Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
Update-MgBetaRoleManagementDirectoryRoleDefinition
Update the properties of a unifiedRoleDefinition object for an RBAC provider. You cannot update built-in roles. This feature requires a Microsoft Entra ID P1 or P2 license. The following RBAC providers are currently supported:\r- Cloud PC\r- device management (Intune)\r- directory (Microsoft Entra ID)
Note
To view the v1.0 release of this cmdlet, view Update-MgRoleManagementDirectoryRoleDefinition
Syntax
UpdateExpanded (Default)
Update-MgBetaRoleManagementDirectoryRoleDefinition
-UnifiedRoleDefinitionId <string>
[-ResponseHeadersVariable <string>]
[-AdditionalProperties <hashtable>]
[-AllowedPrincipalTypes <string>]
[-Description <string>]
[-DisplayName <string>]
[-Id <string>]
[-InheritsPermissionsFrom <IMicrosoftGraphUnifiedRoleDefinition[]>]
[-IsBuiltIn]
[-IsEnabled]
[-IsPrivileged]
[-ResourceScopes <string[]>]
[-RolePermissions <IMicrosoftGraphUnifiedRolePermission[]>]
[-TemplateId <string>]
[-Version <string>]
[-Break]
[-Headers <IDictionary>]
[-HttpPipelineAppend <SendAsyncStep[]>]
[-HttpPipelinePrepend <SendAsyncStep[]>]
[-Proxy <uri>]
[-ProxyCredential <pscredential>]
[-ProxyUseDefaultCredentials]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Update
Update-MgBetaRoleManagementDirectoryRoleDefinition
-UnifiedRoleDefinitionId <string>
-BodyParameter <IMicrosoftGraphUnifiedRoleDefinition>
[-ResponseHeadersVariable <string>]
[-Break]
[-Headers <IDictionary>]
[-HttpPipelineAppend <SendAsyncStep[]>]
[-HttpPipelinePrepend <SendAsyncStep[]>]
[-Proxy <uri>]
[-ProxyCredential <pscredential>]
[-ProxyUseDefaultCredentials]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
UpdateViaIdentityExpanded
Update-MgBetaRoleManagementDirectoryRoleDefinition
-InputObject <IIdentityGovernanceIdentity>
[-ResponseHeadersVariable <string>]
[-AdditionalProperties <hashtable>]
[-AllowedPrincipalTypes <string>]
[-Description <string>]
[-DisplayName <string>]
[-Id <string>]
[-InheritsPermissionsFrom <IMicrosoftGraphUnifiedRoleDefinition[]>]
[-IsBuiltIn]
[-IsEnabled]
[-IsPrivileged]
[-ResourceScopes <string[]>]
[-RolePermissions <IMicrosoftGraphUnifiedRolePermission[]>]
[-TemplateId <string>]
[-Version <string>]
[-Break]
[-Headers <IDictionary>]
[-HttpPipelineAppend <SendAsyncStep[]>]
[-HttpPipelinePrepend <SendAsyncStep[]>]
[-Proxy <uri>]
[-ProxyCredential <pscredential>]
[-ProxyUseDefaultCredentials]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
UpdateViaIdentity
Update-MgBetaRoleManagementDirectoryRoleDefinition
-InputObject <IIdentityGovernanceIdentity>
-BodyParameter <IMicrosoftGraphUnifiedRoleDefinition>
[-ResponseHeadersVariable <string>]
[-Break]
[-Headers <IDictionary>]
[-HttpPipelineAppend <SendAsyncStep[]>]
[-HttpPipelinePrepend <SendAsyncStep[]>]
[-Proxy <uri>]
[-ProxyCredential <pscredential>]
[-ProxyUseDefaultCredentials]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Update the properties of a unifiedRoleDefinition object for an RBAC provider. You cannot update built-in roles. This feature requires a Microsoft Entra ID P1 or P2 license. The following RBAC providers are currently supported:\r- Cloud PC\r- device management (Intune)\r- directory (Microsoft Entra ID)
Permissions
| Permission type | Permissions (from least to most privileged) |
|---|---|
| Delegated (work or school account) | RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All, |
| Delegated (personal Microsoft account) | Not supported |
| Application | RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All, |
Examples
Example 1: Code snippet
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
description = "Update basic properties of application registrations"
displayName = "Application Registration Support Administrator"
rolePermissions = @(
@{
allowedResourceActions = @(
"microsoft.directory/applications/basic/read"
)
}
)
}
Update-MgBetaRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $unifiedRoleDefinitionId -BodyParameter $params
This example shows how to use the Update-MgBetaRoleManagementDirectoryRoleDefinition Cmdlet.
