![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 56.00000000000001%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPN%3C/text%3E%3C/svg%3E)
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,453 questions
Hi @Pooja Nair (MINDTREE LIMITED)
Is this role assigned to all users by default, or does it depend on the application they are using? What is the purpose of this role and how does it affect the management of enterprise app roles?
It looks like you are trying to configure appRole for your enterprise application, this role is not assigned to all users, it should be assigned to the users used to access the protected API, users assigned this role will be able to access the protected web API, if a user who has not been granted this role attempts to access the protected Web API, they will be blocked and a 403 error will be returned.
I read in the documentation that “You can only add new roles after msiam_access for the patch operation”. What does this mean and how can I do it?
This means that if you are adding a new appRole to an enterprise application, then you need to copy the previously created appRole into the request body, otherwise the new appRole will overwrite the previously created appRole. This operation is often called a patch operation.
Hope this helps.
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.