azure:azure_iam

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
azure:azure_iam [2025/09/24 14:44] – [Security Principles] mmuzeazure:azure_iam [2026/04/06 19:20] (current) – [Azure Administrator Roles (Entra ID Roles) vs. Azure Roles (Azure RBAC Roles)] mmuze
Line 15: Line 15:
 ====== Azure Administrator Roles (Entra ID Roles) vs. Azure Roles (Azure RBAC Roles) ====== ====== Azure Administrator Roles (Entra ID Roles) vs. Azure Roles (Azure RBAC Roles) ======
   * Entra roles/directory (scope) roles, administrator roles   * Entra roles/directory (scope) roles, administrator roles
-  * Azure roles, Azure RBAC roles, Azure resource roles+  * Azure (ARM) roles, Azure RBAC roles, Azure resource roles
   * There are some built-in roles for Entra ID and Azure that have the same name, for example, //Reader// and //Security Reader//.   * There are some built-in roles for Entra ID and Azure that have the same name, for example, //Reader// and //Security Reader//.
 +  * Entra ID/Azure roles could be called //permission sets//
  
 ====== Tenant/Root Managment Group Level Access ====== ====== Tenant/Root Managment Group Level Access ======
Line 72: Line 73:
   * [[https://www.azadvertizer.net/]]   * [[https://www.azadvertizer.net/]]
   * [[https://idpowertoys.merill.net/]], Conditional Access Policy Visualizer   * [[https://idpowertoys.merill.net/]], Conditional Access Policy Visualizer
- 
-====== Related ====== 
-  * [[azure:service_principles|Service Principles]] 
-  * [[azure:Authentication and Authorization Examples]] 
  
 ====== Roles ====== ====== Roles ======
Line 83: Line 80:
  
 >The User Access Administrator role grants the ability to view all resources and manage access assignments at any subscription or management group level within the tenant. Due to its high privilege level, this role assignment should be removed immediately after completing the necessary changes at the root scope to minimize security risks. >The User Access Administrator role grants the ability to view all resources and manage access assignments at any subscription or management group level within the tenant. Due to its high privilege level, this role assignment should be removed immediately after completing the necessary changes at the root scope to minimize security risks.
 +
 +====== Working With Roles ======
 +
 +Get the Azure Roles assigned to a user.
 +<code>
 +Get-AzRoleAssignment -SigninName "Michael.Gupton@xyz.org" | select RoleDefinitionName, Scope
 +</code>
 +
 +<code>
 +az role assignment list --assignee "Michael.Gupton@xyz.org"
 +</code>
 +
 +=== Get Roles that have a permission ===
 +
 +<code>
 +Get-AzRoleDefinition | Where-Object {
 +    $_.Actions -match "Microsoft.Authorization/policyAssignments"
 +}
 +</code>
 +====== Related ======
 +  * [[azure:service_principles|Service Principles]]
 +  * [[azure:Authentication and Authorization Examples]]
  
  • azure/azure_iam.1758725043.txt.gz
  • Last modified: 2025/09/24 14:44
  • by mmuze