external help file | Module Name | online version | schema |
---|---|---|---|
Microsoft.Graph.Beta.Identity.Governance-help.xml |
Microsoft.Graph.Beta.Identity.Governance |
2.0.0 |
Create new navigation property to inheritsPermissionsFrom for roleManagement
New-MgBetaRoleManagementEnterpriseAppRoleDefinitionInheritPermissionFrom -RbacApplicationId <String>
-UnifiedRoleDefinitionId <String> [-ResponseHeadersVariable <String>] [-AdditionalProperties <Hashtable>]
[-AllowedPrincipalTypes <String>] [-Description <String>] [-DisplayName <String>] [-Id <String>]
[-InheritsPermissionsFrom <IMicrosoftGraphUnifiedRoleDefinition[]>] [-IsBuiltIn] [-IsEnabled] [-IsPrivileged]
[-ResourceScopes <String[]>] [-RolePermissions <IMicrosoftGraphUnifiedRolePermission[]>]
[-TemplateId <String>] [-Version <String>] [-Headers <IDictionary>] [-ProgressAction <ActionPreference>]
[-WhatIf] [-Confirm] [<CommonParameters>]
New-MgBetaRoleManagementEnterpriseAppRoleDefinitionInheritPermissionFrom -RbacApplicationId <String>
-UnifiedRoleDefinitionId <String> -BodyParameter <IMicrosoftGraphUnifiedRoleDefinition>
[-ResponseHeadersVariable <String>] [-Headers <IDictionary>] [-ProgressAction <ActionPreference>] [-WhatIf]
[-Confirm] [<CommonParameters>]
New-MgBetaRoleManagementEnterpriseAppRoleDefinitionInheritPermissionFrom
-InputObject <IIdentityGovernanceIdentity> [-ResponseHeadersVariable <String>]
[-AdditionalProperties <Hashtable>] [-AllowedPrincipalTypes <String>] [-Description <String>]
[-DisplayName <String>] [-Id <String>] [-InheritsPermissionsFrom <IMicrosoftGraphUnifiedRoleDefinition[]>]
[-IsBuiltIn] [-IsEnabled] [-IsPrivileged] [-ResourceScopes <String[]>]
[-RolePermissions <IMicrosoftGraphUnifiedRolePermission[]>] [-TemplateId <String>] [-Version <String>]
[-Headers <IDictionary>] [-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
New-MgBetaRoleManagementEnterpriseAppRoleDefinitionInheritPermissionFrom
-InputObject <IIdentityGovernanceIdentity> -BodyParameter <IMicrosoftGraphUnifiedRoleDefinition>
[-ResponseHeadersVariable <String>] [-Headers <IDictionary>] [-ProgressAction <ActionPreference>] [-WhatIf]
[-Confirm] [<CommonParameters>]
Create new navigation property to inheritsPermissionsFrom for roleManagement
Additional Parameters
Type: Hashtable
Parameter Sets: CreateExpanded, CreateViaIdentityExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
allowedRolePrincipalTypes
Type: String
Parameter Sets: CreateExpanded, CreateViaIdentityExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
unifiedRoleDefinition To construct, see NOTES section for BODYPARAMETER properties and create a hash table.
Type: IMicrosoftGraphUnifiedRoleDefinition
Parameter Sets: Create, CreateViaIdentity
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False
The description for the unifiedRoleDefinition. Read-only when isBuiltIn is true.
Type: String
Parameter Sets: CreateExpanded, CreateViaIdentityExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The display name for the unifiedRoleDefinition. Read-only when isBuiltIn is true. Required. Supports $filter (eq and startsWith).
Type: String
Parameter Sets: CreateExpanded, CreateViaIdentityExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Optional headers that will be added to the request.
Type: IDictionary
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False
The unique identifier for an entity. Read-only.
Type: String
Parameter Sets: CreateExpanded, CreateViaIdentityExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles support this attribute. To construct, see NOTES section for INHERITSPERMISSIONSFROM properties and create a hash table.
