Azure - User Permissions

Mateusz Wysocki 40 Reputation points
2023-08-11T08:11:54.73+00:00

Hi all,

When checking the below using Azure:

Privileged Identity Management - Assignments - Active Assignments

I can see exactly what roles are assigned to specific users.

When checking the below using Azure:

Privileged Identity Management - Roles - Selecting any Role from the list - Description

I can see exactly what Role permissions are assigned to any specific role

Now, can someone advise me if there is a way for Azure to determine what permissions are actually used by any user I select? As explained above I know how to check what permissions are part of the role that a user is assigned to. I don't want to check what permissions the user has, I want to know what permissions are actually in use so then I could make a better decision to determine whether the role assigned to them is the right one.

Any advice would be greatly appreciated.

Thank you

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
790 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,338 questions
0 comments No comments
{count} votes

Accepted answer
  1. Sam Cogan 10,502 Reputation points MVP
    2023-08-11T08:22:19.7866667+00:00

    No, there is no way to determine what permissions of a role a user is using, this information is not recorded.


1 additional answer

Sort by: Most helpful
  1. Givary-MSFT 32,306 Reputation points Microsoft Employee
    2023-08-18T05:20:36.6866667+00:00

    @Mateusz Wysocki Thank you reaching out to us, As @Sam Cogan mentioned its not possible to find which action/permission is being used within the Azure AD role by the user account, though we can create custom roles to have granular permissions - https://learn.microsoft.com/en-us/azure/active-directory/roles/custom-available-permissions

    You can also share your feedback to have this feature request added in the audit logs over here - https://feedback.azure.com/d365community which is closely monitored by our product group team.

    Let me know if you have any further questions, feel free to post back.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.