What is the `User` role definition?

Macháček Martin 286

When I use the Graph API endpoint v1.0/roleManagement/directory/roleDefinitions, I see that the response contains the User role definition.

What's the purpose of this role? Can I assign the User role to any user?

It seems to me that this the some kind of default role for all users except the guest users, but I can't find anything in the Microsoft documentation.

1 answer

Deepanshu katara 13,285 Reputation points MVP

2025-02-06T06:15:17.43+00:00
Hello ,Welcome to MS Q&A

The User role in Microsoft Graph API is generally used to manage user-related functionalities within an application or service. It allows users to perform actions such as reading user profiles, managing user accounts, and assigning roles. Whether this role can be assigned to any user depends on the permissions and scope defined in the application. Typically, roles can be assigned based on the user's membership in a group or directly to the user, but specific permissions may be required to assign certain roles.

For more detailed information, you can refer to the following resources:

Assign Microsoft Entra roles

Manage users and groups assignment to an application (ms-graph)

Please let us know if any further questions

Kindly accept answer if it helps

Thanks
Deepanshu
Please sign in to rate this answer.
Macháček Martin 286 Reputation points

2025-02-06T07:12:49.7266667+00:00

Thank you for the insight.

If I'm a user without any role assigned to me, I can still read user profile and manage my account.

With the User role I can't assign roles. In Entra Admin center the administrator cannot assign the User role to any user.

The description of the role definition says

Default role for member users. Can read all and write a limited set of directory information.

If it's a default role for member users why it's not assigned to any user?

Deepanshu katara 13,285 Reputation points MVP

2025-02-06T07:37:35.8133333+00:00

In Microsoft Entra, the User role is considered a default role for member users, but it may not be explicitly assigned to any user. This is because member users inherently have a set of default permissions that allow them to manage their own profile, change their password, and invite B2B guests, among other capabilities. These permissions are granted by default and do not require a specific role assignment. Therefore, even though the User role exists, it doesn't need to be assigned to individual users since they automatically receive the necessary permissions associated with being a member user.

Goutam Pratti 1,565 Reputation points Microsoft Vendor

2025-02-10T08:52:53.61+00:00

Hello Macháček Martin ,

Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

What is the `User` role definition?

1 answer

Your answer