM <IMicrosoftGraphUnifiedRoleDefinition- []>: Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles (isBuiltIn is true) support this attribute. Supports $expand.

• [Id <String>]: The unique identifier for an entity. Read-only.
• [Description <String>]: The description for the unifiedRoleDefinition. Read-only when isBuiltIn is true.
• [DisplayName <String>]: The display name for the unifiedRoleDefinition. Read-only when isBuiltIn is true. Required. Supports $filter (eq, in).
• [InheritsPermissionsFrom <IMicrosoftGraphUnifiedRoleDefinition- []>]: Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles (isBuiltIn is true) support this attribute. Supports $expand.
• [IsBuiltIn <Boolean?>]: Flag indicating whether the role definition is part of the default set included in Microsoft Entra or a custom definition. Read-only. Supports $filter (eq, in).
• [IsEnabled <Boolean?>]: Flag indicating whether the role is enabled for assignment. If false the role is not available for assignment. Read-only when isBuiltIn is true.
• [ResourceScopes <String- []>]: List of the scopes or permissions the role definition applies to. Currently only / is supported. Read-only when isBuiltIn is true. DO NOT USE. This will be deprecated soon. Attach scope to role assignment.
• [RolePermissions <IMicrosoftGraphUnifiedRolePermission- []>]: List of permissions included in the role. Read-only when isBuiltIn is true. Required.
  • [AllowedResourceActions <String- []>]: Set of tasks that can be performed on a resource. Required.
  • [Condition <String>]: Optional constraints that must be met for the permission to be effective. Not supported for custom roles.
  • [ExcludedResourceActions <String- []>]: Set of tasks that may not be performed on a resource. Not yet supported.
• [TemplateId <String>]: Custom template identifier that can be set when isBuiltIn is false but is read-only when isBuiltIn is true. This identifier is typically used if one needs an identifier to be the same across different directories.
• [Version <String>]: Indicates version of the role definition. Read-only when isBuiltIn is true.

