Can't see list of users or groups when adding permissions in Access Control in the Azure portal

2025-06-05

This article provides information to an issue in which you can't see list of users or groups when adding permissions in Access Control (IAM) in the Azure portal.

Original product version: Azure
Original KB number: 4229970

Symptoms

When you try to add permissions in IAM in the Azure portal, you cannot see the list of users or groups.

Cause

This issue occurs because the account that you used to sign in to Azure portal does not have enumeration permission. This account might be a guest user who has been invited to the directory that you are trying to give access to other Azure resources. Even if this guest user is a global administrator, they still will not have enumeration permission.

Resolution

To resolve this issue, use one of the following methods:

Method 1: To allow all guest users enumeration privileges

Sign in to the Azure portal by using Global Administrator.
If applicable, switch to the directory where the guest user was added.
Go to Microsoft Entra ID.
Go to User Settings.
Change the Guest users permissions are limited setting to No, and then select Save.

Method 2: To allow only the one guest user or configure on a per user basis

Make sure that the Microsoft Graph PowerShell is installed.
Use the Connect-MgGraph command to sign in with the required scopes. For more information, see Get started with the Microsoft Graph PowerShell SDK.
Run the Update-MgUser cmdlet:
```
Update-MgUser -UserId '0ba17ca9-0000-0000-0000-a5e34bc4803b' -UserType Member
```
You can get the users Object ID by looking at the Users Profile page within the Azure portal.

Contact us for help

If you have questions or need help, create a support request, or ask Azure community support. You can also submit product feedback to Azure feedback community.

Share via