Identity & Access
Entra ID Roles Calculator
Find the least privileged Entra ID role for your required permissions. Enter Microsoft directory permissions and discover which built-in roles grant those permissions without excessive access.
Important Information
This tool helps you find built-in roles in Microsoft Entra ID that provide the least privilege for a specific set of directory permissions. It searches through Entra ID's built-in role definitions and ranks them by relevance to your required permissions.
⚠️ Important: Always verify the results and test role assignments in a non-production environment before deploying to production. You are using this tool at your own risk.
Show full guidance
- Only built-in roles are searched. Custom directory roles are not included in the search results.
- Role ranking is based on permission relevance and scope, not on risk assessment or privilege level beyond basic categorization.
- Some permissions may not be available in any built-in role. In such cases, you'll need to create a custom directory role.
- Always review the full list of permissions granted by a role before assignment to ensure it meets your security requirements.
Example Scenarios
Click an example to load common permission scenarios for Entra ID Roles.