Parameters
-AdditionalProperties
Additional Parameters
Parameter properties
| Type: | System.Collections.Hashtable |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-AllowedPrincipalTypes
allowedRolePrincipalTypes
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-BodyParameter
unifiedRoleDefinition To construct, see NOTES section for BODYPARAMETER properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphUnifiedRoleDefinition |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Break
Wait for .NET debugger to attach
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
-Description
The description for the unifiedRoleDefinition. Read-only when isBuiltIn is true.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-DisplayName
The display name for the unifiedRoleDefinition. Read-only when isBuiltIn is true. Required. Supports $filter (eq and startsWith).
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Headers
Optional headers that will be added to the request.
Parameter properties
| Type: | System.Collections.IDictionary |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-HttpPipelineAppend
SendAsync Pipeline Steps to be appended to the front of the pipeline
Parameter properties
| Type: | Microsoft.Graph.Beta.PowerShell.Runtime.SendAsyncStep[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-HttpPipelinePrepend
SendAsync Pipeline Steps to be prepended to the front of the pipeline
Parameter properties
| Type: | Microsoft.Graph.Beta.PowerShell.Runtime.SendAsyncStep[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Id
The unique identifier for an entity. Read-only.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-InheritsPermissionsFrom
Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles support this attribute. To construct, see NOTES section for INHERITSPERMISSIONSFROM properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphUnifiedRoleDefinition[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-InputObject
Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.Beta.PowerShell.Models.IIdentityGovernanceIdentity |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-IsBuiltIn
Flag indicating if the unifiedRoleDefinition is part of the default set included with the product or custom. Read-only. Supports $filter (eq).
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-IsEnabled
Flag indicating if the role is enabled for assignment. If false the role is not available for assignment. Read-only when isBuiltIn is true.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-IsPrivileged
Flag indicating if the role is privileged. Microsoft Entra ID defines a role as privileged if it contains at least one sensitive resource action in the rolePermissions and allowedResourceActions objects. Applies only for actions in the microsoft.directory resource namespace. Read-only. Supports $filter (eq).
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Proxy
The URI for the proxy server to use
Parameter properties
| Type: | System.Uri |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ProxyCredential
Credentials for a proxy server to use for the remote call
Parameter properties
| Type: | System.Management.Automation.PSCredential |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ProxyUseDefaultCredentials
Use the default credentials for the proxy
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ResourceScopes
List of scopes permissions granted by the role definition apply to. Currently only / is supported. Read-only when isBuiltIn is true. DO NOT USE. This will be deprecated soon. Attach scope to role assignment.
