# Roles

The `Roles` page provides a list of enumerated roles in entire Azure. The list contains the `Object ID`, `Description`, `Privileged`, `Tier 0`,`Enabled` and `Built In`.

<figure><img src="/files/MYmqtypTznow5jrIqanB" alt=""><figcaption><p>Roles</p></figcaption></figure>

## Roles Details

Details page contains the `Risk Score` of the role,`Exposure Point` and `Information` panes.

{% hint style="info" %}
You can analyze objects in the `Graph module` by clicking the `Visualize` button on the upper left side of the `Information Pane`.
{% endhint %}

<figure><img src="/files/v6TslrvVDMH2pDmFajWL" alt=""><figcaption><p>Roles Details</p></figcaption></figure>

## Information

`Information Pane` can contain different badges to highlight important attributes.

| Badge          | Description                                                                           |
| -------------- | ------------------------------------------------------------------------------------- |
| **Privileged** | Indicates that the object is Privileged.                                              |
| **Tier**       | Indicates that the object tier according to risk score and importance.                |
| **Enabled**    | Indicates that the object is enabled.                                                 |
| **Disabled**   | Indicates that the object is disabled.                                                |
| **Stealth**    | Indicates that the object can compromise admin objects with at least one attack path. |

`Information Pane` contains `Details`, `Role Permissions`, `Groups`, `Service Principals`, `Devices`, `Users`.

## Details

Details tab contains attributes below about organizational unit.

| Attribute            | Description                                                                                                                                     |
| -------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
| **Name**             | The unique name of the role within the tenant, used for identification and assignment.                                                          |
| **Enabled**          | Indicates whether the role is currently active and available for assignments within the tenant.                                                 |
| **Display Name**     | The human-readable name of the role, shown in the Azure portal when managing role assignments.                                                  |
| **Is Built In**      | Specifies whether the role is a built-in system role provided by Microsoft, as opposed to a custom-defined role.                                |
| **Description**      | A summary of the role’s purpose and permissions. This role allows management of Microsoft 365 Copilot and other AI-related enterprise features. |
| **Tenant ID**        | The unique identifier (GUID) of the Azure AD tenant where this role exists and can be assigned.                                                 |
| **Object ID**        | A globally unique identifier (GUID) for the specific instance of the role in this tenant, used internally for role assignments.                 |
| **Role Template ID** | The unique identifier of the role definition template. For built-in roles, this is the same across all tenants.                                 |

## Role Permissions

Role permissions tab contains a list of role permissions that are in the given role. This list also contains `Privileged` column to identify the privilege levels of these role permission.

<figure><img src="/files/aUb1FYCkPYxXhYA815z5" alt=""><figcaption><p>Role permissions</p></figcaption></figure>

## Groups

Groups tab contains a list of groups that has the roles. This list also contains `Enabled` and `On Prem Sync Enabled` columns to identify the status of these groups.

<figure><img src="/files/uLSl9aLSWUzyte3cupAb" alt=""><figcaption><p>Groups</p></figcaption></figure>

## Service Principals

Service Principals tab contains a list of service principals that has the roles. This list also contains `Enabled`, `App Display Name` , `Service Principal Type` columns to identify the status of these service principals.

<figure><img src="/files/q2gu1A1pvPMxlma0ozzO" alt=""><figcaption><p>Service Principals</p></figcaption></figure>

## Devices

Devices tab contains a list of devices that has the roles. This list also contains `Account Enabled` and `On Prem Sync Enabled` columns to identify the status of these devices.

<figure><img src="/files/iZCrtPeWZp2RbzTOxlmb" alt=""><figcaption><p>Devices</p></figcaption></figure>

## Users

Users tab contains a list of users that has the roles. This list also contains `Enabled` and `On Prem Sync Enabled` columns to identify the status of these users.

<figure><img src="/files/r1EQAK4b5gTG6infsMtk" alt=""><figcaption><p>Users</p></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.forestall.io/fsprotect/azure-identities/roles.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.