How to export Buil-in + Custom Roles for each subscription to csv?

Neel Darji 86 Reputation points
2024-04-11T17:03:04.2433333+00:00

I have a need here to have excel / csv file that can give me all the Roles (Custom+builtin) associated with specific subscription with Role Definition ID.

Can anyone provide Powershell command to achieve the same?

PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,517 questions
Microsoft Entra
0 comments No comments
{count} votes

Accepted answer
  1. Navya 10,870 Reputation points Microsoft Vendor
    2024-04-15T07:33:54.86+00:00

    Hi @Neel Darji

    Yes, it's possible to do that by reading the subscription IDs from a CSV file. Then, iterating over each subscription, retrieving the associated roles and exporting them to separate CSV files.

    Create a CSV file (subscriptionlist.csv) with a column named SubscriptionId containing the subscription IDs.

    Use below sample PowerShell code.

    Connect-AzAccount
    
    $subscriptions = Import-Csv -Path "C:\subscriptionlist.csv"
    
    foreach ($sub in $subscriptions) {
        $subscriptionId = $sub.SubscriptionId
    $roles = Get-AzRoleDefinition -Scope "/subscriptions/$subscriptionId" | Select-Object Name, Id, description
        
        $roles | Export-Csv -Path "c:\roles_$subscriptionId.csv" -NoTypeInformation
        
        Write-Output "Roles for subscription $subscriptionId exported to roles_$subscriptionId.csv"
    }
    
    
    

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.


1 additional answer

Sort by: Most helpful
  1. Pinaki Ghatak 4,215 Reputation points Microsoft Employee
    2024-04-12T08:16:47.94+00:00

    Hello @Neel Darji

    To export the list of all the roles (custom + built-in) associated with a specific subscription to a CSV file using PowerShell, you can use the following command:

    Get-AzRoleDefinition | Select-Object Name, Description, Id | Export-Csv -Path "C:\Roles.csv" -NoTypeInformation 
    

    This command will retrieve all the role definitions in the current subscription and export them to a CSV file named "Roles.csv" located in the C:\ drive. The exported CSV file will contain the Name, Description, and Id of each role definition. You can modify the command to retrieve the role definitions for a specific subscription by adding the -Scope parameter followed by the subscription ID or name.

    For example:

    Get-AzRoleDefinition -Scope "/subscriptions/{YourSubscriptionId}" | Select-Object Name, Description, Id | Export-Csv -Path "C:\Roles.csv" -NoTypeInformation
    

    Replace {YourSubscriptionId} with the ID or name of the subscription you want to retrieve the role definitions for.

    I hope this answers your question.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.