The Role Definition resource.
The role definition is the foundation of role based access in Intune.
The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource.
There are two types of roles, built-in and custom.
Built-in roles cannot be modified.
Both built-in roles and custom roles must have assignments to be enforced.
Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role.
To construct, see NOTES section for BODYPARAMETER properties and create a hash table.
Type of Role.
Set to True if it is built-in, or set to False if it is a custom role definition.
Parameter properties
Type:
System.Management.Automation.SwitchParameter
Default value:
False
Supports wildcards:
False
DontShow:
False
Parameter sets
CreateExpanded
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-IsBuiltInRoleDefinition
Type of Role.
Set to True if it is built-in, or set to False if it is a custom role definition.
Parameter properties
Type:
System.Management.Automation.SwitchParameter
Default value:
False
Supports wildcards:
False
DontShow:
False
Parameter sets
CreateExpanded
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Permissions
List of Role Permissions this role is allowed to perform.
These must match the actionName that is defined as part of the rolePermission.
To construct, see NOTES section for PERMISSIONS properties and create a hash table.
List of Role Permissions this role is allowed to perform.
These must match the actionName that is defined as part of the rolePermission.
To construct, see NOTES section for ROLEPERMISSIONS properties and create a hash table.
Runs the command in a mode that only reports what would happen without performing the actions.
Parameter properties
Type:
System.Management.Automation.SwitchParameter
Supports wildcards:
False
DontShow:
False
Aliases:
wi
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters.
To create the parameters described below, construct a hash table containing the appropriate properties.
For information on hash tables, run Get-Help about_Hash_Tables.
BODYPARAMETER <IMicrosoftGraphRoleDefinition>: The Role Definition resource.
The role definition is the foundation of role based access in Intune.
The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource.
There are two types of roles, built-in and custom.
Built-in roles cannot be modified.
Both built-in roles and custom roles must have assignments to be enforced.
Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role.
[(Any) <Object>]: This indicates any property can be added to this object.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Description <String>]: Description of the Role definition.
[DisplayName <String>]: Display Name of the Role definition.
[IsBuiltIn <Boolean?>]: Type of Role.
Set to True if it is built-in, or set to False if it is a custom role definition.
[IsBuiltInRoleDefinition <Boolean?>]: Type of Role.
Set to True if it is built-in, or set to False if it is a custom role definition.
[Permissions <IMicrosoftGraphRolePermission[]>]: List of Role Permissions this role is allowed to perform.
These must match the actionName that is defined as part of the rolePermission.
[Actions <String[]>]: Allowed Actions - Deprecated
[ResourceActions <IMicrosoftGraphResourceAction[]>]: Resource Actions each containing a set of allowed and not allowed permissions.
[AllowedResourceActions <String[]>]: Allowed Actions
[NotAllowedResourceActions <String[]>]: Not Allowed Actions.
[RoleAssignments <IMicrosoftGraphRoleAssignment[]>]: List of Role assignments for this role definition.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Description <String>]: Description of the Role Assignment.
[DisplayName <String>]: The display or friendly name of the role Assignment.
[ResourceScopes <String[]>]: List of ids of role scope member security groups.
These are IDs from Azure Active Directory.
[RoleDefinition <IMicrosoftGraphRoleDefinition>]: The Role Definition resource.
The role definition is the foundation of role based access in Intune.
The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource.
There are two types of roles, built-in and custom.
Built-in roles cannot be modified.
Both built-in roles and custom roles must have assignments to be enforced.
Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role.
[ScopeMembers <String[]>]: List of ids of role scope member security groups.
These are IDs from Azure Active Directory.
[ScopeType <RoleAssignmentScopeType?>]: Specifies the type of scope for a Role Assignment.
[RolePermissions <IMicrosoftGraphRolePermission[]>]: List of Role Permissions this role is allowed to perform.
These must match the actionName that is defined as part of the rolePermission.
[RoleScopeTagIds <String[]>]: List of Scope Tags for this Entity instance.
PERMISSIONS <IMicrosoftGraphRolePermission[]>: List of Role Permissions this role is allowed to perform.
These must match the actionName that is defined as part of the rolePermission.
[Actions <String[]>]: Allowed Actions - Deprecated
[ResourceActions <IMicrosoftGraphResourceAction[]>]: Resource Actions each containing a set of allowed and not allowed permissions.
[AllowedResourceActions <String[]>]: Allowed Actions
[NotAllowedResourceActions <String[]>]: Not Allowed Actions.
ROLEASSIGNMENTS <IMicrosoftGraphRoleAssignment[]>: List of Role assignments for this role definition.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Description <String>]: Description of the Role Assignment.
[DisplayName <String>]: The display or friendly name of the role Assignment.
[ResourceScopes <String[]>]: List of ids of role scope member security groups.
These are IDs from Azure Active Directory.
[RoleDefinition <IMicrosoftGraphRoleDefinition>]: The Role Definition resource.
The role definition is the foundation of role based access in Intune.
The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource.
There are two types of roles, built-in and custom.
Built-in roles cannot be modified.
Both built-in roles and custom roles must have assignments to be enforced.
Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role.
[(Any) <Object>]: This indicates any property can be added to this object.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Description <String>]: Description of the Role definition.
[DisplayName <String>]: Display Name of the Role definition.
[IsBuiltIn <Boolean?>]: Type of Role.
Set to True if it is built-in, or set to False if it is a custom role definition.
[IsBuiltInRoleDefinition <Boolean?>]: Type of Role.
Set to True if it is built-in, or set to False if it is a custom role definition.
[Permissions <IMicrosoftGraphRolePermission[]>]: List of Role Permissions this role is allowed to perform.
These must match the actionName that is defined as part of the rolePermission.
[Actions <String[]>]: Allowed Actions - Deprecated
[ResourceActions <IMicrosoftGraphResourceAction[]>]: Resource Actions each containing a set of allowed and not allowed permissions.
[AllowedResourceActions <String[]>]: Allowed Actions
[NotAllowedResourceActions <String[]>]: Not Allowed Actions.
[RoleAssignments <IMicrosoftGraphRoleAssignment[]>]: List of Role assignments for this role definition.
[RolePermissions <IMicrosoftGraphRolePermission[]>]: List of Role Permissions this role is allowed to perform.
These must match the actionName that is defined as part of the rolePermission.
[RoleScopeTagIds <String[]>]: List of Scope Tags for this Entity instance.
[ScopeMembers <String[]>]: List of ids of role scope member security groups.
These are IDs from Azure Active Directory.
[ScopeType <RoleAssignmentScopeType?>]: Specifies the type of scope for a Role Assignment.
ROLEPERMISSIONS <IMicrosoftGraphRolePermission[]>: List of Role Permissions this role is allowed to perform.
These must match the actionName that is defined as part of the rolePermission.
[Actions <String[]>]: Allowed Actions - Deprecated
[ResourceActions <IMicrosoftGraphResourceAction[]>]: Resource Actions each containing a set of allowed and not allowed permissions.
[AllowedResourceActions <String[]>]: Allowed Actions
[NotAllowedResourceActions <String[]>]: Not Allowed Actions.