Microsoft Graph · Schema

microsoft.graph.roleDefinition

Azure ADCollaborationContactsDocumentsEmailGraphIdentityMicrosoftOffice 365PresentationsProductivitySpreadsheetsT1Tasks
View JSON Schema on GitHub

JSON Schema

microsoft-graph-microsoftgraphroledefinition-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "#/components/schemas/microsoft.graph.roleDefinition",
  "title": "microsoft.graph.roleDefinition",
  "allOf": [
    {
      "$ref": "#/components/schemas/microsoft.graph.entity"
    },
    {
      "title": "roleDefinition",
      "required": [
        "@odata.type"
      ],
      "type": "object",
      "properties": {
        "description": {
          "type": "string",
          "description": "Description of the Role definition.",
          "nullable": true
        },
        "displayName": {
          "type": "string",
          "description": "Display Name of the Role definition.",
          "nullable": true
        },
        "isBuiltIn": {
          "type": "boolean",
          "description": "Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition."
        },
        "rolePermissions": {
          "type": "array",
          "items": {
            "$ref": "#/components/schemas/microsoft.graph.rolePermission"
          },
          "description": "List of Role Permissions this role is allowed to perform. These must match the actionName that is defined as part of the rolePermission."
        },
        "roleAssignments": {
          "type": "array",
          "items": {
            "$ref": "#/components/schemas/microsoft.graph.roleAssignment"
          },
          "description": "List of Role assignments for this role definition.",
          "x-ms-navigationProperty": true
        },
        "@odata.type": {
          "type": "string"
        }
      },
      "description": "The Role Definition resource. The role definition is the foundation of role based access in Intune. The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource. There are two types of roles, built-in and custom. Built-in roles cannot be modified. Both built-in roles and custom roles must have assignments to be enforced. Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role.",
      "discriminator": {
        "propertyName": "@odata.type",
        "mapping": {
          "#microsoft.graph.deviceAndAppManagementRoleDefinition": "#/components/schemas/microsoft.graph.deviceAndAppManagementRoleDefinition"
        }
      }
    }
  ]
}