Guest Inviter 95e79109-95c0-4d8e-aee3-d01accf2d47b Microsoft Entra Id

Guest Inviter - 95e79109-95c0-4d8e-aee3-d01accf2d47b
Entra Id Role definition

{

id: "95e79109-95c0-4d8e-aee3-d01accf2d47b",
displayName: "Guest Inviter",
description: "Can invite guest users independent of the 'members can invite guests' setting.",
richDescription: "Users in this role can manage Microsoft Entra B2B guest user invitations when the "Members can invite" user setting is set to No. It does not include any other permissions.",
privileged: false,
categories: "identity",
permissionsTotal: 38,
operationActionsCount: 38,
permissionsDirect: 16,
permissionsInherited: true,
permissionsInheritedCount: 23,
permissionsDirectAndInheritedCount: 1,
permissionsDirectAndInherited: "microsoft.directory/users/inviteGuest",
permissionsInheritedFrom: [1 item
- {2 items
  - id: "10dae51f-b6af-4016-8d66-8c2a99b929b3",
  - displayName: "Guest User"
  }
],
permissionsInheritedToCount: 0,
permissionsInheritedTo: null,
permissionsConditionedCount: 0,
permissionsUnConditionedCount: 38,
permissionConditioned: [],
permissionsPrivileged: 0,
permissionsNamespacesCount: 1,
permissionsNamespaces: [1 item
- {1 item
  - microsoft.directory: 38
  }
],
permissionActionsCount: 3,
permissionActions: [3 items
- {1 item
  - limitedRead: 18
  },
- {1 item
  - other: 1
  },
- {1 item
  - read: 19
  }
],
permissionVerbsCount: 2,
permissionVerbs: [2 items
- {1 item
  - GET: 37
  },
- {1 item
  - POST: 1
  }
],
permissionsConsentPolicyAppliesCount: 0,
permissionsConsentPolicies: null,
permissions: [39 items
- {1 item
  - microsoft.directory/applications/owners/limitedRead: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "10dae51f-b6af-4016-8d66-8c2a99b929b3",
        displayName: "Guest User"
        }
        ],
      - condition: null,
      - permissionAction: "limitedRead"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the owners of a specific application, but cannot enumerate applications",
      - id: "microsoft.directory-applications-owners-limitedRead-get",
      - name: "microsoft.directory/applications/owners/limitedRead",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applications/policies/limitedRead: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "10dae51f-b6af-4016-8d66-8c2a99b929b3",
        displayName: "Guest User"
        }
        ],
      - condition: null,
      - permissionAction: "limitedRead"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read policies of a specific application, but cannot enumerate applications",
      - id: "microsoft.directory-applications-policies-limitedRead-get",
      - name: "microsoft.directory/applications/policies/limitedRead",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applications/standard/limitedRead: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "10dae51f-b6af-4016-8d66-8c2a99b929b3",
        displayName: "Guest User"
        }
        ],
      - condition: null,
      - permissionAction: "limitedRead"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard properties of a specific application, but cannot enumerate applications",
      - id: "microsoft.directory-applications-standard-limitedRead-get",
      - name: "microsoft.directory/applications/standard/limitedRead",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/domains/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "10dae51f-b6af-4016-8d66-8c2a99b929b3",
        displayName: "Guest User"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on domains",
      - id: "microsoft.directory-domains-standard-read-get",
      - name: "microsoft.directory/domains/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/appRoleAssignments/limitedRead: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "10dae51f-b6af-4016-8d66-8c2a99b929b3",
        displayName: "Guest User"
        }
        ],
      - condition: null,
      - permissionAction: "limitedRead"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the application role assignments of a specific group, but cannot enumerate groups",
      - id: "microsoft.directory-groups-appRoleAssignments-limitedRead-get",
      - name: "microsoft.directory/groups/appRoleAssignments/limitedRead",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/memberOf/limitedRead: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "10dae51f-b6af-4016-8d66-8c2a99b929b3",
        displayName: "Guest User"
        }
        ],
      - condition: null,
      - permissionAction: "limitedRead"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read memberships of a specific group, but cannot enumerate groups",
      - id: "microsoft.directory-groups-memberOf-limitedRead-get",
      - name: "microsoft.directory/groups/memberOf/limitedRead",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/members/limitedRead: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "10dae51f-b6af-4016-8d66-8c2a99b929b3",
        displayName: "Guest User"
        }
        ],
      - condition: null,
      - permissionAction: "limitedRead"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read members of a specific group, but cannot enumerate groups",
      - id: "microsoft.directory-groups-members-limitedRead-get",
      - name: "microsoft.directory/groups/members/limitedRead",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/owners/limitedRead: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "10dae51f-b6af-4016-8d66-8c2a99b929b3",
        displayName: "Guest User"
        }
        ],
      - condition: null,
      - permissionAction: "limitedRead"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read owners of a specific group, but cannot enumerate groups",
      - id: "microsoft.directory-groups-owners-limitedRead-get",
      - name: "microsoft.directory/groups/owners/limitedRead",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/settings/limitedRead: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "10dae51f-b6af-4016-8d66-8c2a99b929b3",
        displayName: "Guest User"
        }
        ],
      - condition: null,
      - permissionAction: "limitedRead"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read settings of a specific group, but cannot enumerate groups",
