Share via

App Roles Manifest Limit

Fraczek, Rafal SW/WRO-DCDZA 151 Reputation points
2023-05-16T05:16:32.5666667+00:00

Hi,

do you know how the default application role "Default Access" that is assigned by default to each group we add to Ent. Application is counted? A user can be assigned to multiple groups and can have multiple assignments to the same application role (Default Access). Is each assignment to the same application role from different groups counted as 1 or as multiple occurrences that need to be taken into account with a limit of 1500 App Role assignments for a given user.

Thanks in advance

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,629 questions
Accepted answer
  1. Shweta Mathur 29,681 Reputation points Microsoft Employee
    2023-05-16T12:03:21.2833333+00:00

    Hi @Fraczek, Rafal SW/WRO-DCDZA

    Thanks for reaching out.

    As @Andy David - MVP has mentioned default access doesn't count as a role assignment. This is the default value assigned to users when the application doesn't have any role defined. 

    Once you define application Roles and assigned to users in the group, you cannot assign the "Default Access" to the application anymore. These roles are not counted and cannot be considered with a limit of 1500 App Role assignments for a given user.

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 145.6K Reputation points MVP
    2023-05-16T11:11:14.79+00:00

    I don't think default access counts as a role assignment, only the ones explicitly assigned to the user