DSCResources/MSFT_AADRoleDefinition/settings.json

{
    "resourceName": "AADRoleDefinition",
    "description": "This resource configures an Azure Active Directory role definition. To configure custom roles you require an Azure AD Premium P1 license. The account used to configure role definitions based on this resource needs either to be a \u0027Global Administrator\u0027 or a \u0027Privileged role administrator\u0027.",
    "roles": {
        "read": [],
        "update": [
            "Privileged Role Administrator"
        ]
    },
    "permissions": {
        "graph": {
            "delegated": {
                "read": [
                    {
                        "name": "RoleManagement.Read.Directory"
                    }
                ],
                "update": [
                    {
                        "name": "RoleManagement.ReadWrite.Directory"
                    }
                ]
            },
            "application": {
                "read": [
                    {
                        "name": "RoleManagement.Read.Directory"
                    }
                ],
                "update": [
                    {
                        "name": "RoleManagement.ReadWrite.Directory"
                    }
                ]
            }
        }
    }
}