Parameter properties
| Type: | System.String[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ResponseHeadersVariable
Optional Response Headers Variable.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | RHV |
Parameter sets
-RolePermissions
List of permissions included in the role. Read-only when isBuiltIn is true. Required. To construct, see NOTES section for ROLEPERMISSIONS properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphUnifiedRolePermission[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-TemplateId
Custom template identifier that can be set when isBuiltIn is false. This identifier is typically used if one needs an identifier to be the same across different directories. Read-only when isBuiltIn is true.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-UnifiedRoleDefinitionId
The unique identifier of unifiedRoleDefinition
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Version
Indicates the version of the unifiedRoleDefinition object. Read-only when isBuiltIn is true.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-WhatIf
Runs the command in a mode that only reports what would happen without performing the actions.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
Microsoft.Graph.Beta.PowerShell.Models.IIdentityGovernanceIdentity
{{ Fill in the Description }}
Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphUnifiedRoleDefinition
{{ Fill in the Description }}
System.Collections.IDictionary
{{ Fill in the Description }}
Outputs
Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphUnifiedRoleDefinition
{{ Fill in the Description }}
Notes
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
BODYPARAMETER <IMicrosoftGraphUnifiedRoleDefinition>: unifiedRoleDefinition
[(Any) <Object>]: This indicates any property can be added to this object.
[Id <String>]: The unique identifier for an entity.
Read-only.
[AllowedPrincipalTypes <String>]: allowedRolePrincipalTypes
[Description <String>]: The description for the unifiedRoleDefinition.
Read-only when isBuiltIn is true.
[DisplayName <String>]: The display name for the unifiedRoleDefinition.
Read-only when isBuiltIn is true.
Required.
Supports $filter (eq and startsWith).
[InheritsPermissionsFrom <IMicrosoftGraphUnifiedRoleDefinition[]>]: Read-only collection of role definitions that the given role definition inherits from.
Only Microsoft Entra built-in roles support this attribute.
[IsBuiltIn <Boolean?>]: Flag indicating if the unifiedRoleDefinition is part of the default set included with the product or custom.
Read-only.
Supports $filter (eq).
[IsEnabled <Boolean?>]: Flag indicating if the role is enabled for assignment.
If false the role is not available for assignment.
Read-only when isBuiltIn is true.
[IsPrivileged <Boolean?>]: Flag indicating if the role is privileged.
Microsoft Entra ID defines a role as privileged if it contains at least one sensitive resource action in the rolePermissions and allowedResourceActions objects.
Applies only for actions in the microsoft.directory resource namespace.
Read-only.
Supports $filter (eq).
[ResourceScopes <String[]>]: List of scopes permissions granted by the role definition apply to.
Currently only / is supported.
Read-only when isBuiltIn is true.
DO NOT USE.
This will be deprecated soon.
Attach scope to role assignment.
[RolePermissions <IMicrosoftGraphUnifiedRolePermission[]>]: List of permissions included in the role.
Read-only when isBuiltIn is true.
Required.
[AllowedResourceActions <String[]>]: Set of tasks that can be performed on a resource.
[Condition <String>]: Optional constraints that must be met for the permission to be effective.
Not supported for custom roles.
[ExcludedResourceActions <String[]>]:
[TemplateId <String>]: Custom template identifier that can be set when isBuiltIn is false.
This identifier is typically used if one needs an identifier to be the same across different directories.
Read-only when isBuiltIn is true.
[Version <String>]: Indicates the version of the unifiedRoleDefinition object.
Read-only when isBuiltIn is true.
