Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New command: entra roledefinition list #6464

Open
MartinM85 opened this issue Nov 4, 2024 · 3 comments · May be fixed by #6479
Open

New command: entra roledefinition list #6464

MartinM85 opened this issue Nov 4, 2024 · 3 comments · May be fixed by #6479
Assignees
@MartinM85
Labels
feature request good first issue work in progress

Comments

@MartinM85
Copy link
Contributor

MartinM85 commented Nov 4, 2024
edited
Loading

Usage

m365 entra roledefinition list

Description

Lists all Microsoft Entra ID role definitions

Options

Option Description
-p, --properties [properties] Comma-separated list of properties to retrieve.
-f, --filter [filter] OData filter to apply when retrieving the role definitions.

Examples

Retrieve all Microsoft Entra ID role definitions

m365 entra roledefinition list

Retrieve only the names of the role definitions

m365 entra roledefinition list --properties 'displayName'

Retrieve only custom role definitions

m365 entra roledefinition list --filter 'isBuiltIn eq false'

Default properties

  • id
  • displayName
  • isBuiltIn
  • isEnabled

Additional Info

More info: https://learn.microsoft.com/en-us/graph/api/rbacapplication-list-roledefinitions?view=graph-rest-1.0&tabs=http#for-the-directory-microsoft-entra-id-provider
@Adam-it Adam-it added needs peer review Needs second pair of eyes to review the spec or PR feature request labels Nov 4, 2024
@milanholemans
Copy link
Contributor

Hi @MartinM85 nice suggestion once again.

A few things that come to mind:

  • Let's rephrase the description a bit to something like "Lists all Microsoft Entra role definitions"
  • For the default properties, I would drop description because this will probably make the response too large to view on a default-sized terminal.
  • Since we already have Directory.ReadWrite.All as permission scope, do we still need an additional one?

@MartinM85
Copy link
Contributor Author

Hi @milanholemans,
Directory.ReadWrite.All will definitely work. RoleManagement.Read.Directory is the least privileged permission required to run the command, but it not needed.
Spec updated

@milanholemans
Copy link
Contributor

Since Directory.ReadWrite.All is already included in our permission scope, I suggest we don't add the lower privileged scope.

@milanholemans milanholemans added work in progress and removed needs peer review Needs second pair of eyes to review the spec or PR labels Nov 5, 2024
@MartinM85 MartinM85 linked a pull request Nov 7, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MartinM85 MartinM85

Labels
feature request good first issue work in progress
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

New command: entra roledefinition list. Closes #6464 MartinM85/cli-microsoft365
3 participants
@MartinM85 @milanholemans @Adam-it