Read-only collection of role definitions that the given role definition inherits from.
Only Microsoft Entra built-in roles (isBuiltIn is true) support this attribute.
Supports $expand.
To construct, see NOTES section for INHERITSPERMISSIONSFROM properties and create a hash table.
Flag indicating whether the role definition is part of the default set included in Microsoft Entra or a custom definition.
Read-only.
Supports $filter (eq, in).
Parameter properties
Type:
System.Management.Automation.SwitchParameter
Default value:
False
Supports wildcards:
False
DontShow:
False
Parameter sets
CreateViaIdentityExpanded
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
CreateExpanded
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-IsEnabled
Flag indicating whether the role is enabled for assignment.
If false the role is not available for assignment.
Read-only when isBuiltIn is true.
Parameter properties
Type:
System.Management.Automation.SwitchParameter
Default value:
False
Supports wildcards:
False
DontShow:
False
Parameter sets
CreateViaIdentityExpanded
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
CreateExpanded
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Proxy
The URI for the proxy server to use
Parameter properties
Type:
System.Uri
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-ProxyCredential
Credentials for a proxy server to use for the remote call
Parameter properties
Type:
System.Management.Automation.PSCredential
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-ProxyUseDefaultCredentials
Use the default credentials for the proxy
Parameter properties
Type:
System.Management.Automation.SwitchParameter
Default value:
False
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-ResourceScopes
List of the scopes or permissions the role definition applies to.
Currently only / is supported.
Read-only when isBuiltIn is true.
DO NOT USE.
This will be deprecated soon.
Attach scope to role assignment.
Parameter properties
Type:
System.String[]
Supports wildcards:
False
DontShow:
False
Parameter sets
CreateViaIdentityExpanded
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
CreateExpanded
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-ResponseHeadersVariable
Optional Response Headers Variable.
Parameter properties
Type:
System.String
Supports wildcards:
False
DontShow:
False
Aliases:
RHV
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-RolePermissions
List of permissions included in the role.
Read-only when isBuiltIn is true.
Required.
To construct, see NOTES section for ROLEPERMISSIONS properties and create a hash table.
Custom template identifier that can be set when isBuiltIn is false but is read-only when isBuiltIn is true.
This identifier is typically used if one needs an identifier to be the same across different directories.
Parameter properties
Type:
System.String
Supports wildcards:
False
DontShow:
False
Parameter sets
CreateViaIdentityExpanded
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
CreateExpanded
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-UnifiedRoleDefinitionId
The unique identifier of unifiedRoleDefinition
Parameter properties
Type:
System.String
Supports wildcards:
False
DontShow:
False
Parameter sets
CreateExpanded
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
Create
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Version
Indicates version of the role definition.
Read-only when isBuiltIn is true.
Parameter properties
Type:
System.String
Supports wildcards:
False
DontShow:
False
Parameter sets
CreateViaIdentityExpanded
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
CreateExpanded
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-WhatIf
Runs the command in a mode that only reports what would happen without performing the actions.
Parameter properties
Type:
System.Management.Automation.SwitchParameter
Supports wildcards:
False
DontShow:
False
Aliases:
wi
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters.
To create the parameters described below, construct a hash table containing the appropriate properties.
For information on hash tables, run Get-Help about_Hash_Tables.
BODYPARAMETER <IMicrosoftGraphUnifiedRoleDefinition>: unifiedRoleDefinition
[(Any) <Object>]: This indicates any property can be added to this object.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Description <String>]: The description for the unifiedRoleDefinition.
Read-only when isBuiltIn is true.
[DisplayName <String>]: The display name for the unifiedRoleDefinition.
Read-only when isBuiltIn is true.
Required.
Supports $filter (eq, in).
[InheritsPermissionsFrom <IMicrosoftGraphUnifiedRoleDefinition[]>]: Read-only collection of role definitions that the given role definition inherits from.
Only Microsoft Entra built-in roles (isBuiltIn is true) support this attribute.
Supports $expand.
[IsBuiltIn <Boolean?>]: Flag indicating whether the role definition is part of the default set included in Microsoft Entra or a custom definition.
Read-only.
Supports $filter (eq, in).
[IsEnabled <Boolean?>]: Flag indicating whether the role is enabled for assignment.
If false the role is not available for assignment.
Read-only when isBuiltIn is true.
[ResourceScopes <String[]>]: List of the scopes or permissions the role definition applies to.
Currently only / is supported.
Read-only when isBuiltIn is true.
DO NOT USE.
This will be deprecated soon.
Attach scope to role assignment.
[RolePermissions <IMicrosoftGraphUnifiedRolePermission[]>]: List of permissions included in the role.
Read-only when isBuiltIn is true.
Required.
[AllowedResourceActions <String[]>]: Set of tasks that can be performed on a resource.
