View roles assigned to a group in Microsoft Entra ID

This section describes how the roles assigned to a group can be viewed using the Microsoft Entra admin center. Viewing groups and assigned roles are default user permissions.

Prerequisites

  • Microsoft Graph PowerShell module when using PowerShell
  • Admin consent when using Graph explorer for Microsoft Graph API

For more information, see Prerequisites to use PowerShell or Graph Explorer.

Microsoft Entra admin center

Tip

Steps in this article might vary slightly based on the portal you start from.

  1. Sign in to the Microsoft Entra admin center.

  2. Browse to Identity > Groups > All groups.

  3. Select a role-assignable group that you are interested in.

  4. Select Assigned roles. You can now see all the Microsoft Entra roles assigned to this group.

    View all roles assigned to a selected group

PowerShell

Get object ID of the group

Get-MgGroup -Filter "DisplayName eq 'Contoso_Helpdesk_Administrators'"

View role assignment to a group

Get-MgRoleManagementDirectoryRoleAssignment -Filter "PrincipalId eq '<object id of group>'" 

Microsoft Graph API

Get object ID of the group

Use the Get group API to get a group.

GET https://graph.microsoft.com/v1.0/groups?$filter=displayName+eq+'Contoso_Helpdesk_Administrator'

Get role assignments to a group

Use the List unifiedRoleAssignments API to get the role assignment.

GET https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments?$filter=principalId eq

Next steps