Skip to main content

entra pim role assignment list

Retrieves a list of Entra role assignments for a user or group.

Usage

m365 entra pim role assignment list [options]

Options

--userId [userId]

Id of the user to list role assignments for. Specify either userId, userName, groupId or groupName. If not specified, all assigned roles will be listed.

--userName [userName]

UPN of the user to list role assignments for. Specify either userId, userName, groupId or groupName. If not specified, all assigned roles will be listed.

--groupId [groupId]

Id of the group to list role assignments for. Specify either userId, userName, groupId or groupName. If not specified, all assigned roles will be listed.

--groupName [groupName]

Display name of the group to list role assignments for. Specify either userId, userName, groupId or groupName. If not specified, all assigned roles will be listed.

-s, --startDateTime [startDateTime]

An optional ISO 8601 formatted date filter to search from.

--includePrincipalDetails

An optional flag to include details of the principals that were assigned a role

-h, --help [help]

Output usage information. Optionally, specify which section of command's help you want to see. Allowed values are options, examples, remarks, response, full. Default is options.

--query [query]

JMESPath query string. See http://jmespath.org/ for more information and examples.

-o, --output [output]

Output type. json, text, csv, md, none. Default json.

--verbose

Runs command with verbose logging.

--debug

Runs command with debug logging.

Examples

Get a list of Entra role assignments.

m365 entra pim role assignment list

Get a list of Entra role assignments for the current user.

m365 entra pim role assignment list --userId '@meID'

Get a list of Entra role assignments since the first of January 2024

m365 entra pim role assignment list --startDateTime 2024-01-01T00:00:00Z

Get a list of Entra role assignments with principal details.

m365 entra pim role assignment list --includePrincipalDetails

Response

Standard response

[
  {
    "id": "5wuT_mJe20eRr5jDpJo4sS_FsGECqWlHmgnGYoM1sApj5okazO8RSY336VRxQAXe-2",
    "principalId": "61b0c52f-a902-4769-9a09-c6628335b00a",
    "roleDefinitionId": "fe930be7-5e62-47db-91af-98c3a49a38b1",
    "directoryScopeId": "/administrativeUnits/1a89e663-efcc-4911-8df7-e954714005de",
    "appScopeId": null,
    "startDateTime": "2023-11-15T12:24:32.773Z",
    "endDateTime": null,
    "assignmentType": "Assigned",
    "memberType": "Direct",
    "roleAssignmentOriginId": "5wuT_mJe20eRr5jDpJo4sS_FsGECqWlHmgnGYoM1sApj5okazO8RSY336VRxQAXe-2",
    "roleAssignmentScheduleId": "36bd668f-3a40-455f-a40a-64074fde4a18",
    "roleDefinition": {
      "displayName": "User Administrator"
    }
  }
]

includePrincipalDetails response

When we make use of the option includePrincipalDetails the response will differ.

[
  {
    "id": "5wuT_mJe20eRr5jDpJo4sS_FsGECqWlHmgnGYoM1sApj5okazO8RSY336VRxQAXe-2",
    "principalId": "61b0c52f-a902-4769-9a09-c6628335b00a",
    "roleDefinitionId": "fe930be7-5e62-47db-91af-98c3a49a38b1",
    "directoryScopeId": "/administrativeUnits/1a89e663-efcc-4911-8df7-e954714005de",
    "appScopeId": null,
    "startDateTime": "2023-11-15T12:24:32.773Z",
    "endDateTime": null,
    "assignmentType": "Assigned",
    "memberType": "Direct",
    "roleAssignmentOriginId": "5wuT_mJe20eRr5jDpJo4sS_FsGECqWlHmgnGYoM1sApj5okazO8RSY336VRxQAXe-2",
    "roleAssignmentScheduleId": "36bd668f-3a40-455f-a40a-64074fde4a18",
    "roleDefinition": {
      "displayName": "User Administrator"
    },
    "principal": {
      "id": "61b0c52f-a902-4769-9a09-c6628335b00a",
      "displayName": "Adele Vance",
      "userPrincipalName": "AdeleV@contoso.onmicrosoft.com",
      "mail": "AdeleV@contoso.onmicrosoft.com",
      "businessPhones": [
        "+1 425 555 0109"
      ],
      "givenName": "Adele",
      "jobTitle": "Retail Manager",
      "mobilePhone": null,
      "officeLocation": "18/2111",
      "preferredLanguage": "en-US",
      "surname": "Vance"
  }
}
]
CTRL + M