Type: IMicrosoftGraphUnifiedRoleDefinition[]
Parameter Sets: CreateExpanded, CreateViaIdentityExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
Type: IIdentityGovernanceIdentity
Parameter Sets: CreateViaIdentityExpanded, CreateViaIdentity
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False
Flag indicating if the unifiedRoleDefinition is part of the default set included with the product or custom. Read-only. Supports $filter (eq).
Type: SwitchParameter
Parameter Sets: CreateExpanded, CreateViaIdentityExpanded
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
Flag indicating if the role is enabled for assignment. If false the role is not available for assignment. Read-only when isBuiltIn is true.
Type: SwitchParameter
Parameter Sets: CreateExpanded, CreateViaIdentityExpanded
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
Flag indicating if the role is privileged. Microsoft Entra ID defines a role as privileged if it contains at least one sensitive resource action in the rolePermissions and allowedResourceActions objects. Applies only for actions in the microsoft.directory resource namespace. Read-only. Supports $filter (eq).
Type: SwitchParameter
Parameter Sets: CreateExpanded, CreateViaIdentityExpanded
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
{{ Fill ProgressAction Description }}
Type: ActionPreference
Parameter Sets: (All)
Aliases: proga
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The unique identifier of rbacApplication
Type: String
Parameter Sets: CreateExpanded, Create
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
List of scopes permissions granted by the role definition apply to. Currently only / is supported. Read-only when isBuiltIn is true. DO NOT USE. This will be deprecated soon. Attach scope to role assignment.
Type: String[]
Parameter Sets: CreateExpanded, CreateViaIdentityExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Optional Response Headers Variable.
Type: String
Parameter Sets: (All)
Aliases: RHV
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
List of permissions included in the role. Read-only when isBuiltIn is true. Required. To construct, see NOTES section for ROLEPERMISSIONS properties and create a hash table.
Type: IMicrosoftGraphUnifiedRolePermission[]
Parameter Sets: CreateExpanded, CreateViaIdentityExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Custom template identifier that can be set when isBuiltIn is false. This identifier is typically used if one needs an identifier to be the same across different directories. Read-only when isBuiltIn is true.
Type: String
Parameter Sets: CreateExpanded, CreateViaIdentityExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The unique identifier of unifiedRoleDefinition
Type: String
Parameter Sets: CreateExpanded, Create
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Indicates the version of the unifiedRoleDefinition object. Read-only when isBuiltIn is true.
Type: String
Parameter Sets: CreateExpanded, CreateViaIdentityExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Prompts you for confirmation before running the cmdlet.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
BODYPARAMETER <IMicrosoftGraphUnifiedRoleDefinition>
: unifiedRoleDefinition
[(Any) <Object>]
: This indicates any property can be added to this object.[Id <String>]
: The unique identifier for an entity. Read-only.[AllowedPrincipalTypes <String>]
: allowedRolePrincipalTypes[Description <String>]
: The description for the unifiedRoleDefinition. Read-only when isBuiltIn is true.[DisplayName <String>]
: The display name for the unifiedRoleDefinition. Read-only when isBuiltIn is true. Required. Supports $filter (eq and startsWith).[InheritsPermissionsFrom <IMicrosoftGraphUnifiedRoleDefinition-
[]>]
: Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles support this attribute.[IsBuiltIn <Boolean?>]
: Flag indicating if the unifiedRoleDefinition is part of the default set included with the product or custom. Read-only. Supports $filter (eq).[IsEnabled <Boolean?>]
: Flag indicating if the role is enabled for assignment. If false the role is not available for assignment. Read-only when isBuiltIn is true.[IsPrivileged <Boolean?>]
: Flag indicating if the role is privileged. Microsoft Entra ID defines a role as privileged if it contains at least one sensitive resource action in the rolePermissions and allowedResourceActions objects. Applies only for actions in the microsoft.directory resource namespace. Read-only. Supports $filter (eq).[ResourceScopes <String-
[]>]
: List of scopes permissions granted by the role definition apply to. Currently only / is supported. Read-only when isBuiltIn is true. DO NOT USE. This will be deprecated soon. Attach scope to role assignment.[RolePermissions <IMicrosoftGraphUnifiedRolePermission-
[]>]
: List of permissions included in the role. Read-only when isBuiltIn is true. Required.[AllowedResourceActions <String-
[]>]
: Set of tasks that can be performed on a resource.[Condition <String>]
: Optional constraints that must be met for the permission to be effective. Not supported for custom roles.[ExcludedResourceActions <String-
[]>]
:
[TemplateId <String>]
: Custom template identifier that can be set when isBuiltIn is false. This identifier is typically used if one needs an identifier to be the same across different directories. Read-only when isBuiltIn is true.[Version <String>]
: Indicates the version of the unifiedRoleDefinition object. Read-only when isBuiltIn is true.
