Forum Discussion

Martin_30's avatar
Martin_30
Copper Contributor
Apr 25, 2023

Permission/access Audit in Powershell

Hello, im trying to generate a report on "who has access" on all Projects in Azure DevOps   I use the following         $organization = "RELEVENT NAME" $pat = "APATKEY" $baseUrl = "https://de...
azure devops
Kidd_Ip's avatar
Kidd_Ip
MVP
Sep 23, 2025

How about this:

 

$organization = "your-org"
$pat = "your-pat"
$token = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$pat"))
$headers = @{ Authorization = "Basic $token" }

# Get all projects
$projectsUrl = "https://dev.azure.com/$organization/_apis/projects?api-version=7.0"
$projects = Invoke-RestMethod -Uri $projectsUrl -Headers $headers

foreach ($project in $projects.value) {
    $projectId = $project.id
    $projectName = $project.name

    Write-Host "Project: $projectName"

    # Get role assignments (who has access)
    $roleUrl = "https://dev.azure.com/$organization/_apis/securityroles/scopes/project/$projectId/roleassignments?api-version=7.0"
    $roles = Invoke-RestMethod -Uri $roleUrl -Headers $headers

    foreach ($assignment in $roles.value) {
        $principalName = $assignment.identity.displayName
        $roleName = $assignment.role.displayName
        Write-Host "User/Group: $principalName → Role: $roleName"
    }

    Write-Host ""
}

 

Resources