Required.
[Condition <String>]: Optional constraints that must be met for the permission to be effective.
Not supported for custom roles.
[ExcludedResourceActions <String[]>]: Set of tasks that may not be performed on a resource.
Not yet supported.
[TemplateId <String>]: Custom template identifier that can be set when isBuiltIn is false but is read-only when isBuiltIn is true.
This identifier is typically used if one needs an identifier to be the same across different directories.
[Version <String>]: Indicates version of the role definition.
Read-only when isBuiltIn is true.
INHERITSPERMISSIONSFROM <IMicrosoftGraphUnifiedRoleDefinition[]>: Read-only collection of role definitions that the given role definition inherits from.
Only Microsoft Entra built-in roles (isBuiltIn is true) support this attribute.
Supports $expand.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Description <String>]: The description for the unifiedRoleDefinition.
Read-only when isBuiltIn is true.
[DisplayName <String>]: The display name for the unifiedRoleDefinition.
Read-only when isBuiltIn is true.
Required.
Supports $filter (eq, in).
[InheritsPermissionsFrom <IMicrosoftGraphUnifiedRoleDefinition[]>]: Read-only collection of role definitions that the given role definition inherits from.
Only Microsoft Entra built-in roles (isBuiltIn is true) support this attribute.
Supports $expand.
[IsBuiltIn <Boolean?>]: Flag indicating whether the role definition is part of the default set included in Microsoft Entra or a custom definition.
Read-only.
Supports $filter (eq, in).
[IsEnabled <Boolean?>]: Flag indicating whether the role is enabled for assignment.
If false the role is not available for assignment.
Read-only when isBuiltIn is true.
[ResourceScopes <String[]>]: List of the scopes or permissions the role definition applies to.
Currently only / is supported.
Read-only when isBuiltIn is true.
DO NOT USE.
This will be deprecated soon.
Attach scope to role assignment.
[RolePermissions <IMicrosoftGraphUnifiedRolePermission[]>]: List of permissions included in the role.
Read-only when isBuiltIn is true.
Required.
[AllowedResourceActions <String[]>]: Set of tasks that can be performed on a resource.
Required.
[Condition <String>]: Optional constraints that must be met for the permission to be effective.
Not supported for custom roles.
[ExcludedResourceActions <String[]>]: Set of tasks that may not be performed on a resource.
Not yet supported.
[TemplateId <String>]: Custom template identifier that can be set when isBuiltIn is false but is read-only when isBuiltIn is true.
This identifier is typically used if one needs an identifier to be the same across different directories.
[Version <String>]: Indicates version of the role definition.
Read-only when isBuiltIn is true.
INPUTOBJECT <IIdentityGovernanceIdentity>: Identity Parameter
[AccessPackageAssignmentId <String>]: The unique identifier of accessPackageAssignment
[AccessPackageAssignmentPolicyId <String>]: The unique identifier of accessPackageAssignmentPolicy
[AccessPackageAssignmentRequestId <String>]: The unique identifier of accessPackageAssignmentRequest
[AccessPackageCatalogId <String>]: The unique identifier of accessPackageCatalog
[AccessPackageId <String>]: The unique identifier of accessPackage
[AccessPackageId1 <String>]: The unique identifier of accessPackage
[AccessPackageQuestionId <String>]: The unique identifier of accessPackageQuestion
[AccessPackageResourceEnvironmentId <String>]: The unique identifier of accessPackageResourceEnvironment
[AccessPackageResourceId <String>]: The unique identifier of accessPackageResource
[AccessPackageResourceRequestId <String>]: The unique identifier of accessPackageResourceRequest
[AccessPackageResourceRoleId <String>]: The unique identifier of accessPackageResourceRole
[AccessPackageResourceRoleId1 <String>]: The unique identifier of accessPackageResourceRole
[AccessPackageResourceRoleScopeId <String>]: The unique identifier of accessPackageResourceRoleScope
[AccessPackageResourceScopeId <String>]: The unique identifier of accessPackageResourceScope
[AccessPackageResourceScopeId1 <String>]: The unique identifier of accessPackageResourceScope
[AccessReviewHistoryDefinitionId <String>]: The unique identifier of accessReviewHistoryDefinition
[AccessReviewHistoryInstanceId <String>]: The unique identifier of accessReviewHistoryInstance
[AccessReviewInstanceDecisionItemId <String>]: The unique identifier of accessReviewInstanceDecisionItem
[AccessReviewInstanceId <String>]: The unique identifier of accessReviewInstance
