JustinGrote
commented
2 years ago Thank you for your issue!
Creation/Management is outside the scope of this module, it's only to ease and simplify the self-activation process at the moment. Creation of roles can be done just fine with the existing Az and Mg commands (though it can be obtuse).
See this example: https://docs.microsoft.com/en-us/graph/api/unifiedroleeligibilityschedulerequest-post-unifiedroleeligibilityschedulerequests?view=graph-rest-beta&tabs=powershell
Would be great to see support for creating eligible roles (Azure and AAD) for other principals (groups or users) while also managing role management policies for these principals.