INHERITSPERMISSIONSFROM <IMicrosoftGraphUnifiedRoleDefinition- []
>: Read-only collection of role definitions that the given role definition inherits from.
Only Microsoft Entra built-in roles support this attribute.
[Id <String>]
: The unique identifier for an entity. Read-only.[AllowedPrincipalTypes <String>]
: allowedRolePrincipalTypes[Description <String>]
: The description for the unifiedRoleDefinition. Read-only when isBuiltIn is true.[DisplayName <String>]
: The display name for the unifiedRoleDefinition. Read-only when isBuiltIn is true. Required. Supports $filter (eq and startsWith).[InheritsPermissionsFrom <IMicrosoftGraphUnifiedRoleDefinition-
[]>]
: Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles support this attribute.[IsBuiltIn <Boolean?>]
: Flag indicating if the unifiedRoleDefinition is part of the default set included with the product or custom. Read-only. Supports $filter (eq).[IsEnabled <Boolean?>]
: Flag indicating if the role is enabled for assignment. If false the role is not available for assignment. Read-only when isBuiltIn is true.[IsPrivileged <Boolean?>]
: Flag indicating if the role is privileged. Microsoft Entra ID defines a role as privileged if it contains at least one sensitive resource action in the rolePermissions and allowedResourceActions objects. Applies only for actions in the microsoft.directory resource namespace. Read-only. Supports $filter (eq).[ResourceScopes <String-
[]>]
: List of scopes permissions granted by the role definition apply to. Currently only / is supported. Read-only when isBuiltIn is true. DO NOT USE. This will be deprecated soon. Attach scope to role assignment.[RolePermissions <IMicrosoftGraphUnifiedRolePermission-
[]>]
: List of permissions included in the role. Read-only when isBuiltIn is true. Required.[AllowedResourceActions <String-
[]>]
: Set of tasks that can be performed on a resource.[Condition <String>]
: Optional constraints that must be met for the permission to be effective. Not supported for custom roles.[ExcludedResourceActions <String-
[]>]
:
[TemplateId <String>]
: Custom template identifier that can be set when isBuiltIn is false. This identifier is typically used if one needs an identifier to be the same across different directories. Read-only when isBuiltIn is true.[Version <String>]
: Indicates the version of the unifiedRoleDefinition object. Read-only when isBuiltIn is true.
INPUTOBJECT <IIdentityGovernanceIdentity>
: Identity Parameter
[AccessPackageAssignmentId <String>]
: The unique identifier of accessPackageAssignment[AccessPackageAssignmentPolicyId <String>]
: The unique identifier of accessPackageAssignmentPolicy[AccessPackageAssignmentRequestId <String>]
: The unique identifier of accessPackageAssignmentRequest[AccessPackageAssignmentResourceRoleId <String>]
: The unique identifier of accessPackageAssignmentResourceRole[AccessPackageCatalogId <String>]
: The unique identifier of accessPackageCatalog[AccessPackageId <String>]
: The unique identifier of accessPackage[AccessPackageId1 <String>]
: The unique identifier of accessPackage[AccessPackageResourceEnvironmentId <String>]
: The unique identifier of accessPackageResourceEnvironment[AccessPackageResourceId <String>]
: The unique identifier of accessPackageResource[AccessPackageResourceRequestId <String>]
: The unique identifier of accessPackageResourceRequest[AccessPackageResourceRoleId <String>]
: The unique identifier of accessPackageResourceRole[AccessPackageResourceRoleScopeId <String>]
: The unique identifier of accessPackageResourceRoleScope[AccessPackageResourceScopeId <String>]
: The unique identifier of accessPackageResourceScope[AccessPackageSubjectId <String>]
: The unique identifier of accessPackageSubject[AccessReviewDecisionId <String>]
: The unique identifier of accessReviewDecision[AccessReviewHistoryDefinitionId <String>]
