roleDefinition resource type

Important: APIs under the / beta version in Microsoft Graph are in preview and are subject to change. Use of these APIs in production applications is not supported. Note: Using the Microsoft Graph APIs to configure Intune controls and policies still requires that the Intune service is correctly licensed by the customer.

The Role Definition resource. The role definition is the foundation of role based access in Intune. The role combines an Intune resource such as a Mobile App and associated permissions such as Create or Read for the resource. There are two types of roles, built-in and custom. Built-in roles cannot be modified. Both built-in roles and custom roles must have assignments to be enforced. Create custom roles if you want to define a role that allows any of the available resources and permissions to be combined into a single role.


Method Return Type Description
List roleDefinitions roleDefinition collection List properties and relationships of the roleDefinition objects.
Get roleDefinition roleDefinition Read properties and relationships of the roleDefinition object.
Create roleDefinition roleDefinition Create a new roleDefinition object.
Delete roleDefinition None Deletes a roleDefinition.
Update roleDefinition roleDefinition Update the properties of a roleDefinition object.
List roleAssignments roleAssignment collection List properties and relationships of the roleAssignment objects.


Property Type Description
id String Key of the entity. This is read-only and automatically generated.
displayName String Display Name of the Role definition.
description String Description of the Role definition.
permissions rolePermission collection List of Resource Permissions this role is allowed to perform. These must match the actionName that is defined as part of the resourcePermission.
isBuiltInRoleDefinition Boolean Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition.


Relationship Type Description
roleAssignments roleAssignment collection List of Role assignments for this role definition.

JSON Representation

Here is a JSON representation of the resource.

  "@odata.type": "#microsoft.graph.roleDefinition",
  "id": "String (identifier)",
  "displayName": "String",
  "description": "String",
  "permissions": [
      "@odata.type": "microsoft.graph.rolePermission",
      "actions": [
  "isBuiltInRoleDefinition": true