RBAC Automation with Powershell

Sean Murphy 1 Reputation point
2021-03-12T16:00:26.297+00:00

I am looking to see if anyone has a script that uses excel spreadsheet contents to assign roles to user accounts within Azure AD rather than adding the roles one at a time. Ideally, the spreadsheet would have a list of the usernames and the roles to which you wanted them added, and it would cycle through the sheet and add the users to those roles. Any direction would be appreciated.

Thanks!

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
644 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 33,211 Reputation points Microsoft Employee
    2021-03-12T21:01:43.307+00:00

    A good solution would be to use group-based assignment. The documentation samples show how to assign RBAC roles at user, group, and resource levels, and this article details specifically how to assign RBAC roles to groups using Powershell.

    There is also a good example in this in this stack overflow thread that shows how to assign access to an Azure AD Group via Powershell:

    77372-image.png

    I'm not aware of an official script that goes through a list of users in a spreadsheet to assign the roles, but there are some similar unofficial ones out there.

    This one adds multiple users to an Azure ARM Resource Group RBAC role:
    https://gist.github.com/delorgedj/3b25af0e1ccd5d4e19ba1bc5a0a0013a

    This one applies RBAC roles to users on particular resource:
    http://harvestingclouds.com/post/script-sample-apply-rbac-role-to-users-on-resources/

    0 comments No comments