| author | CecilyK |
|---|---|
| ms.topic | include |
| ms.custom | sfi-ga-nochange |
Important
For delegated access using work or school accounts, the signed-in user must be assigned a supported Microsoft Entra role or a custom role that grants the permissions required for this operation. This operation supports the following built-in roles, which provide only the least privilege necessary:
- Attribute Assignment Reader
- Attribute Definition Reader
- Attribute Assignment Administrator
- Attribute Definition Administrator
By default, Global Administrator and other administrator roles don't have permissions to read, define, or assign custom security attributes.