Forum Discussion

Olivier_Lumeau's avatar
Olivier_Lumeau
Brass Contributor
Jan 16, 2025

List eligible roles with PowerShell

Hi guys, does someone knows or has a script (or other thing like CLI commands or others) to List all eligible roles in Azure. 

And, finally, list these eligible roles from a specific user to be able to assign them to another user that must have the same profile with same rights? 

Thanks in advance. 

  • kyazaferr's avatar
    kyazaferr
    Steel Contributor

    az ad user show --id <userUPN> --query "assignedRoles" 

    az ad role list --query "[].{RoleName:displayName, RoleId:id}" --output table

  • kyazaferr's avatar
    kyazaferr
    Steel Contributor

    Get-AzureADMSRoleDefinition | Select DisplayName, Id, IsEnabled

     

    # Connect to Azure AD
    Connect-AzureAD

    # List all roles assigned to a specific user
    $userId = "<UserObjectId>"  # Replace with the User Object ID
    Get-AzureADUserAppRoleAssignment -ObjectId $userId | Select-Object ResourceDisplayName, AppRoleId, Id

    # Get the list of roles assigned to the original user
    $originalUserId = "<OriginalUserObjectId>"  # Replace with the Original User Object ID
    $newUserId = "<NewUserObjectId>"  # Replace with the New User Object ID

    $roles = Get-AzureADUserAppRoleAssignment -ObjectId $originalUserId

    # Loop through each role and assign it to the new user
    foreach ($role in $roles) {
        New-AzureADUserAppRoleAssignment -ObjectId $newUserId -ResourceId $role.ResourceId -AppRoleId $role.AppRoleId
    }

     

  • kyazaferr's avatar
    kyazaferr
    Steel Contributor

    # Connect to Azure AD
    Connect-AzureAD

    # List all eligible roles for the Azure AD tenant
    Get-AzureADMSPrivilegedRoleSetting | Select-Object DisplayName, RoleDefinitionId, IsEnabled, ResourceId

Resources