How can we get the delta of members for custom directory roles in Azure AD / Entra Id

Question

I created a custom role in Entra ID and followed below steps:

Not I am trying to list out the directory roles using https://graph.microsoft.com/v1.0/directoryRole/delta but it does not detect it.

I thought, the custom role was not activated by default and tried activating the custom roles using

POST
https://graph.microsoft.com/v1.0/directoryRoles 
Content-type: application/json

{
  "roleTemplateId": "fe930be7-5e62-47db-91af-98c3a49a38b1"
}

but getting error saying { "error": { "code": "Request_BadRequest", "message": "Could not resolve request to a valid role template. A valid value must be specified for 'displayName' or 'roleTemplateId'.", "details": [ { "code": "PropertyRequired", "message": "Could not resolve request to a valid role template. A valid value must be specified for 'displayName' or 'roleTemplateId'.", "target": "roleTemplateId" } ], "innerError": { "date": "2023-11-24T04:18:34", "request-id": "c2ff8f89-a856-4e53-b0ec-a6d80c7437fd", "client-request-id": "c2ff8f89-a856-4e53-b0ec-a6d80c7437fd" } } }

I would highly appreciate any help. Need to detect the custom roles and delta of directory objects being assigned to custom roles.

Answer 1

I created a custom role:

Added assignments to the custom role:

To fetch the custom roles created, use the below Microsoft query:

GET https://graph.microsoft.com/v1.0/roleManagement/directory/roleDefinitions?$filter=(isBuiltIn+eq+false)

Use the id or the templateId of the custom role and fetch the directory objects assigned to custom roles:

GET https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments?$filter=roleDefinitionId eq '1eeb2565-876b-4b8b-81d5-****'