[AccessReviewReviewerId <String>]: The unique identifier of accessReviewReviewer
[AccessReviewScheduleDefinitionId <String>]: The unique identifier of accessReviewScheduleDefinition
[AccessReviewStageId <String>]: The unique identifier of accessReviewStage
[AgreementAcceptanceId <String>]: The unique identifier of agreementAcceptance
[AgreementFileLocalizationId <String>]: The unique identifier of agreementFileLocalization
[AgreementFileVersionId <String>]: The unique identifier of agreementFileVersion
[AgreementId <String>]: The unique identifier of agreement
[AppConsentRequestId <String>]: The unique identifier of appConsentRequest
[ApprovalId <String>]: The unique identifier of approval
[ApprovalStageId <String>]: The unique identifier of approvalStage
[ConnectedOrganizationId <String>]: The unique identifier of connectedOrganization
[CustomCalloutExtensionId <String>]: The unique identifier of customCalloutExtension
[CustomExtensionStageSettingId <String>]: The unique identifier of customExtensionStageSetting
[CustomTaskExtensionId <String>]: The unique identifier of customTaskExtension
[DirectoryObjectId <String>]: The unique identifier of directoryObject
[EndDateTime <DateTime?>]: Usage: endDateTime={endDateTime}
[GovernanceInsightId <String>]: The unique identifier of governanceInsight
[IncompatibleAccessPackageId <String>]: Usage: incompatibleAccessPackageId='{incompatibleAccessPackageId}'
[On <String>]: Usage: on='{on}'
[PrivilegedAccessGroupAssignmentScheduleId <String>]: The unique identifier of privilegedAccessGroupAssignmentSchedule
[PrivilegedAccessGroupAssignmentScheduleInstanceId <String>]: The unique identifier of privilegedAccessGroupAssignmentScheduleInstance
[PrivilegedAccessGroupAssignmentScheduleRequestId <String>]: The unique identifier of privilegedAccessGroupAssignmentScheduleRequest
[PrivilegedAccessGroupEligibilityScheduleId <String>]: The unique identifier of privilegedAccessGroupEligibilitySchedule
[PrivilegedAccessGroupEligibilityScheduleInstanceId <String>]: The unique identifier of privilegedAccessGroupEligibilityScheduleInstance
[PrivilegedAccessGroupEligibilityScheduleRequestId <String>]: The unique identifier of privilegedAccessGroupEligibilityScheduleRequest
[RunId <String>]: The unique identifier of run
[StartDateTime <DateTime?>]: Usage: startDateTime={startDateTime}
[TaskDefinitionId <String>]: The unique identifier of taskDefinition
[TaskId <String>]: The unique identifier of task
[TaskProcessingResultId <String>]: The unique identifier of taskProcessingResult
[TaskReportId <String>]: The unique identifier of taskReport
[UnifiedRbacResourceActionId <String>]: The unique identifier of unifiedRbacResourceAction
[UnifiedRbacResourceNamespaceId <String>]: The unique identifier of unifiedRbacResourceNamespace
[UnifiedRoleAssignmentId <String>]: The unique identifier of unifiedRoleAssignment
[UnifiedRoleAssignmentScheduleId <String>]: The unique identifier of unifiedRoleAssignmentSchedule
[UnifiedRoleAssignmentScheduleInstanceId <String>]: The unique identifier of unifiedRoleAssignmentScheduleInstance
[UnifiedRoleAssignmentScheduleRequestId <String>]: The unique identifier of unifiedRoleAssignmentScheduleRequest
[UnifiedRoleDefinitionId <String>]: The unique identifier of unifiedRoleDefinition
[UnifiedRoleDefinitionId1 <String>]: The unique identifier of unifiedRoleDefinition
[UnifiedRoleEligibilityScheduleId <String>]: The unique identifier of unifiedRoleEligibilitySchedule
[UnifiedRoleEligibilityScheduleInstanceId <String>]: The unique identifier of unifiedRoleEligibilityScheduleInstance
[UnifiedRoleEligibilityScheduleRequestId <String>]: The unique identifier of unifiedRoleEligibilityScheduleRequest
[UserConsentRequestId <String>]: The unique identifier of userConsentRequest
[UserId <String>]: The unique identifier of user
[UserProcessingResultId <String>]: The unique identifier of userProcessingResult
[WorkflowId <String>]: The unique identifier of workflow
[WorkflowTemplateId <String>]: The unique identifier of workflowTemplate
[WorkflowVersionNumber <Int32?>]: The unique identifier of workflowVersion
ROLEPERMISSIONS <IMicrosoftGraphUnifiedRolePermission[]>: List of permissions included in the role.
Read-only when isBuiltIn is true.
Required.
[AllowedResourceActions <String[]>]: Set of tasks that can be performed on a resource.
Required.
[Condition <String>]: Optional constraints that must be met for the permission to be effective.
Not supported for custom roles.
[ExcludedResourceActions <String[]>]: Set of tasks that may not be performed on a resource.
Not yet supported.