Script to report on all role assignments to a subscription or optionally to look for a named users role assignments.
Connect-AzureRmAccount | |
$Logfile = "C:\Temp\RoleAssignmentsLog.csv" | |
If (Test-Path $Logfile) { | |
Clear-Content -Path $Logfile | |
} | |
$Subscription1 = "<SubscriptionGUID>" | |
$Subscription2 = "<SubscriptionGUID>" | |
Add-Content $Logfile "RG/Subscription,RoleDefinitionName,DisplayName,SignInName,ObjectType" | |
#Do first subscription top level | |
Set-AzureRmContext -Subscription $Subscription1 | |
$S1SubscriptionRoles = $NULL | |
$S1SubscriptionRoles = Get-AzureRmRoleAssignment | |
ForEach ($S1Role in $S1SubscriptionRoles) { | |
$RoleInfo = $NULL | |
[String]$RoleInfo = $Subscription1 + "," + $S1Role.RoleDefinitionName + "," + $S1Role.DisplayName + "," + $S1Role.SignInName + "," + $S1Role.ObjectType | |
Add-Content $Logfile $RoleInfo | |
} | |
#Then do each RG in the first Subscription: | |
$S1RGs = $NULL | |
$S1RGs = Get-AzureRmResourceGroup | |
ForEach ($RG in $S1RGs) { | |
$Role = $NULL | |
$Roles = $NULL | |
$RoleInfo = $NULL | |
$RGName = $NULL | |
$RGName = $RG.ResourceGroupName | |
$Roles = Get-AzureRmRoleAssignment -ResourceGroupName $RGName #-SignInName "Jon@oholics.onmicrosoft.com" | |
ForEach ($Role in $Roles) { | |
[String]$RoleInfo = $RGName + "," + $Role.RoleDefinitionName + "," + $Role.DisplayName + "," + $Role.SignInName + "," + $Role.ObjectType | |
Add-Content $Logfile $RoleInfo | |
} | |
} | |
#Then the second Subscription top level: | |
Set-AzureRmContext -Subscription $Subscription2 | |
$S2SubscriptionRoles = $NULL | |
$S2SubscriptionRoles = Get-AzureRmRoleAssignment | |
ForEach ($S2Role in $S2SubscriptionRoles) { | |
$RoleInfo = $NULL | |
[String]$RoleInfo = $Subscription2 + "," + $S2Role.RoleDefinitionName + "," + $S2Role.DisplayName + "," + $S2Role.SignInName + "," + $S2Role.ObjectType | |
Add-Content $Logfile $RoleInfo | |
} | |
Add-Content $Logfile $RoleInfo | |
#Then do each RG in the second subscription: | |
$S2RGs = $NULL | |
$S2RGs = Get-AzureRmResourceGroup | |
ForEach ($RG in $S2RGs) { | |
$Role = $NULL | |
$Roles = $NULL | |
$RoleInfo = $NULL | |
$RGName = $NULL | |
$RGName = $RG.ResourceGroupName | |
$Roles = Get-AzureRmRoleAssignment -ResourceGroupName $RGName #-SignInName "Jon@oholics.onmicrosoft.com" | |
ForEach ($Role in $Roles) { | |
[String]$RoleInfo = $RGName + "," + $Role.RoleDefinitionName + "," + $Role.DisplayName + "," + $Role.SignInName + "," + $Role.ObjectType | |
Add-Content $Logfile $RoleInfo | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment