roleDefinition resource type
Namespace: microsoft.graph
Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
The Role Definition resource. The role definition is the foundation of role based access in Intune. The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource. There are two types of roles, built-in and custom. Built-in roles cannot be modified. Both built-in roles and custom roles must have assignments to be enforced. Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role.
Methods
| Method | Return Type | Description |
|---|---|---|
| List roleDefinitions | roleDefinition collection | List properties and relationships of the roleDefinition objects. |
| Get roleDefinition | roleDefinition | Read properties and relationships of the roleDefinition object. |
| Create roleDefinition | roleDefinition | Create a new roleDefinition object. |
| Delete roleDefinition | None | Deletes a roleDefinition. |
| Update roleDefinition | roleDefinition | Update the properties of a roleDefinition object. |
Properties
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This is read-only and automatically generated. |
| displayName | String | Display Name of the Role definition. |
| description | String | Description of the Role definition. |
| permissions | rolePermission collection | List of Role Permissions this role is allowed to perform. These must match the actionName that is defined as part of the rolePermission. |
| rolePermissions | rolePermission collection | List of Role Permissions this role is allowed to perform. These must match the actionName that is defined as part of the rolePermission. |
| isBuiltInRoleDefinition | Boolean | Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition. |
| isBuiltIn | Boolean | Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition. |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. |
Relationships
| Relationship | Type | Description |
|---|---|---|
| roleAssignments | roleAssignment collection | List of Role assignments for this role definition. |
JSON Representation
Here is a JSON representation of the resource.
{
"@odata.type": "#microsoft.graph.roleDefinition",
"id": "String (identifier)",
"displayName": "String",
"description": "String",
"permissions": [
{
"@odata.type": "microsoft.graph.rolePermission",
"actions": [
"String"
],
"resourceActions": [
{
"@odata.type": "microsoft.graph.resourceAction",
"allowedResourceActions": [
"String"
],
"notAllowedResourceActions": [
"String"
]
}
]
}
],
"rolePermissions": [
{
"@odata.type": "microsoft.graph.rolePermission",
"actions": [
"String"
],
"resourceActions": [
{
"@odata.type": "microsoft.graph.resourceAction",
"allowedResourceActions": [
"String"
],
"notAllowedResourceActions": [
"String"
]
}
]
}
],
"isBuiltInRoleDefinition": true,
"isBuiltIn": true,
"roleScopeTagIds": [
"String"
]
}