Azure AD, user inherit roles from group

Question

Azure AD, user inherit roles from group

Jonathan Haisi 1

I'm working in a application we are using roles for feature authorization and groups of users to manage access level.
E.g.:

Roles:
ROLE_Post_Data
ROLE_Read_Data
ROLE_Delete_Data

Groups:
Reader <- ROLE_Read_Data
Writer <- ROLE_Read_Data and ROLE_Post_Data
Admin <- ROLE_Read_Data, ROLE_Post_Data and ROLE_Delete_Data

My user in on Admin group.
Looking into my code (Spring Boot) I can see only the "Admin" group on my roles list from token attributes.
Is it possible to make an user inherit the roles from a group he belongs?

Anshul Kumar (MINDTREE LIMITED) 6 Reputation points

2021-10-07T18:24:51.893+00:00

Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.

1 answer

Your answer

Anshul Kumar (MINDTREE LIMITED) 6 Reputation points

2021-10-07T18:24:51.893+00:00

Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.

Answer 1

Marilee Turscak-MSFT 37,156 Microsoft Employee

To assign roles to groups, you must create a new security or Microsoft 365 group with the isAssignableToRole property set to true. In the Azure portal, you set the Azure AD roles can be assigned to the group option to Yes.

https://learn.microsoft.com/en-us/azure/active-directory/roles/groups-concept

You can also assign app roles to a security group and the user members of the group will inherit the app roles. You need Azure AD Premium to use this feature. https://learn.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles

Eyal Ringwald 45 Reputation points

2024-06-10T19:12:41.6833333+00:00

how can i get this role with graph API , when i have the group id. ?

Share via

Azure AD, user inherit roles from group

1 answer

Your answer