forked from tomwechsler/Azure_PowerShell_Administration
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathList_Azure_role_assignments.ps1
More file actions
63 lines (42 loc) · 2.3 KB
/
List_Azure_role_assignments.ps1
File metadata and controls
63 lines (42 loc) · 2.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
Set-Location c:\
Clear-Host
Install-Module -Name Az -Force -AllowClobber -Verbose
#Log into Azure
Connect-AzAccount
#Select the correct subscription
Get-AzSubscription -SubscriptionName "MSDN Platforms" | Select-AzSubscription
Get-AzContext
#Azure resources role-based access control (Azure RBAC)
#View Role Assignment
Get-AzRoleAssignment | Format-Table
#List role assignments for a subscription
Get-AzRoleAssignment -Scope /subscriptions/00000000-0000-0000-0000-000000000000
#List role assignments for a user
Get-AzRoleAssignment -SignInName jane.ford@tomwechsler.ch | FL DisplayName, RoleDefinitionName, Scope
#Another way
Get-AzRoleAssignment -SignInName jane.ford@tomwechsler.ch -ExpandPrincipalGroups | FL DisplayName, RoleDefinitionName, Scope
#List role assignments for a resource group
Get-AzRoleAssignment -ResourceGroupName TW-EXCHANGE-PROJECT-RG | FL DisplayName, RoleDefinitionName, Scope
#List role assignments for a management group
Get-AzRoleAssignment -Scope /providers/Microsoft.Management/managementGroups/marketing-group
#List role assignments for a resource
Get-AzRoleAssignment -Scope "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/storage-test-rg/providers/Microsoft.Storage/storageAccounts/storagetest0122"
#If you want to just list role assignments that are assigned directly on a resource
Get-AzRoleAssignment | Where-Object {$_.Scope -eq "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/storage-test-rg/providers/Microsoft.Storage/storageAccounts/storagetest0122"}
#List role assignments for classic service administrator and co-administrators
Get-AzRoleAssignment -IncludeClassicAdministrators
#Azure Actice Directory (AD) role-based access control (Azure RBAC)
#We install the Azure AD PowerShell module
Install-Module AzureADPreview -Verbose -Force -AllowClobber
#And import
Import-Module AzureADPreview
#To verify that the module is ready to use
Get-Module AzureADPreview
#We connect
Connect-AzureAD
#Fetch list of all directory roles with object ID
Get-AzureADDirectoryRole
#Fetch a specific directory role by ID
$role = Get-AzureADDirectoryRole -ObjectId "5b3fe201-fa8b-4144-b6f1-875829ff7543"
#Fetch role membership for a role
Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId | Get-AzureADUser