Differences

This shows you the differences between two versions of the page.

--- azure:azure_iam [2025/09/24 14:44] – [Security Principles] mmuze
+++ azure:azure_iam [2025/10/02 20:52] (current) – [Working With Roles] mmuze
@@ Line 72: / Line 72: @@
   * [[https://www.azadvertizer.net/]]
   * [[https://idpowertoys.merill.net/]], Conditional Access Policy Visualizer
-====== Related ======
-  * [[azure:service_principles|Service Principles]]
-  * [[azure:Authentication and Authorization Examples]]
 ====== Roles ======
@@ Line 83: / Line 79: @@
 >The User Access Administrator role grants the ability to view all resources and manage access assignments at any subscription or management group level within the tenant. Due to its high privilege level, this role assignment should be removed immediately after completing the necessary changes at the root scope to minimize security risks.
+====== Working With Roles ======
+Get the Azure Roles assigned to a user.
+<code>
+Get-AzRoleAssignment -SigninName "Michael.Gupton@xyz.org" | select RoleDefinitionName, Scope
+</code>
+<code>
+az role assignment list --assignee "Michael.Gupton@xyz.org"
+</code>
+=== Get Roles that have a permission ===
+<code>
+Get-AzRoleDefinition | Where-Object {
+    $_.Actions -match "Microsoft.Authorization/policyAssignments"
+}
+</code>
+====== Related ======
+  * [[azure:service_principles|Service Principles]]
+  * [[azure:Authentication and Authorization Examples]]