| title | Identity Governance Administrator |
|---|---|
| description | Identity Governance Administrator |
| ms.topic | include |
| ms.date | 01/26/2026 |
| ms.custom | include file |
Users with this role can manage Microsoft Entra ID Governance configuration, including access packages, access reviews, catalogs and policies, ensuring access is approved and reviewed and guest users who no longer need access are removed.
[!div class="mx-tableFixed"]
Actions Description microsoft.directory/accessReviews/allProperties/allTasks Create and delete access reviews, and read and update all properties of access reviews in Microsoft Entra ID microsoft.directory/accessReviews/definitions.applications/allProperties/allTasks Manage access reviews of application role assignments in Microsoft Entra ID microsoft.directory/accessReviews/definitions.entitlementManagement/allProperties/allTasks Manage access reviews for access package assignments in entitlement management microsoft.directory/accessReviews/definitions.groups/allProperties/read Read all properties of access reviews for membership in Security and Microsoft 365 groups, including role-assignable groups. microsoft.directory/accessReviews/definitions.groups/allProperties/update Update all properties of access reviews for membership in Security and Microsoft 365 groups, excluding role-assignable groups. microsoft.directory/accessReviews/definitions.groups/create Create access reviews for membership in Security and Microsoft 365 groups. microsoft.directory/accessReviews/definitions.groups/delete Delete access reviews for membership in Security and Microsoft 365 groups. microsoft.directory/entitlementManagement/allProperties/allTasks Create and delete resources, and read and update all properties in Microsoft Entra entitlement management microsoft.directory/groups/members/update Update members of Security groups and Microsoft 365 groups, excluding role-assignable groups microsoft.directory/servicePrincipals/appRoleAssignedTo/update Update service principal role assignments