How to see the permission of a user A and copy the same permission for user B in Azure AD

Mohd Arif 946 Reputation points
2023-06-15T09:43:57.45+00:00

I have a user A in Azure AD portal. I have been asked to assign same permission to B and C as user A has.

How can I see the role and resource permission of user A and grant to B and C.

We are using PIM groups so user A may have ID level permission or maybe his permission is coming because of some group membership. I want to exactly copy A permission to B and C

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Azure Advisor
Azure Advisor
An Azure personalized recommendation engine that helps users follow best practices to optimize Azure deployments.
152 questions
Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes

Accepted answer
  1. Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator
    2023-06-16T08:48:28.2866667+00:00

    Hi @Mohd Arif ,

    I understand you are trying to assign the same permission from one user to another.

    To get the permissions assigned to user A, you can leverage Graph API endpoint

    GET /roleManagement/directory/transitiveRoleAssignments?$filter=principalId eq '{principalId}'

    to get the list of direct and transitive objects (If a user is assigned an Azure AD role through group membership) for a specific principal and this request will list the group's ID as the principalId otherwise principalId is user's object id**.**

    User's image

    Here roleDefinitionId are the roles assign to the user.

    Reference: https://learn.microsoft.com/en-us/graph/api/rbacapplication-list-transitiveroleassignments?view=graph-rest-beta&tabs=http

    You can check the role name using

    https://graph.microsoft.com/beta/roleManagement/directory/roleDefinitions

    and assign the same roles to another users using

    https://learn.microsoft.com/en-us/azure/active-directory/roles/manage-roles-portal#microsoft-graph-api

    https://learn.microsoft.com/en-us/azure/active-directory/roles/groups-assign-role?tabs=ms-powershell#microsoft-graph-api

    Hope this will help.

    Thanks,

    Shweta


    Please remember to "Accept Answer" if answer helped you.

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Limitless Technology 44,776 Reputation points
    2023-06-19T15:32:00.1266667+00:00

    Hello there,

    You can use the Microsoft Power Automate template to get this done.

    Click a button to copy a user's Azure AD security group permissions to another user in order to automate employee onboarding processes by replicating user permissions for team members with similar access requirements. Once the permissions have been replicated, the requester will receive a confirmation email.

    You can try it from here https://powerautomate.microsoft.com/en-US/templates/details/06dd6993013c44b58782adde083448aa/click-a-button-to-copy-azure-ad-user-permissions-to-another-user/

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer–

    0 comments No comments

  2. Mohd Arif 946 Reputation points
    2023-07-11T11:11:22.6966667+00:00

    I do not have any experience using MS Graph. Is there any way to do it using AAD console portal.azure.com??

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.