Skip to main content

entra pim role assignment eligibility list

Retrieves a list of eligible roles a user or group can be assigned to

Usage

m365 entra pim role assignment eligibility list [options]

Options

--userId [userId]

Id of the user for which to list eligible roles. Specify either userId, userName, groupId or groupName. If not specified, all eligible roles will be listed.

--userName [userName]

UPN of the user for which to list eligible roles. Specify either userId, userName, groupId or groupName. If not specified, all eligible roles will be listed.

--groupId [groupId]

Id of the group for which to list eligible roles. Specify either userId, userName, groupId or groupName. If not specified, all eligible roles will be listed.

--groupName [groupName]

Display name of the group for which to list eligible roles. Specify either userId, userName, groupId or groupName. If not specified, all eligible roles will be listed.

--includePrincipalDetails

An optional flag to include details of the principals that were eligible for a role.

-h, --help [help]

Output usage information. Optionally, specify which section of command's help you want to see. Allowed values are options, examples, remarks, response, full. Default is options.

--query [query]

JMESPath query string. See http://jmespath.org/ for more information and examples.

-o, --output [output]

Output type. json, text, csv, md, none. Default json.

--verbose

Runs command with verbose logging.

--debug

Runs command with debug logging.

Examples

Get a list of eligible roles for any user.

m365 entra pim role assignment eligibility list

Get a list of eligible roles for the current user.

m365 entra pim role assignment eligibility list --userId '@meID'

Get a list of eligible roles for any user with principal details.

m365 entra pim role assignment eligibility list --includePrincipalDetails

Response

Standard response

[
  {
    "id": "XrtkCdube02sKVjnlIYqQBht8lJR0U9DrhSkqDEisrI-1-e",
    "principalId": "52f26d18-d151-434f-ae14-a4a83122b2b2",
    "roleDefinitionId": "0964bb5e-9bdb-4d7b-ac29-58e794862a40",
    "directoryScopeId": "/",
    "appScopeId": null,
    "startDateTime": "2024-04-08T10:14:01.153Z",
    "endDateTime": null,
    "memberType": "Direct",
    "roleEligibilityScheduleId": "7a135e3d-5be5-403c-bdad-47ccbac434e3",
    "roleDefinitionName": "displayName": "Search Administrator"
  }  
]

includePrincipalDetails response

When we make use of the option includePrincipalDetails the response will differ.

[
  {
    "id": "XrtkCdube02sKVjnlIYqQBht8lJR0U9DrhSkqDEisrI-1-e",
    "principalId": "52f26d18-d151-434f-ae14-a4a83122b2b2",
    "roleDefinitionId": "0964bb5e-9bdb-4d7b-ac29-58e794862a40",
    "directoryScopeId": "/",
    "appScopeId": null,
    "startDateTime": "2024-04-08T10:14:01.153Z",
    "endDateTime": null,
    "memberType": "Direct",
    "roleEligibilityScheduleId": "7a135e3d-5be5-403c-bdad-47ccbac434e3",
    "roleDefinitionName": "Search Administrator",
    "principal": {
      "id": "52f26d18-d151-434f-ae14-a4a83122b2b2",
      "displayName": "Alex Wilber",
      "userPrincipalName": "AlexW@contoso.onmicrosoft.com",
      "mail": "AlexW@contoso.onmicrosoft.com",
      "businessPhones": [
        "+1 858 555 0110"
      ],
      "givenName": "Alex",
      "jobTitle": "Marketing Assistant",
      "mobilePhone": null,
      "officeLocation": "131/1104",
      "preferredLanguage": "en-US",
      "surname": "Wilber"
    }
  }
]
CTRL + M