How to see the permission of a user A and copy the same permission for user B in Azure AD

Mohd Arif 926 Reputation points
2023-06-15T09:43:57.45+00:00

I have a user A in Azure AD portal. I have been asked to assign same permission to B and C as user A has.

How can I see the role and resource permission of user A and grant to B and C.

We are using PIM groups so user A may have ID level permission or maybe his permission is coming because of some group membership. I want to exactly copy A permission to B and C

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,149 questions
Azure Advisor
Azure Advisor
An Azure personalized recommendation engine that helps users follow best practices to optimize Azure deployments.
50 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,740 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,358 questions
Accepted answer
  1. Shweta Mathur 29,186 Reputation points Microsoft Employee
    2023-06-16T08:48:28.2866667+00:00

    Hi @Mohd Arif ,

    I understand you are trying to assign the same permission from one user to another.

    To get the permissions assigned to user A, you can leverage Graph API endpoint

    GET /roleManagement/directory/transitiveRoleAssignments?$filter=principalId eq '{principalId}'

    to get the list of direct and transitive objects (If a user is assigned an Azure AD role through group membership) for a specific principal and this request will list the group's ID as the principalId otherwise principalId is user's object id**.**

    User's image

    Here roleDefinitionId are the roles assign to the user.

    Reference: https://video2.skills-academy.com/en-us/graph/api/rbacapplication-list-transitiveroleassignments?view=graph-rest-beta&tabs=http

    You can check the role name using

    https://graph.microsoft.com/beta/roleManagement/directory/roleDefinitions

    and assign the same roles to another users using

    https://video2.skills-academy.com/en-us/azure/active-directory/roles/manage-roles-portal#microsoft-graph-api

    https://video2.skills-academy.com/en-us/azure/active-directory/roles/groups-assign-role?tabs=ms-powershell#microsoft-graph-api

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 44,081 Reputation points
    2023-06-19T15:32:00.1266667+00:00

    Hello there,

    You can use the Microsoft Power Automate template to get this done.

    Click a button to copy a user's Azure AD security group permissions to another user in order to automate employee onboarding processes by replicating user permissions for team members with similar access requirements. Once the permissions have been replicated, the requester will receive a confirmation email.

    You can try it from here https://powerautomate.microsoft.com/en-US/templates/details/06dd6993013c44b58782adde083448aa/click-a-button-to-copy-azure-ad-user-permissions-to-another-user/

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer–

    0 comments
  2. Mohd Arif 926 Reputation points
    2023-07-11T11:11:22.6966667+00:00

    I do not have any experience using MS Graph. Is there any way to do it using AAD console portal.azure.com??

    0 comments