      - id: "microsoft.directory-groups-settings-limitedRead-get",
      - name: "microsoft.directory/groups/settings/limitedRead",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/standard/limitedRead: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "10dae51f-b6af-4016-8d66-8c2a99b929b3",
        displayName: "Guest User"
        }
        ],
      - condition: null,
      - permissionAction: "limitedRead"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard properties of a specific group, but cannot enumerate groups",
      - id: "microsoft.directory-groups-standard-limitedRead-get",
      - name: "microsoft.directory/groups/standard/limitedRead",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/multiTenantOrganization/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "10dae51f-b6af-4016-8d66-8c2a99b929b3",
        displayName: "Guest User"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties of a multi-tenant organization",
      - id: "microsoft.directory-multiTenantOrganization-standard-read-get",
      - name: "microsoft.directory/multiTenantOrganization/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/multiTenantOrganization/tenants/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "10dae51f-b6af-4016-8d66-8c2a99b929b3",
        displayName: "Guest User"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties of a tenant participating in a multi-tenant organization",
      - id: "microsoft.directory-multiTenantOrganization-tenants-standard-read-get",
      - name: "microsoft.directory/multiTenantOrganization/tenants/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/organization/basicProfile/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "10dae51f-b6af-4016-8d66-8c2a99b929b3",
        displayName: "Guest User"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic organization profile information",
      - id: "microsoft.directory-organization-basicProfile-read-get",
      - name: "microsoft.directory/organization/basicProfile/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/appRoleAssignedTo/limitedRead: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "10dae51f-b6af-4016-8d66-8c2a99b929b3",
        displayName: "Guest User"
        }
        ],
      - condition: null,
      - permissionAction: "limitedRead"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read app roles a specific instance of a service principal is assigned to, but cannot enumerate service principals",
      - id: "microsoft.directory-servicePrincipals-appRoleAssignedTo-limitedRead-get",
      - name: "microsoft.directory/servicePrincipals/appRoleAssignedTo/limitedRead",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/appRoleAssignments/limitedRead: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "10dae51f-b6af-4016-8d66-8c2a99b929b3",
        displayName: "Guest User"
        }
        ],
      - condition: null,
      - permissionAction: "limitedRead"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read application roles assigned to a specific service principal, but cannot enumerate service principals",
      - id: "microsoft.directory-servicePrincipals-appRoleAssignments-limitedRead-get",
      - name: "microsoft.directory/servicePrincipals/appRoleAssignments/limitedRead",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/memberOf/limitedRead: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "10dae51f-b6af-4016-8d66-8c2a99b929b3",
        displayName: "Guest User"
        }
        ],
      - condition: null,
      - permissionAction: "limitedRead"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read memberships for a specific service principal, but cannot enumerate service principals",
      - id: "microsoft.directory-servicePrincipals-memberOf-limitedRead-get",
      - name: "microsoft.directory/servicePrincipals/memberOf/limitedRead",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/oAuth2PermissionGrants/limitedRead: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "10dae51f-b6af-4016-8d66-8c2a99b929b3",
        displayName: "Guest User"
        }
        ],
      - condition: null,
      - permissionAction: "limitedRead"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read OAuth 2.0 permission grants for specific service principal, but cannot enumerate service principals",
      - id: "microsoft.directory-servicePrincipals-oAuth2PermissionGrants-limitedRead-get",
      - name: "microsoft.directory/servicePrincipals/oAuth2PermissionGrants/limitedRead",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/ownedObjects/limitedRead: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "10dae51f-b6af-4016-8d66-8c2a99b929b3",
        displayName: "Guest User"
        }
        ],
      - condition: null,
      - permissionAction: "limitedRead"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read objects owned by a specific service principal, but cannot enumerate service principals",
      - id: "microsoft.directory-servicePrincipals-ownedObjects-limitedRead-get",
      - name: "microsoft.directory/servicePrincipals/ownedObjects/limitedRead",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/owners/limitedRead: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "10dae51f-b6af-4016-8d66-8c2a99b929b3",
        displayName: "Guest User"
        }
        ],
      - condition: null,
      - permissionAction: "limitedRead"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read owners of a specific service principal, but cannot enumerate service principals",
      - id: "microsoft.directory-servicePrincipals-owners-limitedRead-get",
      - name: "microsoft.directory/servicePrincipals/owners/limitedRead",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/policies/limitedRead: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "10dae51f-b6af-4016-8d66-8c2a99b929b3",
        displayName: "Guest User"
        }
        ],
      - condition: null,
      - permissionAction: "limitedRead"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read policies of a specific service principal, but cannot enumerate service principals",
      - id: "microsoft.directory-servicePrincipals-policies-limitedRead-get",
