Azure - User Permissions

Question

Hi all,

When checking the below using Azure:

Privileged Identity Management - Assignments - Active Assignments

I can see exactly what roles are assigned to specific users.

When checking the below using Azure:

Privileged Identity Management - Roles - Selecting any Role from the list - Description

I can see exactly what Role permissions are assigned to any specific role

Now, can someone advise me if there is a way for Azure to determine what permissions are actually used by any user I select? As explained above I know how to check what permissions are part of the role that a user is assigned to. I don't want to check what permissions the user has, I want to know what permissions are actually in use so then I could make a better decision to determine whether the role assigned to them is the right one.

Any advice would be greatly appreciated.

Thank you

Answer 1

No, there is no way to determine what permissions of a role a user is using, this information is not recorded.

Answer 2

@Mateusz Wysocki Thank you reaching out to us, As @Sam Cogan mentioned its not possible to find which action/permission is being used within the Azure AD role by the user account, though we can create custom roles to have granular permissions - https://learn.microsoft.com/en-us/azure/active-directory/roles/custom-available-permissions

You can also share your feedback to have this feature request added in the audit logs over here - https://feedback.azure.com/d365community which is closely monitored by our product group team.

Let me know if you have any further questions, feel free to post back.