managing role definitions (for now listing and getting single role will be enough but there is room for additional commands here 😉) is the second step before we start adding some commands which will allow to manage permissions on items (add/remove roles etc.) which is what I would like to aim as described here #3184.
getting the list of role definitions from site may be done using simple GET request
/_api/web/roledefinitions
{
"value": [
{
"BasePermissions": {
"High": "2147483647",
"Low": "4294967295"
},
"Description": "Has full control.",
"Hidden": false,
"Id": 1073741829,
"Name": "Full Control",
"Order": 1,
"RoleTypeKind": 5
},
{
"BasePermissions": {
"High": "432",
"Low": "1012866047"
},
"Description": "Can view, add, update, delete, approve, and customize.",
"Hidden": false,
"Id": 1073741828,
"Name": "Design",
"Order": 32,
"RoleTypeKind": 4
},
{
"BasePermissions": {
"High": "432",
"Low": "1011030767"
},
"Description": "Can add, edit and delete lists; can view, add, update and delete list items and documents.",
"Hidden": false,
"Id": 1073741830,
"Name": "Edit",
"Order": 48,
"RoleTypeKind": 6
},
{
"BasePermissions": {
"High": "432",
"Low": "1011028719"
},
"Description": "Can view, add, update, and delete list items and documents.",
"Hidden": false,
"Id": 1073741827,
"Name": "Contribute",
"Order": 64,
"RoleTypeKind": 3
},
{
"BasePermissions": {
"High": "176",
"Low": "138612833"
},
"Description": "Can view pages and list items and download documents.",
"Hidden": false,
"Id": 1073741826,
"Name": "Read",
"Order": 128,
"RoleTypeKind": 2
},
{
"BasePermissions": {
"High": "65584",
"Low": "134418433"
},
"Description": "Can view pages, list items, and documents. Documents can be viewed in the browser but not downloaded.",
"Hidden": true,
"Id": 1073741832,
"Name": "Restricted View",
"Order": 144,
"RoleTypeKind": 8
},
{
"BasePermissions": {
"High": "48",
"Low": "134287360"
},
"Description": "Can view specific lists, document libraries, list items, folders, or documents when given permissions.",
"Hidden": true,
"Id": 1073741825,
"Name": "Limited Access",
"Order": 160,
"RoleTypeKind": 1
},
{
"BasePermissions": {
"High": "48",
"Low": "134418465"
},
"Description": null,
"Hidden": true,
"Id": 1073741924,
"Name": "System.LimitedView",
"Order": 2147483647,
"RoleTypeKind": 255
},
{
"BasePermissions": {
"High": "48",
"Low": "134418471"
},
"Description": null,
"Hidden": true,
"Id": 1073741925,
"Name": "System.LimitedEdit",
"Order": 2147483647,
"RoleTypeKind": 255
},
{
"BasePermissions": {
"High": "0",
"Low": "198919"
},
"Description": "",
"Hidden": false,
"Id": 1073741926,
"Name": "custom",
"Order": 2147483647,
"RoleTypeKind": 0
}
]
}
Usage
m365 spo roledefinition list
Description
should retrieve list of role definitions from web
Options
-u, --webUrl <webUrl>Additional Info
managing role definitions (for now listing and getting single role will be enough but there is room for additional commands here 😉) is the second step before we start adding some commands which will allow to manage permissions on items (add/remove roles etc.) which is what I would like to aim as described here #3184.
getting the list of role definitions from site may be done using simple GET request
/_api/web/roledefinitionsSo when running this request for web with the following roles
the result is