I have an active directory application that is used as a service principle in DevOps pipelines. I need to assign Directory Reader role to this application. I am a Global Administrator, as shown in the picture below.When I try to assign a Directory reader role to the service user, the role assignment button is disabled as shown below.Is Global admin permission is not sufficient for this purpose or am I missing something here? 解决方案 If you use PIM (Privileged Identity Management) then you can check if you can assign permissions there (you must be a member of the Privileged Role Administrator role).https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-add-role-to-user 这篇关于Azure Active Directory“添加分配"按钮显示为灰色的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！ 上岸，阿里云！