Forum Discussion
AZURE User Access Administrator where can I see the assignment of the role
Looking to identify the assignment of the User Access Administrator role within my subscription's Activity Logs with no luck. I can see the role has been assigned in the azure subscription blade under Role Assignments and in Azure AD however I cannot see the event to assigned the role in the Activity Logs.
https://docs.microsoft.com/en-us/azure/role-based-access-control/overview
Also when reviewing the audit logs (AD) the only event I see around the role User Access Administrator being assigned is "Set Company Information"
https://docs.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin
Any advice on how I would isolate the activity around the assignment of the role other that "Set Company Information" Thanks
- Peter_BeckendorfIron Contributor
Hi Mark121Le,
Maybe try this Query and check if you will find it in the Events coming back:
AuditLogs// Role Changes in AAD| where SourceSystem == "Azure AD"| where OperationName contains "Add member"| where Category == "RoleManagement"| where TargetResources != "*"| where TimeGenerated >= ago(14d)| project Identity, TimeGenerated, Category, OperationName, Result, AffectedUser = TargetResources.[1].displayName, AffectedRole = TargetResources.[0].modifiedProperties.[1].newValue| limit 50| sort by TimeGenerated descKInd Regards, Peter