chenbojian/Get-AzStorageAccessDetails.ps1

## Get-AzStorageAccessDetails.ps1

$roleAssignments = Get-AzRoleAssignment
$roles = Get-AzRoleDefinition

# https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations
$storageActionRegexList = @('^\*$', '^\*/.+$', '^Microsoft\.Storage/.+$')
$storageDataActionRegexList = @('^\*$', '^\*/.+$', '^Microsoft\.Storage/.+$')

$storageManagementAccessRoles = @()
$storageDataAccessRoles = @()

foreach ($role in $roles) {
    foreach ($action in $role.Actions) {
        foreach ($regex in $storageActionRegexList) {
            if ($action -match $regex) {
                foreach ($roleAssignment in ($roleAssignments | Where-Object RoleDefinitionName -eq $role.Name)) {
                    $storageManagementAccessRoles += [PSCustomObject]@{
                        Name = $roleAssignment.DisplayName
                        ObjectType = $roleAssignment.ObjectType
                        RoleName = $role.Name
                        Action = $action
                        Scopes = $role.AssignableScopes -join ';'
                    }
                }
            }
        }
    }

    foreach ($action in $role.DataActions) {
        foreach ($regex in $storageDataActionRegexList) {
            if ($action -match $regex) {
                foreach ($roleAssignment in ($roleAssignments | Where-Object RoleDefinitionName -eq $role.Name)) {
                    $storageDataAccessRoles += [PSCustomObject]@{
                        Name = $roleAssignment.DisplayName
                        ObjectType = $roleAssignment.ObjectType
                        RoleName = $role.Name
                        Action = $action
                        Scopes = $role.AssignableScopes -join ';'
                    }
                }
            }
        }
    }
}

Write-Host -ForegroundColor Green "Storage Management Access List:"
$storageManagementAccessRoles | Format-Table
Write-Host -ForegroundColor Green "Storage Data Access List:"
$storageDataAccessRoles | Format-Table

	$roleAssignments = Get-AzRoleAssignment
	$roles = Get-AzRoleDefinition

	# https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations
	$storageActionRegexList = @('^\$', '^\/.+$', '^Microsoft\.Storage/.+$')
	$storageDataActionRegexList = @('^\$', '^\/.+$', '^Microsoft\.Storage/.+$')

	$storageManagementAccessRoles = @()
	$storageDataAccessRoles = @()

	foreach ($role in $roles) {
	foreach ($action in $role.Actions) {
	foreach ($regex in $storageActionRegexList) {
	if ($action -match $regex) {
	foreach ($roleAssignment in ($roleAssignments \| Where-Object RoleDefinitionName -eq $role.Name)) {
	$storageManagementAccessRoles += [PSCustomObject]@{
	Name = $roleAssignment.DisplayName
	ObjectType = $roleAssignment.ObjectType
	RoleName = $role.Name
	Action = $action
	Scopes = $role.AssignableScopes -join ';'
	}
	}
	}
	}
	}

	foreach ($action in $role.DataActions) {
	foreach ($regex in $storageDataActionRegexList) {
	if ($action -match $regex) {
	foreach ($roleAssignment in ($roleAssignments \| Where-Object RoleDefinitionName -eq $role.Name)) {
	$storageDataAccessRoles += [PSCustomObject]@{
	Name = $roleAssignment.DisplayName
	ObjectType = $roleAssignment.ObjectType
	RoleName = $role.Name
	Action = $action
	Scopes = $role.AssignableScopes -join ';'
	}
	}
	}
	}
	}
	}

	Write-Host -ForegroundColor Green "Storage Management Access List:"
	$storageManagementAccessRoles \| Format-Table
	Write-Host -ForegroundColor Green "Storage Data Access List:"
	$storageDataAccessRoles \| Format-Table