      - name: "microsoft.directory/servicePrincipals/policies/limitedRead",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/standard/limitedRead: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "10dae51f-b6af-4016-8d66-8c2a99b929b3",
        displayName: "Guest User"
        }
        ],
      - condition: null,
      - permissionAction: "limitedRead"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard properties of a specific service principal, but cannot enumerate service principals",
      - id: "microsoft.directory-servicePrincipals-standard-limitedRead-get",
      - name: "microsoft.directory/servicePrincipals/standard/limitedRead",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/appRoleAssignments/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read application role assignments for users",
      - id: "microsoft.directory-users-appRoleAssignments-read-get",
      - name: "microsoft.directory/users/appRoleAssignments/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/deviceForResourceAccount/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read deviceForResourceAccount of users",
      - id: "microsoft.directory-users-deviceForResourceAccount-read-get",
      - name: "microsoft.directory/users/deviceForResourceAccount/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/directReports/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the direct reports for users",
      - id: "microsoft.directory-users-directReports-read-get",
      - name: "microsoft.directory/users/directReports/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/guestBasicProfile/limitedRead: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "10dae51f-b6af-4016-8d66-8c2a99b929b3",
        displayName: "Guest User"
        }
        ],
      - condition: null,
      - permissionAction: "limitedRead"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic guest profile properties of a specific user, but cannot enumerate users",
      - id: "microsoft.directory-users-guestBasicProfile-limitedRead-get",
      - name: "microsoft.directory/users/guestBasicProfile/limitedRead",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/invitedBy/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the user that invited an external user to a tenant",
      - id: "microsoft.directory-users-invitedBy-read-get",
      - name: "microsoft.directory/users/invitedBy/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/inviteGuest: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "10dae51f-b6af-4016-8d66-8c2a99b929b3",
        displayName: "Guest User"
        }
        ],
      - condition: null,
      - permissionAction: "other"
      },
    - permissionDetails: {6 items
      - actionVerb: "POST",
      - description: "Invite guest users",
      - id: "microsoft.directory-users-inviteGuest-post",
      - name: "microsoft.directory/users/inviteGuest",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/inviteGuest: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "other"
      },
    - permissionDetails: {6 items
      - actionVerb: "POST",
      - description: "Invite guest users",
      - id: "microsoft.directory-users-inviteGuest-post",
      - name: "microsoft.directory/users/inviteGuest",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/licenseDetails/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read license details of users",
      - id: "microsoft.directory-users-licenseDetails-read-get",
      - name: "microsoft.directory/users/licenseDetails/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/manager/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read manager of users",
      - id: "microsoft.directory-users-manager-read-get",
      - name: "microsoft.directory/users/manager/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/memberOf/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the group memberships of users",
      - id: "microsoft.directory-users-memberOf-read-get",
      - name: "microsoft.directory/users/memberOf/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/oAuth2PermissionGrants/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read delegated permission grants on users",
      - id: "microsoft.directory-users-oAuth2PermissionGrants-read-get",
      - name: "microsoft.directory/users/oAuth2PermissionGrants/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/ownedDevices/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read owned devices of users",
      - id: "microsoft.directory-users-ownedDevices-read-get",
      - name: "microsoft.directory/users/ownedDevices/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/ownedObjects/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read owned objects of users",
      - id: "microsoft.directory-users-ownedObjects-read-get",
      - name: "microsoft.directory/users/ownedObjects/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/photo/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read photo of users",
      - id: "microsoft.directory-users-photo-read-get",
      - name: "microsoft.directory/users/photo/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/registeredDevices/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read registered devices of users",
      - id: "microsoft.directory-users-registeredDevices-read-get",
      - name: "microsoft.directory/users/registeredDevices/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/scopedRoleMemberOf/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read user's membership of a Microsoft Entra role, that is scoped to an administrative unit",
      - id: "microsoft.directory-users-scopedRoleMemberOf-read-get",
      - name: "microsoft.directory/users/scopedRoleMemberOf/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/sponsors/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read sponsors of users",
      - id: "microsoft.directory-users-sponsors-read-get",
      - name: "microsoft.directory/users/sponsors/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on users",
      - id: "microsoft.directory-users-standard-read-get",
      - name: "microsoft.directory/users/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  }
]

