entra roledefinition add

Creates a custom Microsoft Entra ID role definition

Usage

m365 entra roledefinition add [options]

Options

-n, --displayName <displayName>: The display name for the role definition.
-a, --allowedResourceActions <allowedResourceActions>: Comma-separated list of resource actions allowed for the role.
-d, --description [description]: The description for the role definition.
-e, --enabled [enabled]: Indicates if the role is enabled for the assignment. If not specified, the role is enabled by default.
-v, --version [version]: The version of the role definition.

-h, --help [help]: Output usage information. Optionally, specify which section of command's help you want to see. Allowed values are options, examples, remarks, response, full. Default is options.
--query [query]: JMESPath query string. See http://jmespath.org/ for more information and examples.
-o, --output [output]: Output type. json, text, csv, md, none. Default json.
--verbose: Runs command with verbose logging.
--debug: Runs command with debug logging.

Examples

Create a custom Microsoft Entra ID role

m365 entra roledefinition add --displayName 'Application Remover' --description 'Allows to remove any Entra ID application' --allowedResourceActions 'microsoft.directory/applications/delete'

Create a custom Microsoft Entra ID role, but disable it for the assignment

m365 entra roledefinition add --displayName 'Application Remover' --version '1.0' --enabled false --allowedResourceActions 'microsoft.directory/applications/delete,microsoft.directory/applications/owners/update'

Response

JSON
Text
CSV
Markdown

{
  "id": "3844129d-f748-4c03-8165-4412ee9b4ceb",
  "description": null,
  "displayName": "Custom Role",
  "isBuiltIn": false,
  "isEnabled": true,
  "resourceScopes": [
    "/"
  ],
  "templateId": "3844129d-f748-4c03-8165-4412ee9b4ceb",
  "version": "1",
  "rolePermissions": [
    {
      "allowedResourceActions": [
        "microsoft.directory/groups.unified/create",
        "microsoft.directory/groups.unified/delete"
      ],
      "condition": null
    }
  ]
}

description    : null
displayName    : Custom Role
id             : 3844129d-f748-4c03-8165-4412ee9b4ceb
isBuiltIn      : false
isEnabled      : true
resourceScopes : ["/"]
rolePermissions: [{"allowedResourceActions":["microsoft.directory/groups.unified/create","microsoft.directory/groups.unified/delete"],"condition":null}]
templateId     : 3844129d-f748-4c03-8165-4412ee9b4ceb
version        : 1

id,description,displayName,isBuiltIn,isEnabled,templateId,version
3844129d-f748-4c03-8165-4412ee9b4ceb,,Custom Role,0,1,3844129d-f748-4c03-8165-4412ee9b4ceb,1

# entra roledefinition add --displayName "Custom Role" --allowedResourceActions "microsoft.directory/groups.unified/create,microsoft.directory/groups.unified/delete" --version 1

Date: 12/15/2024

## Custom Role (3844129d-f748-4c03-8165-4412ee9b4ceb)

Property | Value
---------|-------
id | 3844129d-f748-4c03-8165-4412ee9b4ceb
displayName | Custom Role
isBuiltIn | false
isEnabled | true
templateId | 3844129d-f748-4c03-8165-4412ee9b4ceb
version | 1

More information

https://learn.microsoft.com/graph/api/rbacapplication-post-roledefinitions

Usage​

Options​

Examples​

Response​

More information​

Usage

Options

Examples

Response

More information