0

I want to create custom directory role with specific permissions like:

microsoft.directory/users/*
microsoft.directory/groups/*
microsoft.directory/applications/*
microsoft.directory/serviceprincipals/*

If I create role from Portal, it asks me to select each and every permission manually to add. But I want to automate that from MS graph or PowerShell.

Suppose if I give microsoft.directory/users/* in the code, it should automatically select all permissions related to users.

Is this possible in any way?

TIA

Sanam7
  • 21
  • 5

1 Answers1

1

I tried to reproduce the same. Gave commands to create custom role with "microsoft.directory/users/*"

But its giving error as Property set is required for task 'any'

enter image description here

If you want all the user permissions to be given then you can assign the User Account Administrator role which has the following user permssions:

microsoft.directory/users/assignLicense
microsoft.directory/users/create
microsoft.directory/users/delete
microsoft.directory/users/disable
microsoft.directory/users/enable
microsoft.directory/users/inviteGuest
microsoft.directory/users/invalidateAllRefreshTokens
microsoft.directory/users/reprocessLicenseAssignment
microsoft.directory/users/restore
microsoft.directory/users/basic/update
microsoft.directory/users/manager/update
microsoft.directory/users/password/update
microsoft.directory/users/photo/update
microsoft.directory/users/userPrincipalName/update

enter image description here

You can assign that role to the user which includes all those permissions:

enter image description here

User assigned to required role:

enter image description here

kavyaS
  • 8,026
  • 1
  • 7
  • 19