Skip to content

Instantly share code, notes, and snippets.

@jkbryan
Created April 12, 2019 20:40
Show Gist options
  • Save jkbryan/6ac763d0c35967bd69633015484513b7 to your computer and use it in GitHub Desktop.
Save jkbryan/6ac763d0c35967bd69633015484513b7 to your computer and use it in GitHub Desktop.
Script to report on all role assignments to a subscription or optionally to look for a named users role assignments.
Connect-AzureRmAccount
$Logfile = "C:\Temp\RoleAssignmentsLog.csv"
If (Test-Path $Logfile) {
Clear-Content -Path $Logfile
}
$Subscription1 = "<SubscriptionGUID>"
$Subscription2 = "<SubscriptionGUID>"
Add-Content $Logfile "RG/Subscription,RoleDefinitionName,DisplayName,SignInName,ObjectType"
#Do first subscription top level
Set-AzureRmContext -Subscription $Subscription1
$S1SubscriptionRoles = $NULL
$S1SubscriptionRoles = Get-AzureRmRoleAssignment
ForEach ($S1Role in $S1SubscriptionRoles) {
$RoleInfo = $NULL
[String]$RoleInfo = $Subscription1 + "," + $S1Role.RoleDefinitionName + "," + $S1Role.DisplayName + "," + $S1Role.SignInName + "," + $S1Role.ObjectType
Add-Content $Logfile $RoleInfo
}
#Then do each RG in the first Subscription:
$S1RGs = $NULL
$S1RGs = Get-AzureRmResourceGroup
ForEach ($RG in $S1RGs) {
$Role = $NULL
$Roles = $NULL
$RoleInfo = $NULL
$RGName = $NULL
$RGName = $RG.ResourceGroupName
$Roles = Get-AzureRmRoleAssignment -ResourceGroupName $RGName #-SignInName "Jon@oholics.onmicrosoft.com"
ForEach ($Role in $Roles) {
[String]$RoleInfo = $RGName + "," + $Role.RoleDefinitionName + "," + $Role.DisplayName + "," + $Role.SignInName + "," + $Role.ObjectType
Add-Content $Logfile $RoleInfo
}
}
#Then the second Subscription top level:
Set-AzureRmContext -Subscription $Subscription2
$S2SubscriptionRoles = $NULL
$S2SubscriptionRoles = Get-AzureRmRoleAssignment
ForEach ($S2Role in $S2SubscriptionRoles) {
$RoleInfo = $NULL
[String]$RoleInfo = $Subscription2 + "," + $S2Role.RoleDefinitionName + "," + $S2Role.DisplayName + "," + $S2Role.SignInName + "," + $S2Role.ObjectType
Add-Content $Logfile $RoleInfo
}
Add-Content $Logfile $RoleInfo
#Then do each RG in the second subscription:
$S2RGs = $NULL
$S2RGs = Get-AzureRmResourceGroup
ForEach ($RG in $S2RGs) {
$Role = $NULL
$Roles = $NULL
$RoleInfo = $NULL
$RGName = $NULL
$RGName = $RG.ResourceGroupName
$Roles = Get-AzureRmRoleAssignment -ResourceGroupName $RGName #-SignInName "Jon@oholics.onmicrosoft.com"
ForEach ($Role in $Roles) {
[String]$RoleInfo = $RGName + "," + $Role.RoleDefinitionName + "," + $Role.DisplayName + "," + $Role.SignInName + "," + $Role.ObjectType
Add-Content $Logfile $RoleInfo
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment