How to List Azure role assignments using Azure PowerShell

Posted by

List role assignments for the current subscription

Get-AzRoleAssignment

List role assignments for a subscription

Get-AzRoleAssignment -Scope /subscriptions/<subscription_id>

Example: PS C:\> Get-AzRoleAssignment -Scope /subscriptions/00000000-0000-0000-0000-000000000000

To list all the roles that are assigned to a specified user and the roles that are assigned to the groups to which the user belongs

Get-AzRoleAssignment -SignInName <email_or_userprincipalname> -ExpandPrincipalGroups

Example - Get-AzRoleAssignment -SignInName isabella@example.com -ExpandPrincipalGroups | FL DisplayName, RoleDefinitionName, Scope

To get only unique display names for the specified sign-in name using the Get-AzRoleAssignment cmdlet in PowerShell and format them as a list,

Get-AzRoleAssignment -SignInName 700753@mgmresorts.com -ExpandPrincipalGroups | Select-Object -ExpandProperty DisplayName -Unique


List role assignments for a resource group

Get-AzRoleAssignment -ResourceGroupName <resource_group_name>

example - Get-AzRoleAssignment -ResourceGroupName pharma-sales | FL DisplayName, RoleDefinitionName, Scope

List role assignments for a resource

Get-AzRoleAssignment -Scope "/subscriptions/<subscription_id>/resourcegroups/<resource_group_name>/providers/<provider_name>/<resource_type>/<resource>

Example - PS C:\> Get-AzRoleAssignment -Scope "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/storage-test-rg/providers/Microsoft.Storage/storageAccounts/storagetest0122"

List role assignments for a managed identity

#Get the object ID of the system-assigned or user-assigned managed identity.

Get-AzADServicePrincipal -DisplayNameBeginsWith "<name> or <vmname>"

#To list the role assignments

Get-AzRoleAssignment -ObjectId <objectid>
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x