Page contents
Supported attributes
| Attribute | Description | Backed up | Restorable |
| id | The unique identifier for the role. Read-only. | Yes | No |
| description | Role description. Read-only when isBuiltIn is true. | Yes | No |
| isBuiltIn | Flag indicating if the role is part of the default set included with the product or custom. | Yes | No |
| isEnabled | Flag indicating if the role is enabled for assignment. | Yes | No |
| isPrivileged | Flag indicating if the role is privileged. Read-only. | Yes | No |
| rolePermissions | List of permissions included in the role. | Yes | Yes |
| templateId | Custom template identifier that can be set when isBuiltIn is false. | Yes | Yes |
| version | Indicates version of the role. | Yes | Yes |
| displayName | The display name for role. Read-only. | Yes | Yes |
| visibility | Controls whether the role is hidden or public. | No | No |
| inheritsPermissionsFrom | Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles (isBuiltIn is true) support this attribute. | No | No |
| resourceScopes | List of the scopes or permissions the role definition applies to. Read-only when isBuiltIn is true. | No | No |
Supported relationships
Role assignments
Note:
- Directory roles (also called built-in Entra ID roles) are read-only and cannot be deleted from Entra ID. The attributes of these roles cannot be restored, but their assigned relationships can.
- Custom roles can be modified and can be deleted from Entra ID. The attributes of these roles, as well as their assigned relationships, can be restored.
- Read about the limitations of Entra ID object recovery in Article 1554.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article