Microsoft Entra ID · Identity Governance

Attribute Assignment Reader

Read custom security attribute keys and values for supported Microsoft Entra objects.

Scope: Read-only access to custom security attribute definitions and assignments

Permissions

Read attribute sets
Read custom security attribute definitions
Read attribute values on users
Read attribute values on service principals
Read attribute values on devices

Common use cases

Attribute value verification
Reporting on attribute assignments
Application attribute lookup
Compliance reporting
Access decision support

Best practices

Use for read-only scenarios
Combine with other reader roles as needed
Document access requirements

Security considerations

Read-only role
Attribute values may be sensitive
Consider scope of visibility needed

Official Microsoft Learn documentation →

Open the interactive RBACMap →