roleAssigment.ps1

<#
.SYNOPSIS
    Set IAM role assigments to specific resources.
.DESCRIPTION
    The scripts gets the identity object id from the resource group so you need to ne added it before
.EXAMPLE
    .\roleAssigment.ps1 -SubscriptionName CTSBP-PROD-SUB -ResourceGroupName UWUPIERSG01 -IdentityList IT-Team,CT-USER -ResourceList WEBAPPNAME01,STORAGEACC01 -RoleName Contributor
    .\roleAssigment.ps1 -SubscriptionName CTSBP-TEST-SUB -ResourceGroupName UWUPIERSG01 -IdentityList CT-USER -ResourceList WEBAPPNAME01 -RoleName Reader
#>

param(
    [Parameter(Mandatory=$true)]
    [string]$SubscriptionName,
    [string]$ResourceGroupName,
    [string[]]$IdentityList,
    [string[]]$ResourceList,
    [string]$RoleName
)

function Set-RoleAssigment {
    param (
        $resources,
        $identity,
        $role
    )
    foreach ($resource in $resources) {
        $resourceId = (Get-AzResource -ResourceGroupName $ResourceGroupName -ResourceName $Resource).ResourceId
        New-AzRoleAssignment -ObjectId $identity -RoleDefinitionName $role -Scope $resourceId | Out-Null
        Write-Host "Role $role assigned to $resource" 
    }
}

Set-AzContext -SubscriptionName $SubscriptionName | Out-Null

foreach ($identity in $IdentityList) {
    Write-Host "Setting role assigment for $identity"
    $identityId = (Get-AzRoleAssignment -ResourceGroupName $ResourceGroupName | Where-Object {$_.DisplayName -match $identity}).ObjectId | Select-Object -First 1
    Set-RoleAssigment -resources $ResourceList -identity $identityId -role $RoleName
}