No, there is no way to determine what permissions of a role a user is using, this information is not recorded.
Azure - User Permissions
Hi all,
When checking the below using Azure:
Privileged Identity Management - Assignments - Active Assignments
I can see exactly what roles are assigned to specific users.
When checking the below using Azure:
Privileged Identity Management - Roles - Selecting any Role from the list - Description
I can see exactly what Role permissions are assigned to any specific role
Now, can someone advise me if there is a way for Azure to determine what permissions are actually used by any user I select? As explained above I know how to check what permissions are part of the role that a user is assigned to. I don't want to check what permissions the user has, I want to know what permissions are actually in use so then I could make a better decision to determine whether the role assigned to them is the right one.
Any advice would be greatly appreciated.
Thank you
1 additional answer
Sort by: Most helpful
-
Givary-MSFT 32,306 Reputation points Microsoft Employee
2023-08-18T05:20:36.6866667+00:00 @Mateusz Wysocki Thank you reaching out to us, As @Sam Cogan mentioned its not possible to find which action/permission is being used within the Azure AD role by the user account, though we can create custom roles to have granular permissions - https://learn.microsoft.com/en-us/azure/active-directory/roles/custom-available-permissions
You can also share your feedback to have this feature request added in the audit logs over here - https://feedback.azure.com/d365community which is closely monitored by our product group team.
Let me know if you have any further questions, feel free to post back.