Forum Discussion
Azure IAM Report – Explicit Permissions Only
Hi all,
Is anyone currently working on a request to generate a report of all IAM permissions across all Azure resources?
My idea is to create a script that reports only explicitly assigned permissions at the Management Group, Subscription, Resource Group, or individual Resource level.
However, I’m struggling to find a way to filter only explicit permissions at the Management Group level — everything seems to include inherited roles as well.
Has anyone already solved this issue or found a workaround?
Thanks in advance!
2 Replies
Try below as a workaround:
Get-AzRoleAssignment | Where-Object { $_.Scope -eq "/providers/Microsoft.Management/managementGroups/<yourGroupId>" -and $_.InheritedFrom -eq $null }LOL hell is here MVP, use chatgpt as response without testing....
Where do you get parameter InheritedFrom ???? Show me pls.
