Create roleDefinitions
Artikel
07/28/2022
3 menit untuk membaca
5 kontributor
Dalam artikel ini
Namespace: microsoft.graph
Create a new custom unifiedRoleDefinition object.
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions .
Permission type
Permissions (from least to most privileged)
Delegated (work or school account)
RoleManagement.ReadWrite.Directory
Delegated (personal Microsoft account)
Not supported.
Application
RoleManagement.ReadWrite.Directory
HTTP request
POST /roleManagement/directory/roleDefinitions
Name
Description
Authorization
Bearer {token}
Content-Type
application/json. Required.
Request body
In the request body, supply a JSON representation of unifiedRoleDefinition object.
The following table shows the properties that are required when you create a roleDefinition.
Parameter
Type
Description
displayName
string
The display name for the role definition.
isEnabled
Boolean
Flag indicating if the role is enabled for assignment. If false, the role is not available for assignment.
rolePermissions
unifiedRolePermission collectionList of permissions included in the role.
Response
If successful, this method returns 201 Created response code and a new unifiedRoleDefinition object in the response body.
Example
Request
The following is an example of creating a custom role.
POST https://graph.microsoft.com/v1.0/roleManagement/directory/roleDefinitions
Content-type: application/json
{
"description": "Update basic properties of application registrations",
"displayName": "Application Registration Support Administrator",
"rolePermissions":
[
{
"allowedResourceActions":
[
"microsoft.directory/applications/basic/read"
]
}
],
"isEnabled" : true
}
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var unifiedRoleDefinition = new UnifiedRoleDefinition
{
Description = "Update basic properties of application registrations",
DisplayName = "Application Registration Support Administrator",
RolePermissions = new List<UnifiedRolePermission>()
{
new UnifiedRolePermission
{
AllowedResourceActions = new List<String>()
{
"microsoft.directory/applications/basic/read"
}
}
},
IsEnabled = true
};
await graphClient.RoleManagement.Directory.RoleDefinitions
.Request()
.AddAsync(unifiedRoleDefinition);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
const options = {
authProvider,
};
const client = Client.init(options);
const unifiedRoleDefinition = {
description: 'Update basic properties of application registrations',
displayName: 'Application Registration Support Administrator',
rolePermissions:
[
{
allowedResourceActions:
[
'microsoft.directory/applications/basic/read'
]
}
],
isEnabled: true
};
await client.api('/roleManagement/directory/roleDefinitions')
.post(unifiedRoleDefinition);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
UnifiedRoleDefinition unifiedRoleDefinition = new UnifiedRoleDefinition();
unifiedRoleDefinition.description = "Update basic properties of application registrations";
unifiedRoleDefinition.displayName = "Application Registration Support Administrator";
LinkedList<UnifiedRolePermission> rolePermissionsList = new LinkedList<UnifiedRolePermission>();
UnifiedRolePermission rolePermissions = new UnifiedRolePermission();
LinkedList<String> allowedResourceActionsList = new LinkedList<String>();
allowedResourceActionsList.add("microsoft.directory/applications/basic/read");
rolePermissions.allowedResourceActions = allowedResourceActionsList;
rolePermissionsList.add(rolePermissions);
unifiedRoleDefinition.rolePermissions = rolePermissionsList;
unifiedRoleDefinition.isEnabled = true;
graphClient.roleManagement().directory().roleDefinitions()
.buildRequest()
.post(unifiedRoleDefinition);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := graphmodels.NewUnifiedRoleDefinition()
description := "Update basic properties of application registrations"
requestBody.SetDescription(&description)
displayName := "Application Registration Support Administrator"
requestBody.SetDisplayName(&displayName)
unifiedRolePermission := graphmodels.NewUnifiedRolePermission()
additionalData := map[string]interface{}{
allowedResourceActions := []String {
"microsoft.directory/applications/basic/read",
}
}
unifiedRolePermission.SetAdditionalData(additionalData)
rolePermissions := []graphmodels.UnifiedRolePermissionable {
unifiedRolePermission,
}
requestBody.SetRolePermissions(rolePermissions)
isEnabled := true
requestBody.SetIsEnabled(&isEnabled)
result, err := graphClient.RoleManagement().Directory().RoleDefinitions().Post(requestBody)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
Import-Module Microsoft.Graph.DeviceManagement.Enrolment
$params = @{
Description = "Update basic properties of application registrations"
DisplayName = "Application Registration Support Administrator"
RolePermissions = @(
@{
AllowedResourceActions = @(
"microsoft.directory/applications/basic/read"
)
}
)
IsEnabled = $true
}
New-MgRoleManagementDirectoryRoleDefinition -BodyParameter $params
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
<?php
// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);
$requestBody = new UnifiedRoleDefinition();
$requestBody->setDescription('Update basic properties of application registrations');
$requestBody->setDisplayName('Application Registration Support Administrator');
$rolePermissionsUnifiedRolePermission1 = new UnifiedRolePermission();
$additionalData = [
'allowedResourceActions' => ['microsoft.directory/applications/basic/read', ],
];
$rolePermissionsUnifiedRolePermission1->setAdditionalData($additionalData);
$rolePermissionsArray []= $rolePermissionsUnifiedRolePermission1;
$requestBody->setRolePermissions($rolePermissionsArray);
$requestBody->setIsEnabled(true);
$requestResult = $graphServiceClient->roleManagement()->directory()->roleDefinitions()->post($requestBody);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
Response
The following is an example of the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#roleManagement/directory/roleDefinitions/$entity",
"id": "d5eec5e0-6992-4c6b-b430-0f833f1a815a",
"description": "Update basic properties of application registrations",
"displayName": "Application Registration Support Administrator",
"isBuiltIn": false,
"isEnabled": true,
"templateId": "d5eec5e0-6992-4c6b-b430-0f833f1a815a",
"version": null,
"rolePermissions": [
{
"allowedResourceActions": [
"microsoft.directory/applications/standard/read",
"microsoft.directory/applications/basic/update"
],
"condition": null
}
]
}