INHERITSPERMISSIONSFROM <IMicrosoftGraphUnifiedRoleDefinition[]>: Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles support this attribute. [Id <String>]: The unique identifier for an entity. Read-only. [AllowedPrincipalTypes <String>]: allowedRolePrincipalTypes [Description <String>]: The description for the unifiedRoleDefinition. Read-only when isBuiltIn is true. [DisplayName <String>]: The display name for the unifiedRoleDefinition. Read-only when isBuiltIn is true. Required. Supports $filter (eq and startsWith). [InheritsPermissionsFrom <IMicrosoftGraphUnifiedRoleDefinition[]>]: Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles support this attribute. [IsBuiltIn <Boolean?>]: Flag indicating if the unifiedRoleDefinition is part of the default set included with the product or custom. Read-only. Supports $filter (eq). [IsEnabled <Boolean?>]: Flag indicating if the role is enabled for assignment. If false the role is not available for assignment. Read-only when isBuiltIn is true. [IsPrivileged <Boolean?>]: Flag indicating if the role is privileged. Microsoft Entra ID defines a role as privileged if it contains at least one sensitive resource action in the rolePermissions and allowedResourceActions objects. Applies only for actions in the microsoft.directory resource namespace. Read-only. Supports $filter (eq). [ResourceScopes <String[]>]: List of scopes permissions granted by the role definition apply to. Currently only / is supported. Read-only when isBuiltIn is true. DO NOT USE. This will be deprecated soon. Attach scope to role assignment. [RolePermissions <IMicrosoftGraphUnifiedRolePermission[]>]: List of permissions included in the role. Read-only when isBuiltIn is true. Required. [AllowedResourceActions <String[]>]: Set of tasks that can be performed on a resource. [Condition <String>]: Optional constraints that must be met for the permission to be effective. Not supported for custom roles. [ExcludedResourceActions <String[]>]: [TemplateId <String>]: Custom template identifier that can be set when isBuiltIn is false. This identifier is typically used if one needs an identifier to be the same across different directories. Read-only when isBuiltIn is true. [Version <String>]: Indicates the version of the unifiedRoleDefinition object. Read-only when isBuiltIn is true.
INPUTOBJECT <IIdentityGovernanceIdentity>: Identity Parameter
[AccessPackageAssignmentId <String>]: The unique identifier of accessPackageAssignment
[AccessPackageAssignmentPolicyId <String>]: The unique identifier of accessPackageAssignmentPolicy
[AccessPackageAssignmentRequestId <String>]: The unique identifier of accessPackageAssignmentRequest
[AccessPackageAssignmentResourceRoleId <String>]: The unique identifier of accessPackageAssignmentResourceRole
[AccessPackageCatalogId <String>]: The unique identifier of accessPackageCatalog
[AccessPackageId <String>]: The unique identifier of accessPackage
[AccessPackageId1 <String>]: The unique identifier of accessPackage
[AccessPackageResourceEnvironmentId <String>]: The unique identifier of accessPackageResourceEnvironment
[AccessPackageResourceId <String>]: The unique identifier of accessPackageResource
[AccessPackageResourceRequestId <String>]: The unique identifier of accessPackageResourceRequest
[AccessPackageResourceRoleId <String>]: The unique identifier of accessPackageResourceRole
[AccessPackageResourceRoleId1 <String>]: The unique identifier of accessPackageResourceRole
[AccessPackageResourceRoleScopeId <String>]: The unique identifier of accessPackageResourceRoleScope
[AccessPackageResourceScopeId <String>]: The unique identifier of accessPackageResourceScope
[AccessPackageResourceScopeId1 <String>]: The unique identifier of accessPackageResourceScope
[AccessPackageSubjectId <String>]: The unique identifier of accessPackageSubject
[AccessPackageSuggestionId <String>]: The unique identifier of accessPackageSuggestion
[AccessReviewDecisionId <String>]: The unique identifier of accessReviewDecision
