Differences

This shows you the differences between two versions of the page.

--- azure:azure_iam [2025/10/01 16:20] – mmuze
+++ azure:azure_iam [2026/04/06 19:20] (current) – [Azure Administrator Roles (Entra ID Roles) vs. Azure Roles (Azure RBAC Roles)] mmuze
@@ Line 15: / Line 15: @@
 ====== Azure Administrator Roles (Entra ID Roles) vs. Azure Roles (Azure RBAC Roles) ======
   * Entra roles/directory (scope) roles, administrator roles
-  * Azure roles, Azure RBAC roles, Azure resource roles
+  * Azure (ARM) roles, Azure RBAC roles, Azure resource roles
   * There are some built-in roles for Entra ID and Azure that have the same name, for example, //Reader// and //Security Reader//.
+  * Entra ID/Azure roles could be called //permission sets//
 ====== Tenant/Root Managment Group Level Access ======
@@ Line 81: / Line 82: @@
 ====== Working With Roles ======
+Get the Azure Roles assigned to a user.
+<code>
+Get-AzRoleAssignment -SigninName "Michael.Gupton@xyz.org" | select RoleDefinitionName, Scope
+</code>
 <code>
 az role assignment list --assignee "Michael.Gupton@xyz.org"
 </code>
+=== Get Roles that have a permission ===
+<code>
+Get-AzRoleDefinition | Where-Object {
+    $_.Actions -match "Microsoft.Authorization/policyAssignments"
+}
+</code>
 ====== Related ======
   * [[azure:service_principles|Service Principles]]
   * [[azure:Authentication and Authorization Examples]]