: The unique identifier of accessReviewHistoryDefinition[AccessReviewHistoryInstanceId <String>]
: The unique identifier of accessReviewHistoryInstance[AccessReviewId <String>]
: The unique identifier of accessReview[AccessReviewId1 <String>]
: The unique identifier of accessReview[AccessReviewInstanceDecisionItemId <String>]
: The unique identifier of accessReviewInstanceDecisionItem[AccessReviewInstanceDecisionItemId1 <String>]
: The unique identifier of accessReviewInstanceDecisionItem[AccessReviewInstanceId <String>]
: The unique identifier of accessReviewInstance[AccessReviewReviewerId <String>]
: The unique identifier of accessReviewReviewer[AccessReviewScheduleDefinitionId <String>]
: The unique identifier of accessReviewScheduleDefinition[AccessReviewStageId <String>]
: The unique identifier of accessReviewStage[AgreementAcceptanceId <String>]
: The unique identifier of agreementAcceptance[AgreementFileLocalizationId <String>]
: The unique identifier of agreementFileLocalization[AgreementFileVersionId <String>]
: The unique identifier of agreementFileVersion[AgreementId <String>]
: The unique identifier of agreement[AppConsentRequestId <String>]
: The unique identifier of appConsentRequest[ApprovalId <String>]
: The unique identifier of approval[ApprovalStepId <String>]
: The unique identifier of approvalStep[BusinessFlowTemplateId <String>]
: The unique identifier of businessFlowTemplate[ConnectedOrganizationId <String>]
: The unique identifier of connectedOrganization[CustomAccessPackageWorkflowExtensionId <String>]
: The unique identifier of customAccessPackageWorkflowExtension[CustomCalloutExtensionId <String>]
: The unique identifier of customCalloutExtension[CustomExtensionHandlerId <String>]
: The unique identifier of customExtensionHandler[CustomExtensionStageSettingId <String>]
: The unique identifier of customExtensionStageSetting[CustomTaskExtensionId <String>]
: The unique identifier of customTaskExtension[DirectoryObjectId <String>]
: The unique identifier of directoryObject[EndDateTime <DateTime?>]
: Usage: endDateTime={endDateTime}[FindingId <String>]
: The unique identifier of finding[GovernanceInsightId <String>]
: The unique identifier of governanceInsight[GovernanceResourceId <String>]
: The unique identifier of governanceResource[GovernanceRoleAssignmentId <String>]
: The unique identifier of governanceRoleAssignment[GovernanceRoleAssignmentRequestId <String>]
: The unique identifier of governanceRoleAssignmentRequest[GovernanceRoleDefinitionId <String>]
: The unique identifier of governanceRoleDefinition[GovernanceRoleSettingId <String>]
: The unique identifier of governanceRoleSetting[IncompatibleAccessPackageId <String>]
: Usage: incompatibleAccessPackageId='{incompatibleAccessPackageId}'[LongRunningOperationId <String>]
: The unique identifier of longRunningOperation[ObjectId <String>]
: Alternate key of accessPackageSubject[On <String>]
: Usage: on='{on}'[PermissionsCreepIndexDistributionId <String>]
: The unique identifier of permissionsCreepIndexDistribution[PermissionsRequestChangeId <String>]
: The unique identifier of permissionsRequestChange[PrivilegedAccessGroupAssignmentScheduleId <String>]
: The unique identifier of privilegedAccessGroupAssignmentSchedule[PrivilegedAccessGroupAssignmentScheduleInstanceId <String>]
: The unique identifier of privilegedAccessGroupAssignmentScheduleInstance[PrivilegedAccessGroupAssignmentScheduleRequestId <String>]
: The unique identifier of privilegedAccessGroupAssignmentScheduleRequest[PrivilegedAccessGroupEligibilityScheduleId <String>]
: The unique identifier of privilegedAccessGroupEligibilitySchedule[PrivilegedAccessGroupEligibilityScheduleInstanceId <String>]
: The unique identifier of privilegedAccessGroupEligibilityScheduleInstance[PrivilegedAccessGroupEligibilityScheduleRequestId <String>]
