Hi @Johnathan Welker ,
I just got confirmation that there is no Powershell script to export all child resource level assignments. However, you can use the PIM ARM API to get the role assignments at child resources when you call the API and not passing "$filter=atScope()". You would just remove the entire filter and could use a call like this:
GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleAssignmentScheduleInstances?api-version=2020-10-01
(For role assignments that are active at the current time)
OR
GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleAssignmentScheduleInstances?api-version=2020-10-01
(Also includes assignments that will become active in the future)
For more details, you can refer to the documentation here: https://learn.microsoft.com/en-us/rest/api/authorization/privileged-role-assignment-rest-sample
-
If the information helped you, please Accept the answer. This will help us and other community members as well.