What is the difference between Role Assignments and appRoleAssignments in Microsoft Azure?
https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-rest
1 Answers
1
votes
Primary difference is that Role Assignments is an Azure Subscription thing while App Role Assignments is Microsoft Graph API thing.
You use Role Assignments to assign access to users in your Azure AD to various resources in an Azure Subscription. Based on the role assigned, a user is able to perform activities against the Azure resources in an Azure Subscription.
App Role Assignments is essentially assigning access to users in your Azure AD to the custom roles that you created for your Azure AD application. These roles are essentially custom roles specific to your application (e.g. Administrator, User etc.) and is used in your application code to restrict access to various parts of your application e.g. a user in "Administrator" app role can access admin screens while a user in "User" app role can't.
