{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "#/components/schemas/microsoft.graph.roleDefinition", "title": "microsoft.graph.roleDefinition", "allOf": [ { "$ref": "#/components/schemas/microsoft.graph.entity" }, { "title": "roleDefinition", "required": [ "@odata.type" ], "type": "object", "properties": { "description": { "type": "string", "description": "Description of the Role definition.", "nullable": true }, "displayName": { "type": "string", "description": "Display Name of the Role definition.", "nullable": true }, "isBuiltIn": { "type": "boolean", "description": "Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition." }, "rolePermissions": { "type": "array", "items": { "$ref": "#/components/schemas/microsoft.graph.rolePermission" }, "description": "List of Role Permissions this role is allowed to perform. These must match the actionName that is defined as part of the rolePermission." }, "roleAssignments": { "type": "array", "items": { "$ref": "#/components/schemas/microsoft.graph.roleAssignment" }, "description": "List of Role assignments for this role definition.", "x-ms-navigationProperty": true }, "@odata.type": { "type": "string" } }, "description": "The Role Definition resource. The role definition is the foundation of role based access in Intune. The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource. There are two types of roles, built-in and custom. Built-in roles cannot be modified. Both built-in roles and custom roles must have assignments to be enforced. Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role.", "discriminator": { "propertyName": "@odata.type", "mapping": { "#microsoft.graph.deviceAndAppManagementRoleDefinition": "#/components/schemas/microsoft.graph.deviceAndAppManagementRoleDefinition" } } } ] }