Error: The user isn't assigned to any management roles
This error means the delegated admin account does not have the required directory roles assigned within the customer tenant — typically via the GDAP security group.
Cause: The delegated admin account is either not part of the GDAP group, or the GDAP group is missing required roles like Global Reader or Application Administrator.
Resolution
To resolve this, validate and update the GDAP permissions for the affected tenant:
- Go to your partner tenant’s Microsoft Partner Center
- Open the customer’s GDAP configuration
- Ensure that:
- The correct security group is linked to the GDAP relationship
- The group includes your delegated admin account
- The group has at least:
- Application Administrator
- Global Reader
Refer to the full guide: Checking your GDAP relationship
After updating, allow up to 30 minutes for permissions to propagate.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article