Get-AzRoleAssignment -SignInName "XXX" is not filtering the RoleAssignments of the Resource Level via PowerShell

K Mano 0 Reputation points
2023-03-21T15:40:59.9133333+00:00

Hi Guys,

Currently i am working on by automate the Azure Role Assignments using PowerShell script. When i use Get-AzRoleAssignment -SignInName "XXX"- i can get the details for some of the users. However, the same command won't return any data for certain users. I have cross verified that user XXXX was assigned to the Resource KeyVault with Reader Permission (Direct assignment).

My Requirement - if user give any user id then it will list out all the direct and InDirect assignments on the tenant like Managementgroup, subscription, ResourceGroup and Resource level.

Assignment.PNG

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
795 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,474 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 44,221 Reputation points
    2023-03-22T14:23:24.21+00:00

    Hello there,

    Check if you can get the information using the REST API. To list role assignments (list access), you can use one of the Role Assignments - List REST APIs. To refine your results, you specify a scope and an optional filter. To call the API, you must have access to the Microsoft.Authorization/roleAssignments/read operation at the specified scope. All built-in roles are granted access to this operation.

    Use RBAC to manage access with the REST API https://learn.microsoft.com/en-us/rest/api/authorization/role-assignment-rest-sample

    Also note 'New-AzRoleAssignment' PowerShell cmdlet is required to have 'Az.Resources' module. Refer to the following:

    https://docs.microsoft.com/en-us/powershell/module/az.resources/new-azroleassignment?view=azps-4.3.0

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer–

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.