So, I'm trying to get the role assignments from Microsoft purview using the following REST API:
api_endpoint = f"https://{pv_account_name}.purview.azure.com/policystore/metadataroles"
With this I am able to obtain the ids, and role name but I am unable to obtain the names of users, service principals, etc. I am writing a python script to get the data, but I have hit a wall. I am unsure how to go about it as this is my first time trying this.
How do I get the role assignments like data curators, collection admins and the name of the users and service principals.
I tried writing a python script like the following code:
import requests
import json
# Replace these with your actual values
pv_account_name = "purview"
api_version = "2021-07-01"
# Azure AD credentials
client_id = "b"
client_secret = "L"
tenant_id = "e"
resource = "https://purview.azure.net"
# Construct the token request URL
token_url = f"https://login.microsoftonline.com/{tenant_id}/oauth2/token"
# Set up the token request parameters
token_params = {
"client_id": client_id,
"client_secret": client_secret,
"grant_type": "client_credentials",
"resource": resource
}
# Make the token request to get an access token
token_response = requests.post(token_url, data=token_params)
# Check the token response status
if token_response.status_code == 200:
token_data = token_response.json()
access_token = token_data.get("access_token")
# Construct the API endpoint for role assignments
api_endpoint = f"https://{pv_account_name}.purview.azure.com/policystore/metadataroles"
# Set up headers with the access token
headers = {
"Authorization": f"Bearer {access_token}",
"Content-Type": "application/json",
}
# Set up parameters for the request
params = {
"api-version": api_version,
# Add any additional parameters as needed
}
# Make the GET request to retrieve role assignments
response = requests.get(api_endpoint, headers=headers, params=params)
# Check the response status
if response.status_code == 200:
role_assignments = response.json()
# Initialize a list to store role assignments with user or service principal information
role_assignments_with_names = []
# Function to retrieve user or service principal information
def get_user_info(unique_identifier):
# Make a request to the Azure AD Graph API to retrieve user or service principal info
user_info_endpoint = f"https://graph.microsoft.com/v1.0/users/{unique_identifier}"
user_info_response = requests.get(user_info_endpoint, headers=headers)
if user_info_response.status_code == 200:
user_info = user_info_response.json()
return user_info
for assignment in role_assignments.get("values", []):
unique_identifier = assignment.get("principalId")
if unique_identifier:
user_info = get_user_info(unique_identifier)
if user_info:
# Combine role assignment and user info
role_assignment_with_name = {
"role_assignment": assignment,
"user_info": user_info,
}
role_assignments_with_names.append(role_assignment_with_name)
# Now, role_assignments_with_names contains role assignments with user or service principal info
print(role_assignments_with_names)
else:
print(f"Error: {response.status_code}")
print(response.text)
else:
print(f"Error: {token_response.status_code}")
print(token_response.text)
This return an empty set.