Hi,
I was wondering if there's any way we can provide permission to user in such way that they can update group membership only for one Azure group but shouldn't be able to update the rest.
I know we can create custom role with group membership update permission but that applies to all Azure groups.
Was wanting to know if it is possible only for one group and not the rest.
Hello,
I think you should explore self-service group because it will allow you to assign an owner and this owner will be able to manage members of this group "When security groups are created in the Azure portal or using Azure AD PowerShell, only the group's owners can update membership."
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-self-service-management
Regards,
Hi @GoodResource, Thanks for reaching out.
Yes, its possible when you assign user as Group owners. The Group owners can be users or service principals, and are able to manage the group including membership. Only existing group owners or group-managing administrators can assign group owners. Group owners aren't required to be members of the group.
To learn more about Group owner, refer to this document. Hope this helps.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
37 people are following this question.
