Forum Discussion

FP_Alex's avatar
FP_Alex
Copper Contributor
Jul 02, 2021

Download All Permissions Button

Hello,

 

I am looking for a way to programatically call or perform the same actions as the 'Download All Permission' button which can be found by going to Access Control -> Either finding a role or creating a new one -> Add Permissions -> Download All Permissions button.

 

It does not appear that any network traffic happens when this button is clicked, and even working backwards I am unable to see when this data is actually loaded.

 

While you can get the same data using the Azure Management APIs using the Provider and Operations endpoints, it would be much cleaner to just be able to consume this already generated .csv file that this button generates.

 

Any help would be greatly appreciated!

  • FP_AlexAlthough you might be able to play around with IE objects (Invoke-WebRequest), to get the CSV downloaded, You can make your own, easy enough.. I put together the following for you, which pretty much does the same thing, using the Az PowerShell Modules:

     

     

    $Providers = Get-AzProviderOperation
    
    $results = @()
    
    ForEach($Provider in $Providers)
    {
    
    
    
       $results += [pscustomobject]@{
                         'Provider NameSpace' = $Provider.ProviderNamespace
                          Description = $Provider.Description
                         'Operation Name' = $Provider.OperationName
                         Operation = $Provider.Operation
                         ResourceName = $Provider.ResourceName
    
                            
                          }
    
        }
      
      $results | Export-csv c:\temp\AzureRBACPermissions.csv -NoTypeInformation

     

     

  • FP_AlexAlthough you might be able to play around with IE objects (Invoke-WebRequest), to get the CSV downloaded, You can make your own, easy enough.. I put together the following for you, which pretty much does the same thing, using the Az PowerShell Modules:

     

     

    $Providers = Get-AzProviderOperation
    
    $results = @()
    
    ForEach($Provider in $Providers)
    {
    
    
    
       $results += [pscustomobject]@{
                         'Provider NameSpace' = $Provider.ProviderNamespace
                          Description = $Provider.Description
                         'Operation Name' = $Provider.OperationName
                         Operation = $Provider.Operation
                         ResourceName = $Provider.ResourceName
    
                            
                          }
    
        }
      
      $results | Export-csv c:\temp\AzureRBACPermissions.csv -NoTypeInformation

     

     

    • FP_Alex's avatar
      FP_Alex
      Copper Contributor

      lukemurraynz 

      I appreciate the reply, and your solution did work. I should have been more clear in my initial question, I work for an ISV so I am looking for a way to do this via the Azure Management API as I can't really have the requirement being that all of our customers have to install the Azure Powershell CLI.

      I found this command which seems to mimic the powershell command: https://docs.microsoft.com/en-us/rest/api/authorization/provider-operations-metadata/list

       

      However when executing this, only operations that are Action type are returned. For example, I've attached the output for a single provider when running from both the powershell example as well as through the API and you can see the returned values are different.

       

Resources