- Manage Azure Role Assignments Like a Pro with PowerShell
Today’s blog post is a little bit different. I have a couple of examples of how you can use PowerShell snippets and simple commandlets to get or set role assignmnets in your Azure Subscriptions.
PowerShell examples for managing Azure Role assignments
List all role assignments in a subscription, get all role assignments for a specific resource group, get all role assignments for a specific user, add a role assignment to a user, remove a role assignment for a user, remove all role assignments for a specific user, list all built-in roles, list all custom roles, create a custom role, update a custom role, delete a custom role, list all users or groups assigned to a specific role, list all permissions granted by a specific role, list all resource groups that a user has access to, create a role assignment for a service principal, powershell script to manage azure role assignments.
And now there is a script that combines some of these examples into one usable function:
I hope this was useful. Let me know if you liked the format of this blog and if you want me to include more of these examples.
- Dynamically Managing Azure NSG Rules with PowerShell
The Future Of Azure Governance: Trends and Predictions
- Hidden Azure Tags
- Adding a friendly name to existing Azure Resources
Retrieve azure resource group cost with powershell api, further reading.
In my previous blog posts, I wrote about how simple PowerShell scripts can help speed up daily tasks for Azure administrators, and how you can convert them to your own API. One of these tasks is...
Azure Cost Optimization: 30 Ways to Save Money and Increase Efficiency
As organizations continue to migrate their applications and workloads to the cloud, managing and controlling cloud costs has become an increasingly critical issue. While Azure provides a robust s...
Keeping Your Azure Environment Clean with Automation
As your organization grows and your Azure usage expands, it can become difficult to manage all the resources that you’ve deployed. Over time, you may accumulate unused or unnecessary resources, s...
- Career Model
- Proactive Mentorship
- Review Model
- Work:Life Balance
- 3D Printing
How to find all the Azure Built-In Roles for Azure RBAC with Azure CLI, PowerShell, Docs, or AzAdvertizer
Here are a bunch of ways you can find which roles are built into Azure. This will come in super handy when you need to assign a role to a service principal or user with Azure CLI commands like this:
- Query the big honking json
- Query all, but only return Name and Id in a nice table
- Filter by name contains:
This one filters for roles with “Map” in the name:
This page has all the built in roles: https://docs.microsoft.com/azure/role-based-access-control/built-in-roles
Just found this site today by Julian Hayward. It’s a great way to find roles
Azure infra, security & governance, azure development and ai/ml, azure identity and security, stéphane eyskens, cloud-native azure architecture, geert baeke, azure kubernetes service & containerization, maik van der gaag, azure infrastructure as code & devops, bart verboven, sammy deprez, azure ai, ml & cognitive services, sander van de velde.
Search code, repositories, users, issues, pull requests...
We read every piece of feedback, and take your input very seriously.
Use saved searches to filter your results more quickly.
To see all available qualifiers, see our documentation .
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement . We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Azure role assignment name needs to be GUID #121
carterwilliamson commented Sep 21, 2018
lukehoban commented Sep 24, 2018
Sorry, something went wrong.
mpp-oliverh commented Sep 26, 2018 • edited
Lukehoban commented oct 1, 2018, lukehoban commented oct 2, 2018.
Successfully merging a pull request may close this issue.
- Webinars & Training
- Collection Index
- Collections in the Azure Namespace
- azure.azcollection.azure_rm_roleassignment_info module – Gets Azure Role Assignment facts
azure.azcollection.azure_rm_roleassignment_info module – Gets Azure Role Assignment facts
This module is part of the azure.azcollection collection (version 1.19.0).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core . To check whether it is installed, run ansible-galaxy collection list .
To install it, use: ansible-galaxy collection install azure.azcollection . You need further requirements to be able to use this module, see Requirements for details.
To use it in a playbook, specify: azure.azcollection.azure_rm_roleassignment_info .
New in azure.azcollection 0.1.2
Gets facts of Azure Role Assignment.
The below requirements are needed on the host that executes this module.
python >= 2.7
The host that executes this module must have the azure.azcollection collection installed via galaxy
All python packages listed in collection’s requirements-azure.txt must be installed via pip on the host that executes modules from azure.azcollection
Full installation instructions may be found https://galaxy.ansible.com/azure/azcollection
For authentication with Azure you can pass parameters, set environment variables, use a profile stored in ~/.azure/credentials, or log in before you run your tasks or playbook with az login .
Authentication is also possible using a service principal or Active Directory user.
To authenticate via service principal, pass subscription_id, client_id, secret and tenant or set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT.
To authenticate via Active Directory user, pass ad_user and password, or set AZURE_AD_USER and AZURE_PASSWORD in the environment.
Alternatively, credentials can be stored in ~/.azure/credentials. This is an ini file containing a [default] section and the following keys: subscription_id, client_id, secret and tenant or subscription_id, ad_user and password. It is also possible to add additional profiles. Specify the profile by passing profile or setting AZURE_PROFILE in the environment.
How to authenticate using the az login command.
Common return values are documented here , the following are the fields unique to this module:
- Issue Tracker
- Repository (Sources)
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
- 1 contributor
Bicep resource definition
The roleAssignments resource type is an extension resource , which means you can apply it to another resource.
Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in Bicep .
Valid deployment scopes for the roleAssignments resource are:
- Resource groups - See resource group deployment commands
- Subscriptions - See subscription deployment commands
- Management groups - See management group deployment commands
- Tenants - See tenant deployment commands
For a list of changed properties in each API version, see change log .
For guidance on creating role assignments and definitions, see Create Azure RBAC resources by using Bicep .
To create a Microsoft.Authorization/roleAssignments resource, add the following Bicep to your template.
Roleassignments, roleassignmentproperties, quickstart templates.
The following quickstart templates deploy this resource type.
ARM template resource definition
Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in ARM templates .
To create a Microsoft.Authorization/roleAssignments resource, add the following JSON to your template.
Terraform (AzAPI provider) resource definition
Use the parent_id property on this resource to set the scope for this resource.
- Resource groups
- Management groups
To create a Microsoft.Authorization/roleAssignments resource, add the following Terraform to your template.