Azure Role Assignments

azureroleassignments.ps1

# List all users across all subscriptions assigned a permanent role (not PIM)

# Ensure Az module is installed
# Install-Module Az -Scope CurrentUser -Repository PSGallery -Force

# Connect to Azure
Connect-AzAccount

# Get all subscriptions
$subscriptions = Get-AzSubscription

# Initialize result array
$allUserRoleAssignments = @()

foreach ($sub in $subscriptions) {
    Write-Host "Processing subscription: $($sub.Name) [$($sub.Id)]" -ForegroundColor Cyan

    # Set the context to the subscription
    Set-AzContext -SubscriptionId $sub.Id

    # Get all role assignments in the current subscription
    $assignments = Get-AzRoleAssignment

    # Filter only users (exclude service principals, groups, etc.)
    $userAssignments = $assignments | Where-Object {
        $_.ObjectType -eq 'User' 
    }

    # Add subscription name and ID to the output
    $userAssignments | ForEach-Object {
        $allUserRoleAssignments += [PSCustomObject]@{
            SubscriptionName   = $sub.Name
            SubscriptionId     = $sub.Id
            DisplayName        = $_.DisplayName
            SignInName         = $_.SignInName
            RoleDefinitionName = $_.RoleDefinitionName
            Scope              = $_.Scope
        }
    }
}

# Output the result
$allUserRoleAssignments | Format-Table -AutoSize

# Optional: Export to CSV
$allUserRoleAssignments | Export-Csv -Path "AllUserRoleAssignments.csv" -NoTypeInformation