Permission/access Audit in Powershell

Martin_30 · ‎Apr 25 2023

Hello, im trying to generate a report on "who has access" on all Projects in Azure DevOps

I use the following

$organization = "RELEVENT NAME"
$pat = "APATKEY"
$baseUrl = "https://dev.azure.com/$organization/_apis"
$APIVersion = "7.0"

# Get all projects in the organization
$projectsUrl = "$baseUrl/projects?api-version=$APIVersion"
$projects = Invoke-RestMethod -Uri $projectsUrl -Method Get -Headers @{Authorization = "Basic $($pat)"}

# Loop through each project and get the groups and permissions for each added user
foreach ($project in $projects.value) {
    $projectName = $project.name
    $projectUrl = "$baseUrl/$projectName/_apis/graph/users?api-version=$APIVersion&direction=2&$top=5000"
    $addedUsers = Invoke-RestMethod -Uri $projectUrl -Method Get -Headers @{Authorization = "Basic $($pat)"}
    
    Write-Host "Project: $projectName"

    foreach ($user in $addedUsers.value) {
        $userId = $user.descriptor
        $userUrl = "$baseUrl/$projectName/_apis/accesscontrolentries?api-version=$APIVersion&identityDescriptor=$userId"
        $permissions = Invoke-RestMethod -Uri $userUrl -Method Get -Headers @{Authorization = "Basic $($pat)"}
        
        $groups = $user.memberOf | Where-Object { $_.subjectKind -eq "Group" }
        $groups = $groups | ForEach-Object { $_.displayName }
        $groups = $groups -join ', '
        
        Write-Host "User: $($user.displayName), Groups: $groups"
        
        foreach ($permission in $permissions.value) {
            $permissionName = $permission.displayName
            Write-Host "  Permission: $permissionName"
        }
    }
    
    Write-Host ""
}

can any one help me figure out why it returns empty all the time.

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Permission/access Audit in Powershell

Permission/access Audit in Powershell