Skip to content

Commit 7adde04

Browse files
rolyonrolyon
committed
Added Get-AzRoleAssignment example
1 parent 0e7de01 commit 7adde04

File tree

1 file changed

+35
-1
lines changed

1 file changed

+35
-1
lines changed

articles/role-based-access-control/role-assignments-powershell.md

Lines changed: 35 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ ms.devlang: na
1212
ms.topic: conceptual
1313
ms.tgt_pltfrm: na
1414
ms.workload: identity
15-
ms.date: 09/11/2019
15+
ms.date: 10/22/2019
1616
ms.author: rolyon
1717
ms.reviewer: bagovind
1818
---
@@ -152,6 +152,40 @@ Microsoft.Network/loadBalancers/backendAddressPools/join/action
152152

153153
In RBAC, to list access, you list the role assignments.
154154

155+
### List all role assignments in a subscription
156+
157+
The easiest way to get a list of all the role assignments in the current subscription (including inherited role assignments from root and management groups) is to use [Get-AzRoleAssignment](/powershell/module/az.resources/get-azroleassignment) without any parameters.
158+
159+
```azurepowershell
160+
Get-AzRoleAssignment
161+
```
162+
163+
```Example
164+
PS C:\> Get-AzRoleAssignment
165+
166+
RoleAssignmentId : /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/11111111-1111-1111-1111-111111111111
167+
Scope : /subscriptions/00000000-0000-0000-0000-000000000000
168+
DisplayName : Alain
169+
SignInName : [email protected]
170+
RoleDefinitionName : Storage Blob Data Reader
171+
RoleDefinitionId : 2a2b9908-6ea1-4ae2-8e65-a410df84e7d1
172+
ObjectId : 44444444-4444-4444-4444-444444444444
173+
ObjectType : User
174+
CanDelegate : False
175+
176+
RoleAssignmentId : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/pharma-sales/providers/Microsoft.Authorization/roleAssignments/33333333-3333-3333-3333-333333333333
177+
Scope : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/pharma-sales
178+
DisplayName : Marketing
179+
SignInName :
180+
RoleDefinitionName : Contributor
181+
RoleDefinitionId : b24988ac-6180-42a0-ab88-20f7382dd24c
182+
ObjectId : 22222222-2222-2222-2222-222222222222
183+
ObjectType : Group
184+
CanDelegate : False
185+
186+
...
187+
```
188+
155189
### List role assignments for a user
156190

157191
To list all the roles that are assigned to a specified user, use [Get-AzRoleAssignment](/powershell/module/az.resources/get-azroleassignment).

0 commit comments

Comments
 (0)