title | description | author | manager | ms.service | ms.subservice | ms.topic | ms.date | ms.author | ms.reviewer | ms.custom |
---|---|---|---|---|---|---|---|---|---|---|
View roles assigned to a group in Microsoft Entra ID |
Learn how the roles assigned to a group can be viewed using the Microsoft Entra admin center. Viewing groups and assigned roles are default user permissions. |
rolyon |
amycolannino |
entra-id |
role-based-access-control |
how-to |
08/08/2023 |
rolyon |
vincesm |
it-pro, has-azure-ad-ps-ref azure-ad-ref-level-one-done |
This section describes how the roles assigned to a group can be viewed using the Microsoft Entra admin center. Viewing groups and assigned roles are default user permissions.
- Microsoft Graph PowerShell module when using PowerShell
- Admin consent when using Graph explorer for Microsoft Graph API
For more information, see Prerequisites to use PowerShell or Graph Explorer.
[!INCLUDE portal updates]
-
Sign in to the Microsoft Entra admin center.
-
Browse to Identity > Groups > All groups.
-
Select a role-assignable group that you are interested in.
-
Select Assigned roles. You can now see all the Microsoft Entra roles assigned to this group.
Get-MgGroup -Filter "DisplayName eq 'Contoso_Helpdesk_Administrators'"
Get-MgRoleManagementDirectoryRoleAssignment -Filter "PrincipalId eq '<object id of group>'"
Use the Get group API to get a group.
GET https://graph.microsoft.com/v1.0/groups?$filter=displayName+eq+'Contoso_Helpdesk_Administrator'
Use the List unifiedRoleAssignments API to get the role assignment.
GET https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments?$filter=principalId eq