: The unique identifier of privilegedAccessGroupEligibilityScheduleRequest[PrivilegedAccessId <String>]
: The unique identifier of privilegedAccess[PrivilegedApprovalId <String>]
: The unique identifier of privilegedApproval[PrivilegedOperationEventId <String>]
: The unique identifier of privilegedOperationEvent[PrivilegedRoleAssignmentId <String>]
: The unique identifier of privilegedRoleAssignment[PrivilegedRoleAssignmentId1 <String>]
: The unique identifier of privilegedRoleAssignment[PrivilegedRoleAssignmentRequestId <String>]
: The unique identifier of privilegedRoleAssignmentRequest[PrivilegedRoleId <String>]
: The unique identifier of privilegedRole[ProgramControlId <String>]
: The unique identifier of programControl[ProgramControlId1 <String>]
: The unique identifier of programControl[ProgramControlTypeId <String>]
: The unique identifier of programControlType[ProgramId <String>]
: The unique identifier of program[RbacApplicationId <String>]
: The unique identifier of rbacApplication[RunId <String>]
: The unique identifier of run[StartDateTime <DateTime?>]
: Usage: startDateTime={startDateTime}[TaskDefinitionId <String>]
: The unique identifier of taskDefinition[TaskId <String>]
: The unique identifier of task[TaskProcessingResultId <String>]
: The unique identifier of taskProcessingResult[TaskReportId <String>]
: The unique identifier of taskReport[UnifiedRbacResourceActionId <String>]
: The unique identifier of unifiedRbacResourceAction[UnifiedRbacResourceNamespaceId <String>]
: The unique identifier of unifiedRbacResourceNamespace[UnifiedRoleAssignmentId <String>]
: The unique identifier of unifiedRoleAssignment[UnifiedRoleAssignmentScheduleId <String>]
: The unique identifier of unifiedRoleAssignmentSchedule[UnifiedRoleAssignmentScheduleInstanceId <String>]
: The unique identifier of unifiedRoleAssignmentScheduleInstance[UnifiedRoleAssignmentScheduleRequestId <String>]
: The unique identifier of unifiedRoleAssignmentScheduleRequest[UnifiedRoleDefinitionId <String>]
: The unique identifier of unifiedRoleDefinition[UnifiedRoleDefinitionId1 <String>]
: The unique identifier of unifiedRoleDefinition[UnifiedRoleEligibilityScheduleId <String>]
: The unique identifier of unifiedRoleEligibilitySchedule[UnifiedRoleEligibilityScheduleInstanceId <String>]
: The unique identifier of unifiedRoleEligibilityScheduleInstance[UnifiedRoleEligibilityScheduleRequestId <String>]
: The unique identifier of unifiedRoleEligibilityScheduleRequest[UnifiedRoleManagementAlertConfigurationId <String>]
: The unique identifier of unifiedRoleManagementAlertConfiguration[UnifiedRoleManagementAlertDefinitionId <String>]
: The unique identifier of unifiedRoleManagementAlertDefinition[UnifiedRoleManagementAlertId <String>]
: The unique identifier of unifiedRoleManagementAlert[UnifiedRoleManagementAlertIncidentId <String>]
: The unique identifier of unifiedRoleManagementAlertIncident[UniqueName <String>]
: Alternate key of accessPackageCatalog[UserConsentRequestId <String>]
: The unique identifier of userConsentRequest[UserId <String>]
: The unique identifier of user[UserProcessingResultId <String>]
: The unique identifier of userProcessingResult[WorkflowId <String>]
: The unique identifier of workflow[WorkflowTemplateId <String>]
: The unique identifier of workflowTemplate[WorkflowVersionNumber <Int32?>]
: The unique identifier of workflowVersion
ROLEPERMISSIONS <IMicrosoftGraphUnifiedRolePermission- []
>: List of permissions included in the role.
Read-only when isBuiltIn is true.
Required.
[AllowedResourceActions <String-
[]>]
: Set of tasks that can be performed on a resource.[Condition <String>]
: Optional constraints that must be met for the permission to be effective. Not supported for custom roles.[ExcludedResourceActions <String-
[]>]
: