Forum Discussion
Download All Permissions Button
Hello,
I am looking for a way to programatically call or perform the same actions as the 'Download All Permission' button which can be found by going to Access Control -> Either finding a role or creating a new one -> Add Permissions -> Download All Permissions button.
It does not appear that any network traffic happens when this button is clicked, and even working backwards I am unable to see when this data is actually loaded.
While you can get the same data using the Azure Management APIs using the Provider and Operations endpoints, it would be much cleaner to just be able to consume this already generated .csv file that this button generates.
Any help would be greatly appreciated!
FP_AlexAlthough you might be able to play around with IE objects (Invoke-WebRequest), to get the CSV downloaded, You can make your own, easy enough.. I put together the following for you, which pretty much does the same thing, using the Az PowerShell Modules:
$Providers = Get-AzProviderOperation $results = @() ForEach($Provider in $Providers) { $results += [pscustomobject]@{ 'Provider NameSpace' = $Provider.ProviderNamespace Description = $Provider.Description 'Operation Name' = $Provider.OperationName Operation = $Provider.Operation ResourceName = $Provider.ResourceName } } $results | Export-csv c:\temp\AzureRBACPermissions.csv -NoTypeInformation
- lukemurraynzLearn Expert
FP_AlexAlthough you might be able to play around with IE objects (Invoke-WebRequest), to get the CSV downloaded, You can make your own, easy enough.. I put together the following for you, which pretty much does the same thing, using the Az PowerShell Modules:
$Providers = Get-AzProviderOperation $results = @() ForEach($Provider in $Providers) { $results += [pscustomobject]@{ 'Provider NameSpace' = $Provider.ProviderNamespace Description = $Provider.Description 'Operation Name' = $Provider.OperationName Operation = $Provider.Operation ResourceName = $Provider.ResourceName } } $results | Export-csv c:\temp\AzureRBACPermissions.csv -NoTypeInformation
- FP_AlexCopper Contributor
I appreciate the reply, and your solution did work. I should have been more clear in my initial question, I work for an ISV so I am looking for a way to do this via the Azure Management API as I can't really have the requirement being that all of our customers have to install the Azure Powershell CLI.
I found this command which seems to mimic the powershell command: https://docs.microsoft.com/en-us/rest/api/authorization/provider-operations-metadata/list
However when executing this, only operations that are Action type are returned. For example, I've attached the output for a single provider when running from both the powershell example as well as through the API and you can see the returned values are different.
- FP_AlexCopper Contributor
FP_AlexJust to circle back on this, if you call the API I referenced with the additional parameter of $expand=resourceTypes, then the output matches the Powershell script from Luke above.
I will go ahead and mark Luke's answer as accepted as he lead me to the correct API to call for my solution.