}

{

@odata.context: "https://graph.microsoft.com/v1.0/$metadata#roleManagement/directory/roleDefinitions/$entity",
id: "95e79109-95c0-4d8e-aee3-d01accf2d47b",
description: "Can invite guest users independent of the 'members can invite guests' setting.",
displayName: "Guest Inviter",
isBuiltIn: true,
isEnabled: true,
resourceScopes: [1 item
- "/"
],
templateId: "95e79109-95c0-4d8e-aee3-d01accf2d47b",
version: "1",
rolePermissions: [1 item
- {2 items
  - allowedResourceActions: [16 items
    - "microsoft.directory/users/appRoleAssignments/read",
    - "microsoft.directory/users/deviceForResourceAccount/read",
    - "microsoft.directory/users/directReports/read",
    - "microsoft.directory/users/invitedBy/read",
    - "microsoft.directory/users/inviteGuest",
    - "microsoft.directory/users/licenseDetails/read",
    - "microsoft.directory/users/manager/read",
    - "microsoft.directory/users/memberOf/read",
    - "microsoft.directory/users/oAuth2PermissionGrants/read",
    - "microsoft.directory/users/ownedDevices/read",
    - "microsoft.directory/users/ownedObjects/read",
    - "microsoft.directory/users/photo/read",
    - "microsoft.directory/users/registeredDevices/read",
    - "microsoft.directory/users/scopedRoleMemberOf/read",
    - "microsoft.directory/users/sponsors/read",
    - "microsoft.directory/users/standard/read"
    ],
  - condition: null
  }
],
inheritsPermissionsFrom@odata.context: "https://graph.microsoft.com/v1.0/$metadata#roleManagement/directory/roleDefinitions('95e79109-95c0-4d8e-aee3-d01accf2d47b')/inheritsPermissionsFrom",
inheritsPermissionsFrom: [1 item
- {1 item
  - id: "10dae51f-b6af-4016-8d66-8c2a99b929b3"
  }
]

}

{

@odata.context: "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleDefinitions/$entity",
id: "95e79109-95c0-4d8e-aee3-d01accf2d47b",
assignmentMode: "allowed",
categories: "identity",
description: "Can invite guest users independent of the 'members can invite guests' setting.",
displayName: "Guest Inviter",
isBuiltIn: true,
isEnabled: true,
isPrivileged: false,
resourceScopes: [1 item
- "/"
],
richDescription: "Users in this role can manage Microsoft Entra B2B guest user invitations when the "Members can invite" user setting is set to No. It does not include any other permissions.",
templateId: "95e79109-95c0-4d8e-aee3-d01accf2d47b",
version: "1",
rolePermissions: [1 item
- {2 items
  - allowedResourceActions: [16 items
    - "microsoft.directory/users/appRoleAssignments/read",
    - "microsoft.directory/users/deviceForResourceAccount/read",
    - "microsoft.directory/users/directReports/read",
    - "microsoft.directory/users/invitedBy/read",
    - "microsoft.directory/users/inviteGuest",
    - "microsoft.directory/users/licenseDetails/read",
    - "microsoft.directory/users/manager/read",
    - "microsoft.directory/users/memberOf/read",
    - "microsoft.directory/users/oAuth2PermissionGrants/read",
    - "microsoft.directory/users/ownedDevices/read",
    - "microsoft.directory/users/ownedObjects/read",
    - "microsoft.directory/users/photo/read",
    - "microsoft.directory/users/registeredDevices/read",
    - "microsoft.directory/users/scopedRoleMemberOf/read",
    - "microsoft.directory/users/sponsors/read",
    - "microsoft.directory/users/standard/read"
    ],
  - condition: null
  }
],
inheritsPermissionsFrom@odata.context: "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleDefinitions('95e79109-95c0-4d8e-aee3-d01accf2d47b')/inheritsPermissionsFrom",
inheritsPermissionsFrom: [1 item
- {1 item
  - id: "10dae51f-b6af-4016-8d66-8c2a99b929b3"
  }
]

}

Guest Inviter - 95e79109-95c0-4d8e-aee3-d01accf2d47bEntra Id Role definition

Guest Inviter - 95e79109-95c0-4d8e-aee3-d01accf2d47b
Entra Id Role definition