Implement application authorization
Application roles are used to assign permissions to users. You define app roles by using the Azure portal. When a user signs into the application, Azure AD emits a roles claim for each role that the user has been granted individually to the user and from their group membership.
There are two ways to declare app roles by using the Azure portal:
App roles UI | Preview
App manifest editor