Forum Discussion

Mark121Le's avatar
Mark121Le
Copper Contributor
Aug 31, 2020

AZURE User Access Administrator where can I see the assignment of the role

Looking to identify the assignment of the User Access Administrator role within my subscription's Activity Logs with no luck. I can see the role has been assigned in the azure subscription blade under Role Assignments and in Azure AD however I cannot see the event to assigned the role in the Activity Logs. 

https://docs.microsoft.com/en-us/azure/role-based-access-control/overview

 

Also when reviewing the audit logs (AD) the only event I see around the role User Access Administrator being assigned is "Set Company Information"

https://docs.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin

 

Any advice on how I would isolate the activity around the assignment of the role other that "Set Company Information" Thanks 

 

  • Hi Mark121Le,

     

    Maybe try this Query and check if you will find it in the Events coming back:

     

    AuditLogs
    // Role Changes in AAD
    | where SourceSystem == "Azure AD"
    | where OperationName contains "Add member"
    | where Category == "RoleManagement"
    | where TargetResources != "*"
    | where TimeGenerated >= ago(14d)
    | project Identity, TimeGenerated, Category, OperationName, Result, AffectedUser = TargetResources.[1].displayName, AffectedRole = TargetResources.[0].modifiedProperties.[1].newValue
    | limit 50
    | sort by TimeGenerated desc
     
    KInd Regards, Peter

     

Resources