Skip to content

New command: m365 entra roleassignment add #6563

New issue
New issue
Open
#6778
Open
New command: m365 entra roleassignment add#6563
#6778
Assignees
MartinM85
Labels
needs designneeds peer reviewNeeds second pair of eyes to review the spec or PRnew feature
@MartinM85

Description

@MartinM85
MartinM85
opened on Jan 13, 2025

Usage

m365 entra roleassignment add [options]

Description

Assign a Entra ID role to a user and specify the scope for which the user has been granted access

Options

ption Description
--roleDefinitionId [roleDefinitionId] Id of a role to be assigned. Specify either roleDefinitionId or roleDefinitionName, but not both.
--roleDefinitionName [roleDefinitionName] Name of a role to be assigned. Specify either roleDefinitionId or roleDefinitionName, but not both.
--principal <principal> Id of a user, group or service principal or user principal name or group mail nickname to which the assignment is granted.
--administrativeUnitId [administrativeUnitId] Id of an administrative unit to which the assignment is scoped.
--administrativeUnitName [administrativeUnitName] Name of an administrative unit to which the assignment is scoped.
--applicationId [applicationId] Id of an application to which the assignment is scoped.
--applicationName [applicationName] Name of an application to which the assignment is scoped.
--servicePrincipalId [servicePrincipalId] Id of an application to which the assignment is scoped.
--servicePrincipalName [servicePrincipalName] Name of an application to which the assignment is scoped.
--groupId [groupId] Id of a group to which the assignment is scoped.
--groupName [groupName ] Name of a group to which the assignment is scoped.

Examples

Assign a role specified by name to a user specified by id and scope the assignment to the whole tenant

m365 entra roleassignment add --roleDefinitionName 'SharePoint Administrator' --principal 7a2ca997-9461-402e-9882-58088a370889

Assign a role specified by id to a role-assignable group specified by id and scope the assignment to a service principal specified by id

m365 entra roleassignment add --roleDefinitionId 777b752-f9b7-4205-a2b1-5db0d6a0ccfc --principal 6b1db886-9461-402e-9882-58088a370889 --servicePrincipal a4738dd8-fc0f-4646-87fb-47539f5c651b

Assign a role specified by name to a user specified by id and scope the assignment to an administrative unit specified by name

m365 entra roleassignment add --roleDefinitionName 'User Administrator' --principal 7a2ca997-9461-402e-9882-58088a370889 --administrativeUnitName 'Marketing'

Assign a role specified by name to a user specified by id and scope the assignment to an application specified by id

m365 entra roleassignment add --roleDefinitionName 'Application Administrator' --principal 7a2ca997-9461-402e-9882-58088a370889 --applicationId 47539fd8-fc0f-4646-87fb-a4738d5c651b

Default properties

No response

Additional Info

https://learn.microsoft.com/en-us/graph/api/rbacapplication-post-roleassignments?view=graph-rest-1.0&tabs=http

All roles support the tenant wide scope, but some roles can have assignment scoped to the administrative unit, application, service principal or group.

I will work on it

Metadata

Metadata

Assignees

Labels

needs designneeds peer reviewNeeds second pair of eyes to review the spec or PRnew feature

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions