Reputation: 1
List of RBAC permissions for all Azure Resources
Are there APIs to list all the RBAC permissions available for Azure Resources ?
I am trying to get the list in order to identify the privileged custom roles and effective permissions of users in the Subscription. I am looking for the list of 1.actions 2.notActions 3.dataActions 4.notDataActions properties of Permissions for all Azure resources.
Please let me know in case you have come across any Azure apis that can do this.Thanks.
Upvotes: 0
Views: 1045
Answers (1)
Reputation: 7483
The method with Powershell uses foreach to iterate through each resources and retrieve the RBAC permissions. There is no direct method to list of RBAC permissions for all Azure Resources with Azure API.
As a workaround, you need to get all resources in subscription, then loop to get the permissions in each resource.
Follow this to get all resources:
POST https://management.azure.com/providers/Microsoft.ResourceGraph/resources?api-version=2019-04-01
Follow this to get the permissions:
GET /deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments
Upvotes: -1
Related Questions
- Azure: I don't have permissions, but I am Owner
- list ACL for storage
- Azure RBAC Permission
- Exact Permissions\actions needed to List Azure Resources using C# rest API
- Azure find out which permission is needed for certain action
- How can I list all of my permissions derived from roles in Azure?
- List of all Resources in my Azure Subscription + IAM Access Control Credentials
- How to grant read access to only some resources in an Azure subscription?
- Azure Resource Group Access
- How to get list of all roles assignments using RBAC API