Describe the bug
When AzureAD roles are set as Eligible over PIM, they get ignored by Bloodhound. In the standard configuration, a user with an eligible PIM assignment can activate it by himself whenever he needs it. This means that edges originating from PIM Eligible assignments (which in a typical enterprise tenant are a lot!) are missed by Bloodhound.

To Reproduce
Steps to reproduce the behavior:

1. Get a tenant with PIM
2. Give a user an eligible Global Admin assignment
3. Bloodhound thinks this is a standard user with no outbound object control, although he is GA!

Expected behavior
PIM Eligible roles should be considered. Note that PIM also supports eligible group memberships and eligible infrastructure-related roles, which as of right now are probaby not considered either.

Hey there - PIM roles aren't currently covered by BloodHound, but are something we're tracking for future inclusion. I tagged this as an enhancement request accordingly.