Microsoft Entra ID roles and permissions
| Role | Permission | Description |
|---|---|---|
| Microsoft Entra ID Group Administrators Can manage all Microsoft Entra ID group-related features. |
group.graph.delete | Can delete all properties of a group (details) |
| group.graph.read | Can read all properties of a group (details) | |
| group.graph.readbasic | Can read all basic group properties (list) | |
| group.graph.write | Can read, write and delete all properties of a group (details) | |
| groupmember.graph.delete | Can remove members from a group | |
| groupmember.graph.read | Can read members from a group | |
| groupmember.graph.write | Can add members to a group | |
| organization.readbasic | Can read all basic organization properties (list) | |
| organization.graph.read | Can read all basic Graph organization properties (list) | |
| user.readbasic | Can read all basic user properties (list) | |
| user.graph.readbasic | Can read all basic Microsoft Graph user properties (list) |
Related articles
Updated: Feb 29, 2024