New command: `entra roledefinition list`

[MartinM85]

Usage

m365 entra roledefinition list

Description

Lists all Microsoft Entra ID role definitions

Options

Option	Description
-p, --properties [properties]	Comma-separated list of properties to retrieve.
-f, --filter [filter]	OData filter to apply when retrieving the role definitions.

Examples

Retrieve all Microsoft Entra ID role definitions

m365 entra roledefinition list

Retrieve only the names of the role definitions

m365 entra roledefinition list --properties 'displayName'

Retrieve only custom role definitions

m365 entra roledefinition list --filter 'isBuiltIn eq false'

Default properties

• id
• displayName
• isBuiltIn
• isEnabled

Additional Info

More info: https://learn.microsoft.com/en-us/graph/api/rbacapplication-list-roledefinitions?view=graph-rest-1.0&tabs=http#for-the-directory-microsoft-entra-id-provider

[milanholemans]

Hi @MartinM85 nice suggestion once again.

A few things that come to mind:

• Let's rephrase the description a bit to something like "Lists all Microsoft Entra role definitions"
• For the default properties, I would drop description because this will probably make the response too large to view on a default-sized terminal.
• Since we already have Directory.ReadWrite.All as permission scope, do we still need an additional one?

[MartinM85]

Hi @milanholemans, Directory.ReadWrite.All will definitely work. RoleManagement.Read.Directory is the least privileged permission required to run the command, but it not needed. Spec updated

[milanholemans]

Since Directory.ReadWrite.All is already included in our permission scope, I suggest we don't add the lower privileged scope.