[AccessReviewHistoryDefinitionId <String>]: The unique identifier of accessReviewHistoryDefinition
[AccessReviewHistoryInstanceId <String>]: The unique identifier of accessReviewHistoryInstance
[AccessReviewId <String>]: The unique identifier of accessReview
[AccessReviewId1 <String>]: The unique identifier of accessReview
[AccessReviewInstanceDecisionItemId <String>]: The unique identifier of accessReviewInstanceDecisionItem
[AccessReviewInstanceDecisionItemId1 <String>]: The unique identifier of accessReviewInstanceDecisionItem
[AccessReviewInstanceId <String>]: The unique identifier of accessReviewInstance
[AccessReviewReviewerId <String>]: The unique identifier of accessReviewReviewer
[AccessReviewScheduleDefinitionId <String>]: The unique identifier of accessReviewScheduleDefinition
[AccessReviewStageId <String>]: The unique identifier of accessReviewStage
[AgreementAcceptanceId <String>]: The unique identifier of agreementAcceptance
[AgreementFileLocalizationId <String>]: The unique identifier of agreementFileLocalization
[AgreementFileVersionId <String>]: The unique identifier of agreementFileVersion
[AgreementId <String>]: The unique identifier of agreement
[AppConsentRequestId <String>]: The unique identifier of appConsentRequest
[ApprovalId <String>]: The unique identifier of approval
[ApprovalStepId <String>]: The unique identifier of approvalStep
[AvailableAccessPackageId <String>]: The unique identifier of availableAccessPackage
[BusinessFlowTemplateId <String>]: The unique identifier of businessFlowTemplate
[ConnectedOrganizationId <String>]: The unique identifier of connectedOrganization
[ControlConfigurationId <String>]: The unique identifier of controlConfiguration
[CustomAccessPackageWorkflowExtensionId <String>]: The unique identifier of customAccessPackageWorkflowExtension
[CustomCalloutExtensionId <String>]: The unique identifier of customCalloutExtension
[CustomDataProvidedResourceUploadSessionId <String>]: The unique identifier of customDataProvidedResourceUploadSession
[CustomExtensionHandlerId <String>]: The unique identifier of customExtensionHandler
[CustomExtensionStageSettingId <String>]: The unique identifier of customExtensionStageSetting
[CustomTaskExtensionId <String>]: The unique identifier of customTaskExtension
[DirectoryObjectId <String>]: The unique identifier of directoryObject
[EndDateTime <DateTime?>]: Usage: endDateTime={endDateTime}
[FindingId <String>]: The unique identifier of finding
[GovernanceInsightId <String>]: The unique identifier of governanceInsight
[GovernanceResourceId <String>]: The unique identifier of governanceResource
[GovernanceRoleAssignmentId <String>]: The unique identifier of governanceRoleAssignment
[GovernanceRoleAssignmentRequestId <String>]: The unique identifier of governanceRoleAssignmentRequest
[GovernanceRoleDefinitionId <String>]: The unique identifier of governanceRoleDefinition
[GovernanceRoleSettingId <String>]: The unique identifier of governanceRoleSetting
[GroupResourceId <String>]: The unique identifier of groupResource
[IncompatibleAccessPackageId <String>]: Usage: incompatibleAccessPackageId='{incompatibleAccessPackageId}'
[LongRunningOperationId <String>]: The unique identifier of longRunningOperation
[ObjectId <String>]: Alternate key of accessPackageSubject
[On <String>]: Usage: on='{on}'
[PermissionsCreepIndexDistributionId <String>]: The unique identifier of permissionsCreepIndexDistribution
[PermissionsRequestChangeId <String>]: The unique identifier of permissionsRequestChange
[PrivilegedAccessGroupAssignmentScheduleId <String>]: The unique identifier of privilegedAccessGroupAssignmentSchedule
[PrivilegedAccessGroupAssignmentScheduleInstanceId <String>]: The unique identifier of privilegedAccessGroupAssignmentScheduleInstance
[PrivilegedAccessGroupAssignmentScheduleRequestId <String>]: The unique identifier of privilegedAccessGroupAssignmentScheduleRequest
[PrivilegedAccessGroupEligibilityScheduleId <String>]: The unique identifier of privilegedAccessGroupEligibilitySchedule