INPUTOBJECT <IIdentityGovernanceIdentity>: Identity Parameter

• [AccessPackageAssignmentId <String>]: The unique identifier of accessPackageAssignment
• [AccessPackageAssignmentPolicyId <String>]: The unique identifier of accessPackageAssignmentPolicy
• [AccessPackageAssignmentRequestId <String>]: The unique identifier of accessPackageAssignmentRequest
• [AccessPackageCatalogId <String>]: The unique identifier of accessPackageCatalog
• [AccessPackageId <String>]: The unique identifier of accessPackage
• [AccessPackageId1 <String>]: The unique identifier of accessPackage
• [AccessPackageQuestionId <String>]: The unique identifier of accessPackageQuestion
• [AccessPackageResourceEnvironmentId <String>]: The unique identifier of accessPackageResourceEnvironment
• [AccessPackageResourceId <String>]: The unique identifier of accessPackageResource
• [AccessPackageResourceRequestId <String>]: The unique identifier of accessPackageResourceRequest
• [AccessPackageResourceRoleId <String>]: The unique identifier of accessPackageResourceRole
• [AccessPackageResourceRoleId1 <String>]: The unique identifier of accessPackageResourceRole
• [AccessPackageResourceRoleScopeId <String>]: The unique identifier of accessPackageResourceRoleScope
• [AccessPackageResourceScopeId <String>]: The unique identifier of accessPackageResourceScope
• [AccessPackageResourceScopeId1 <String>]: The unique identifier of accessPackageResourceScope
• [AccessReviewHistoryDefinitionId <String>]: The unique identifier of accessReviewHistoryDefinition
• [AccessReviewHistoryInstanceId <String>]: The unique identifier of accessReviewHistoryInstance
• [AccessReviewInstanceDecisionItemId <String>]: The unique identifier of accessReviewInstanceDecisionItem
• [AccessReviewInstanceId <String>]: The unique identifier of accessReviewInstance
• [AccessReviewReviewerId <String>]: The unique identifier of accessReviewReviewer
• [AccessReviewScheduleDefinitionId <String>]: The unique identifier of accessReviewScheduleDefinition
• [AccessReviewStageId <String>]: The unique identifier of accessReviewStage
• [AgreementAcceptanceId <String>]: The unique identifier of agreementAcceptance
• [AgreementFileLocalizationId <String>]: The unique identifier of agreementFileLocalization
• [AgreementFileVersionId <String>]: The unique identifier of agreementFileVersion
• [AgreementId <String>]: The unique identifier of agreement
• [AppConsentRequestId <String>]: The unique identifier of appConsentRequest
• [ApprovalId <String>]: The unique identifier of approval
• [ApprovalStageId <String>]: The unique identifier of approvalStage
• [ConnectedOrganizationId <String>]: The unique identifier of connectedOrganization
• [CustomCalloutExtensionId <String>]: The unique identifier of customCalloutExtension
• [CustomExtensionStageSettingId <String>]: The unique identifier of customExtensionStageSetting
• [CustomTaskExtensionId <String>]: The unique identifier of customTaskExtension
• [DirectoryObjectId <String>]: The unique identifier of directoryObject
• [EndDateTime <DateTime?>]: Usage: endDateTime={endDateTime}
• [GovernanceInsightId <String>]: The unique identifier of governanceInsight
• [IncompatibleAccessPackageId <String>]: Usage: incompatibleAccessPackageId='{incompatibleAccessPackageId}'
• [On <String>]: Usage: on='{on}'
• [PrivilegedAccessGroupAssignmentScheduleId <String>]: The unique identifier of privilegedAccessGroupAssignmentSchedule
• [PrivilegedAccessGroupAssignmentScheduleInstanceId <String>]: The unique identifier of privilegedAccessGroupAssignmentScheduleInstance
• [PrivilegedAccessGroupAssignmentScheduleRequestId <String>]: The unique identifier of privilegedAccessGroupAssignmentScheduleRequest
• [PrivilegedAccessGroupEligibilityScheduleId <String>]: The unique identifier of privilegedAccessGroupEligibilitySchedule
• [PrivilegedAccessGroupEligibilityScheduleInstanceId <String>]: The unique identifier of privilegedAccessGroupEligibilityScheduleInstance
• [PrivilegedAccessGroupEligibilityScheduleRequestId <String>]: The unique identifier of privilegedAccessGroupEligibilityScheduleRequest
• [RunId <String>]: The unique identifier of run
• [StartDateTime <DateTime?>]: Usage: startDateTime={startDateTime}
• [TaskDefinitionId <String>]: The unique identifier of taskDefinition
• [TaskId <String>]: The unique identifier of task
• [TaskProcessingResultId <String>]: The unique identifier of taskProcessingResult
• [TaskReportId <String>]: The unique identifier of taskReport
• [UnifiedRbacResourceActionId <String>]: The unique identifier of unifiedRbacResourceAction
• [UnifiedRbacResourceNamespaceId <String>]: The unique identifier of unifiedRbacResourceNamespace
• [UnifiedRoleAssignmentId <String>]: The unique identifier of unifiedRoleAssignment
• [UnifiedRoleAssignmentScheduleId <String>]: The unique identifier of unifiedRoleAssignmentSchedule
• [UnifiedRoleAssignmentScheduleInstanceId <String>]: The unique identifier of unifiedRoleAssignmentScheduleInstance
• [UnifiedRoleAssignmentScheduleRequestId <String>]: The unique identifier of unifiedRoleAssignmentScheduleRequest
• [UnifiedRoleDefinitionId <String>]: The unique identifier of unifiedRoleDefinition
• [UnifiedRoleDefinitionId1 <String>]: The unique identifier of unifiedRoleDefinition
• [UnifiedRoleEligibilityScheduleId <String>]: The unique identifier of unifiedRoleEligibilitySchedule
• [UnifiedRoleEligibilityScheduleInstanceId <String>]: The unique identifier of unifiedRoleEligibilityScheduleInstance
• [UnifiedRoleEligibilityScheduleRequestId <String>]: The unique identifier of unifiedRoleEligibilityScheduleRequest
• [UserConsentRequestId <String>]: The unique identifier of userConsentRequest
• [UserId <String>]: The unique identifier of user
• [UserProcessingResultId <String>]: The unique identifier of userProcessingResult
• [WorkflowId <String>]: The unique identifier of workflow
• [WorkflowTemplateId <String>]: The unique identifier of workflowTemplate
• [WorkflowVersionNumber <Int32?>]: The unique identifier of workflowVersion

ROLEPERMISSIONS <IMicrosoftGraphUnifiedRolePermission- []>: List of permissions included in the role. Read-only when isBuiltIn is true. Required.

• [AllowedResourceActions <String- []>]: Set of tasks that can be performed on a resource. Required.
• [Condition <String>]: Optional constraints that must be met for the permission to be effective. Not supported for custom roles.
• [ExcludedResourceActions <String- []>]: Set of tasks that may not be performed on a resource. Not yet supported.

Related Links

• https://learn.microsoft.com/powershell/module/microsoft.graph.identity.governance/update-mgrolemanagemententitlementmanagementroledefinitioninheritpermissionfrom