List Microsoft Entra role definitions

This article describes how to list the Microsoft Entra built-in and custom role definitions and their permissions using the Microsoft Entra admin center, Microsoft Graph PowerShell, or Microsoft Graph API.

A role definition is a collection of permissions that can be performed, such as read, write, and delete. It's typically referred to as a role. Microsoft Entra ID has over 100 built-in roles or you can create your own custom roles. If you ever wondered "What do these roles really do?", you can access a detailed list of permissions for each of the roles.

Prerequisites

For more information, see Prerequisites to use PowerShell or Graph Explorer.

List Microsoft Entra role definitions

  1. Sign in to the Microsoft Entra admin center.

  2. Browse to Identity > Roles & admins > Roles & admins.

    Screenshot of Roles and administrators page in Microsoft Entra admin center.

  3. Select a role name to open the role. Don't add a check mark next to the role.

    Screenshot of Roles and administrators page with mouse over role name.

  4. Select Description to see the summary and list of permissions for the role.

    The page includes links to relevant documentation to help guide you through managing roles.

    Screenshot of Roles and administrators page that shows role description.

Next steps