entra administrativeunit roleassignment add

Assigns a Microsoft Entra role with administrative unit scope to a user

Usage

m365 entra administrativeunit roleassignment add [options]

Options

-i, --administrativeUnitId [administrativeUnitId]

The id of the administrative unit. Specify either administrativeUnitId or administrativeUnitName.

-n, --administrativeUnitName [administrativeUnitName]

The name of the administrative unit. Specify either administrativeUnitId or administrativeUnitName.

--roleDefinitionId [roleDefinitionId]

The id of the role definition that the member is in. Specify either roleDefinitionId or roleDefinitionName.

--roleDefinitionName [roleDefinitionName]

The name of the role definition that the member is in. Specify either roleDefinitionId or roleDefinitionName.

--userId [userId]

The id of the user that is a member of the scoped role. Specify either userId or userName.

--userName [userName]

The name of the user that is a member of the scoped role. Specify either userId or userName.

-h, --help [help]

Output usage information. Optionally, specify which section of command's help you want to see. Allowed values are options, examples, remarks, response, full. Default is options.

--query [query]

JMESPath query string. See http://jmespath.org/ for more information and examples.

-o, --output [output]

Output type. json, text, csv, md, none. Default json.

--verbose

Runs command with verbose logging.

--debug

Runs command with debug logging.

Remarks

info

To use this command you must be either Global Administrator or Privileged Role Administrator.

Examples

Assign a role definition specified by id to a user specified by id for an administrative unit specified by id

m365 entra administrativeunit roleassignment add --administrativeUnitId 81bb36e4-f4c6-4984-8e56-d4f8feae9e09 --roleDefinitionId 4d6ac14f-3453-41d0-bef9-a3e0c569773a --userId 5f91f951-7305-4a27-9b63-7b00906de09f

Assign a role definition specified by name to a user specified by name for an administrative unit specified by name

m365 entra administrativeunit roleassignment add --administrativeUnitName 'Marketing Division' --roleDefinitionName 'License Administrator' --userName 'john.doe@contoso.com'

Response

JSON

{
  "id": "5wuT_mJe20eRr5jDpJo4sVH5kV8FcydKm2N7AJBt4J_kNruBxvSESY5W1Pj-rp4J-2",
  "principalId": "5f91f951-7305-4a27-9b63-7b00906de09f",
  "directoryScopeId": "/administrativeUnits/81bb36e4-f4c6-4984-8e56-d4f8feae9e09",
  "roleDefinitionId": "4d6ac14f-3453-41d0-bef9-a3e0c569773a"
}

Text

directoryScopeId: /administrativeUnits/81bb36e4-f4c6-4984-8e56-d4f8feae9e09
id              : 4yeYchSc90m7G5YI8Va7uFH5kV8FcydKm2N7AJBt4J_kNruBxvSESY5W1Pj-rp4J-2
principalId     : 5f91f951-7305-4a27-9b63-7b00906de09f
roleDefinitionId: 4d6ac14f-3453-41d0-bef9-a3e0c569773a

CSV

id,principalId,directoryScopeId,roleDefinitionId
UB-K8uf2cUWBi2oS8q9rbFH5kV8FcydKm2N7AJBt4J_kNruBxvSESY5W1Pj-rp4J-2,5f91f951-7305-4a27-9b63-7b00906de09f,/administrativeUnits/81bb36e4-f4c6-4984-8e56-d4f8feae9e09,4d6ac14f-3453-41d0-bef9-a3e0c569773a

Markdown

# entra administrativeunit roleassignment add --administrativeUnitId "81bb36e4-f4c6-4984-8e56-d4f8feae9e09" --roleDefinitionId "4d6ac14f-3453-41d0-bef9-a3e0c569773a" --userId "5f91f951-7305-4a27-9b63-7b00906de09f"

Date: 11/16/2023

## T8FqTVM00EG--aPgxWl3OlH5kV8FcydKm2N7AJBt4J_kNruBxvSESY5W1Pj-rp4J-2

Property | Value
---------|-------
id | T8FqTVM00EG--aPgxWl3OlH5kV8FcydKm2N7AJBt4J\_kNruBxvSESY5W1Pj-rp4J-2
principalId | 5f91f951-7305-4a27-9b63-7b00906de09f
directoryScopeId | /administrativeUnits/81bb36e4-f4c6-4984-8e56-d4f8feae9e09
roleDefinitionId | 4d6ac14f-3453-41d0-bef9-a3e0c569773a

More information

• Roles with administrative unit scope