This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 22%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Hi Team,
I need to export the list of user in Azure with their respective permissions on resources Groups and resources and need to export to excel files via PowerShell command.
Please find the attachment of excel file for the formate.
Note: In my prod Env we have more than 250 Resource groups there. We would like to validate the users access on the Resource groups.
Regards
Anjibabu
Hi @Anji Babu Eluri , would this document work for you? You can filter users and download them to a .csv. It's not exactly what you asked for but it may be an option to consider. If not please let me know and I can help you further.
If this answer helped you please mark it as "Verified" so other users may reference it.
Thank you,
James
Thanks for your response.
In my environment we have more than 250 Resource groups are there. We are giving the permissions (ACL) to users on resources groups only ,not on subscription level.
Now we are doing auditing ,so we would like to know, what are the users are having access on which resource groups and what level of access(Owner, contributor or reader).The out put should be in excel format.
Can you please help me on this.
Regards
Anjibabu
I have prepared an az scripts as below:
Save the script as a ps1 file and run it in your az PS window.
Note that, your subscription should be connected already before running the script
Get-AzResourceGroup| foreach-object { $ResourceGroupName = $_.ResourceGroupName Get-AzRoleAssignment | Select-Object DisplayName,RoleAssignmentID,@{Name = "ResourceGroup Name"; Expression = { (Get-AzResourceGroup $ResourceGroupName).ResourceGroupName}} ,Scope,RoleDefinitionName,@{name="SubscriptionName";expression = {$Name}},ObjectType | Sort-Object DisplayName }-OutVariable azusers $azusers | Export-CSV UserList.csv -NoTypeInformation -Encoding UTF8
@Anji Babu Eluri , have you got a chance to check the script? If it works, mark it here so that others who is searching for the similar script can use it
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 47%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Hi @Manu Philip ,
Thanks for your reply but when i run the above script it gives below error. please note I am not expert in powershell. Please let me know if i am doing anything wrong.
PS C:\Windows\system32> Connect-AzAccount
Get-AzResourceGroup| foreach-object { $ResourceGroupName = $_.ResourceGroupName Get-AzRoleAssignment | Select-Object DisplayName,RoleAssignmentID,@{Name = "ResourceGroup Name"; Expression = { (Get-AzResourceGroup $ResourceGroupName).ResourceGroupName}} ,Scope,RoleDefinitionName,@{name="SubscriptionName";expression = {$Name}},ObjectType | Sort-Object DisplayName }-OutVariable azusers $azusers | Export-CSV UserList.csv -NoTypeInformation -Encoding UTF8
At line:2 char:81
I am providing more details to run the script as below:
Let me know if you are able to run it well
Hi @Manu Philip
Thanks for your detail explanation here
Actually it works for me fine except subscription name column is blank.
I just want to know one more details like how to get the all azure AD users access
(Role definition) for each resources in subscription.
As in our environment, most of the users are in separate groups means we are not adding them individually in Role assignment for every RG.
So when i ran the above script it shows the Group name in Display column.
is there any way to fetch the report Azure AD user wise with their Role assignment for each resources
Like manish chavda has access of N number of Resource group with respective role assignment
Like this kind of details so i can see all the users access over the subscription and RG's for all users without seeing group name
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 66%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Thanks for your help.
Sorry for the delayed response.
Script is working fine for me. There is no issue.
Once again thanks for your help.
Regards
Anjibabu
Glad to hear that the script helped you !
If the Answer is helpful, please click "Accept Answer" and upvote it. Others with similar requirement can find it too
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 68%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Hi @Manu Philip ,
Hope you are doing great!
Can you tell me that how i can reun this script in azure automate bcz when i am running this in azure automate it not show me "Object type" and "displayname"
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 44%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Hi Manu,
Hope you doing well !
i am looking for a script where i can fetch the user IAM both subscription level and resource group level.
can you pls help on this .