Forum Discussion
Power shell script which shows list of RBAC role, Azure resource and Username
AlphaBetaGamma Thanks- that makes sense.
The following script should do something like that, by looping through the resources and then a nested loop through the role assignments. I've included the "Display Name" field as well in case you have any roles assigned to groups- they just have a blank entry for "SignInName".foreach ($Resource in Get-AzResource) { $RoleAssignments=Get-AZRoleAssignment -ResourceGroupName $Resource.ResourceGroupName -ResourceName $Resource.Name -ResourceType $resource.type ForEach ($RoleAssignment in $RoleAssignments){ $Resource | Select-Object @{Name="Azure Resource name";Expression={$Resource.Name}}, @{Name="SignInName";Expression={$RoleAssignment.SignInName}}, @{Name="DisplayName";Expression={$RoleAssignment.DisplayName}}, @{Name="RoleDefinitionName";Expression={$RoleAssignment.RoleDefinitionName}} } }
AlphaBetaGamma How about this, using the Get-AzRoleAssignment cmdlet:
Get-AzRoleAssignment | Select-Object RoleDefinitionName, Scope , DisplayName
Output will look something like this
RoleDefinitionName Scope DisplayName
------------------ ----- -----------
Contributor /subscriptions/(guid)/resourcegroups/myresourcegroup Bob
Reader /subscriptions/(guid)/resourcegroups/myresourcegroup/myvm Jim
Contributor /subscriptions/(guid)/resourcegroups/myresourcegroup/myvm Sal
Thanks for your response, Yeah, i have tried this. But I was trying to get exact resource name against each RABC role and the username. ChrisBradshaw
AlphaBetaGamma - would you be able to write out some sample (made up) output so I can get a better idea of what you're looking for?
ChrisBradshaw Sorry, I didn't convey it properly it seems, my bad. Here is below output I was expecting from Powershell script.
Azure Resource name SignInName RoleDefinitionName keyvault mailto:aaa@aaa.com Conributor sql mailto:aaa@aaa.com Reader
