New-MgBetaPolicyRoleManagementPolicyAssignment

New-MgBetaPolicyRoleManagementPolicyAssignment
    [-ResponseHeadersVariable <string>]
    [-AdditionalProperties <hashtable>]
    [-Id <string>]
    [-Policy <IMicrosoftGraphUnifiedRoleManagementPolicy>]
    [-PolicyId <string>]
    [-RoleDefinitionId <string>]
    [-ScopeId <string>]
    [-ScopeType <string>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

New-MgBetaPolicyRoleManagementPolicyAssignment

    -BodyParameter <IMicrosoftGraphUnifiedRoleManagementPolicyAssignment>
    [-ResponseHeadersVariable <string>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

{{ Fill in the Description }}

{{ Fill in the Description }}

{{ Fill in the Description }}

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

BODYPARAMETER <IMicrosoftGraphUnifiedRoleManagementPolicyAssignment>: unifiedRoleManagementPolicyAssignment [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [Policy <IMicrosoftGraphUnifiedRoleManagementPolicy>]: unifiedRoleManagementPolicy [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [Description <String>]: Description for the policy. [DisplayName <String>]: Display name for the policy. [EffectiveRules <IMicrosoftGraphUnifiedRoleManagementPolicyRule[]>]: The list of effective rules like approval rules and expiration rules evaluated based on inherited referenced rules. For example, if there is a tenant-wide policy to enforce enabling an approval rule, the effective rule will be to enable approval even if the policy has a rule to disable approval. Supports $expand. [Id <String>]: The unique identifier for an entity. Read-only. [Target <IMicrosoftGraphUnifiedRoleManagementPolicyRuleTarget>]: unifiedRoleManagementPolicyRuleTarget [(Any) <Object>]: This indicates any property can be added to this object. [Caller <String>]: The type of caller that's the target of the policy rule. Allowed values are: None, Admin, EndUser. [EnforcedSettings <String[]>]: The list of role settings that are enforced and cannot be overridden by child scopes. Use All for all settings. [InheritableSettings <String[]>]: The list of role settings that can be inherited by child scopes. Use All for all settings. [Level <String>]: The role assignment type that's the target of policy rule. Allowed values are: Eligibility, Assignment. [Operations <String[]>]: The role management operations that are the target of the policy rule. Allowed values are: All, Activate, Deactivate, Assign, Update, Remove, Extend, Renew. [TargetObjects <IMicrosoftGraphDirectoryObject[]>]: [Id <String>]: The unique identifier for an entity. Read-only. [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted. [IsOrganizationDefault <Boolean?>]: This can only be set to true for a single tenant-wide policy which will apply to all scopes and roles. Set the scopeId to / and scopeType to Directory. Supports $filter (eq, ne). [LastModifiedBy <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. This property is read-only. [Id <String>]: The identifier of the identity. This property is read-only. [LastModifiedDateTime <DateTime?>]: The time when the role setting was last modified. [Rules <IMicrosoftGraphUnifiedRoleManagementPolicyRule[]>]: The collection of rules like approval rules and expiration rules. Supports $expand. [ScopeId <String>]: The identifier of the scope where the policy is created. Can be / for the tenant or a group ID. Required. [ScopeType <String>]: The type of the scope where the policy is created. One of Directory, DirectoryRole, Group. Required. [PolicyId <String>]: The id of the policy. Inherited from entity. [RoleDefinitionId <String>]: For Microsoft Entra roles policy, it's the identifier of the role definition object where the policy applies. For PIM for Groups membership and ownership, it's either member or owner. Supports $filter (eq). [ScopeId <String>]: The identifier of the scope where the policy is assigned. Can be / for the tenant or a group ID. Required. [ScopeType <String>]: The type of the scope where the policy is assigned. One of Directory, DirectoryRole, Group. Required.

POLICY <IMicrosoftGraphUnifiedRoleManagementPolicy>: unifiedRoleManagementPolicy [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [Description <String>]: Description for the policy. [DisplayName <String>]: Display name for the policy. [EffectiveRules <IMicrosoftGraphUnifiedRoleManagementPolicyRule[]>]: The list of effective rules like approval rules and expiration rules evaluated based on inherited referenced rules. For example, if there is a tenant-wide policy to enforce enabling an approval rule, the effective rule will be to enable approval even if the policy has a rule to disable approval. Supports $expand. [Id <String>]: The unique identifier for an entity. Read-only. [Target <IMicrosoftGraphUnifiedRoleManagementPolicyRuleTarget>]: unifiedRoleManagementPolicyRuleTarget [(Any) <Object>]: This indicates any property can be added to this object. [Caller <String>]: The type of caller that's the target of the policy rule. Allowed values are: None, Admin, EndUser. [EnforcedSettings <String[]>]: The list of role settings that are enforced and cannot be overridden by child scopes. Use All for all settings. [InheritableSettings <String[]>]: The list of role settings that can be inherited by child scopes. Use All for all settings. [Level <String>]: The role assignment type that's the target of policy rule. Allowed values are: Eligibility, Assignment. [Operations <String[]>]: The role management operations that are the target of the policy rule. Allowed values are: All, Activate, Deactivate, Assign, Update, Remove, Extend, Renew. [TargetObjects <IMicrosoftGraphDirectoryObject[]>]: [Id <String>]: The unique identifier for an entity. Read-only. [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted. [IsOrganizationDefault <Boolean?>]: This can only be set to true for a single tenant-wide policy which will apply to all scopes and roles. Set the scopeId to / and scopeType to Directory. Supports $filter (eq, ne). [LastModifiedBy <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. This property is read-only. [Id <String>]: The identifier of the identity. This property is read-only. [LastModifiedDateTime <DateTime?>]: The time when the role setting was last modified. [Rules <IMicrosoftGraphUnifiedRoleManagementPolicyRule[]>]: The collection of rules like approval rules and expiration rules. Supports $expand. [ScopeId <String>]: The identifier of the scope where the policy is created. Can be / for the tenant or a group ID. Required. [ScopeType <String>]: The type of the scope where the policy is created. One of Directory, DirectoryRole, Group. Required.