With Entra ID, this translates to defining App Roles for your application and assigning users to these roles.
Note that for User Roles, there are two conditions that need to be met for Data API Builder to follow authorization rules
- The role information should be populated in the token (take care of by defining App Roles in Entra)
- The role should be specified in the
X-MS-API-ROLEheader as well