Search code examples
azuremicrosoft-graph-apiazure-ad-graph-api

Reading Azure directory roles (built in roles) via Graph API

Is there any way to see which Azure directory roles (built-in roles) a user is assigned to?

I need the information we get when we find the user and go to "Assigned Roles". I've tried to find some commands in the Azure documentation however without success.

Thanks in advance

Solution

  • First, we have graph API to list all the built-in roles. So that we could know it's a directory object as well.

    GET https://graph.microsoft.com/v1.0/directoryRoles

    So we could search in the user methods and find that we have relationship MemberOf to give us the diretory objects the user belongs to.

    enter image description here

    Using API like below could give us the properties.

    Get https://graph.microsoft.com/v1.0/users/user_id?$expand=memberOf($select=displayName,id)

    enter image description here

    It proved that memberof is what we need to get, and we just need to add a filter to get all the directory roles. So here's the API I found.

    https://graph.microsoft.com/v1.0/Users/user_id/memberOf/$/microsoft.graph.directoryRole

    enter image description here