[PrivilegedAccessGroupEligibilityScheduleInstanceId <String>]: The unique identifier of privilegedAccessGroupEligibilityScheduleInstance
[PrivilegedAccessGroupEligibilityScheduleRequestId <String>]: The unique identifier of privilegedAccessGroupEligibilityScheduleRequest
[PrivilegedAccessId <String>]: The unique identifier of privilegedAccess
[PrivilegedApprovalId <String>]: The unique identifier of privilegedApproval
[PrivilegedOperationEventId <String>]: The unique identifier of privilegedOperationEvent
[PrivilegedRoleAssignmentId <String>]: The unique identifier of privilegedRoleAssignment
[PrivilegedRoleAssignmentId1 <String>]: The unique identifier of privilegedRoleAssignment
[PrivilegedRoleAssignmentRequestId <String>]: The unique identifier of privilegedRoleAssignmentRequest
[PrivilegedRoleId <String>]: The unique identifier of privilegedRole
[ProgramControlId <String>]: The unique identifier of programControl
[ProgramControlId1 <String>]: The unique identifier of programControl
[ProgramControlTypeId <String>]: The unique identifier of programControlType
[ProgramId <String>]: The unique identifier of program
[RbacApplicationId <String>]: The unique identifier of rbacApplication
[RunId <String>]: The unique identifier of run
[RunId1 <String>]: The unique identifier of run
[StartDateTime <DateTime?>]: Usage: startDateTime={startDateTime}
[TaskDefinitionId <String>]: The unique identifier of taskDefinition
[TaskId <String>]: The unique identifier of task
[TaskProcessingResultId <String>]: The unique identifier of taskProcessingResult
[TaskReportId <String>]: The unique identifier of taskReport
[UnifiedRbacResourceActionId <String>]: The unique identifier of unifiedRbacResourceAction
[UnifiedRbacResourceNamespaceId <String>]: The unique identifier of unifiedRbacResourceNamespace
[UnifiedRoleAssignmentId <String>]: The unique identifier of unifiedRoleAssignment
[UnifiedRoleAssignmentScheduleId <String>]: The unique identifier of unifiedRoleAssignmentSchedule
[UnifiedRoleAssignmentScheduleInstanceId <String>]: The unique identifier of unifiedRoleAssignmentScheduleInstance
[UnifiedRoleAssignmentScheduleRequestId <String>]: The unique identifier of unifiedRoleAssignmentScheduleRequest
[UnifiedRoleDefinitionId <String>]: The unique identifier of unifiedRoleDefinition
[UnifiedRoleDefinitionId1 <String>]: The unique identifier of unifiedRoleDefinition
[UnifiedRoleEligibilityScheduleId <String>]: The unique identifier of unifiedRoleEligibilitySchedule
[UnifiedRoleEligibilityScheduleInstanceId <String>]: The unique identifier of unifiedRoleEligibilityScheduleInstance
[UnifiedRoleEligibilityScheduleRequestId <String>]: The unique identifier of unifiedRoleEligibilityScheduleRequest
[UnifiedRoleManagementAlertConfigurationId <String>]: The unique identifier of unifiedRoleManagementAlertConfiguration
[UnifiedRoleManagementAlertDefinitionId <String>]: The unique identifier of unifiedRoleManagementAlertDefinition
[UnifiedRoleManagementAlertId <String>]: The unique identifier of unifiedRoleManagementAlert
[UnifiedRoleManagementAlertIncidentId <String>]: The unique identifier of unifiedRoleManagementAlertIncident
[UniqueName <String>]: Alternate key of accessPackageCatalog
[UserConsentRequestId <String>]: The unique identifier of userConsentRequest
[UserId <String>]: The unique identifier of user
[UserProcessingResultId <String>]: The unique identifier of userProcessingResult
[WorkflowId <String>]: The unique identifier of workflow
[WorkflowTemplateId <String>]: The unique identifier of workflowTemplate
[WorkflowVersionNumber <Int32?>]: The unique identifier of workflowVersion
ROLEPERMISSIONS <IMicrosoftGraphUnifiedRolePermission[]>: List of permissions included in the role. Read-only when isBuiltIn is true. Required. [AllowedResourceActions <String[]>]: Set of tasks that can be performed on a resource. [Condition <String>]: Optional constraints that must be met for the permission to be effective. Not supported for custom roles. [ExcludedResourceActions <String[]>]: