Get-AzRoleDefinition
Synopsis: Retrieves role definitions from Azure Active Directory.
Syntax
Get-AzRoleDefinition
[-Name <String[]>]
[-Id <Guid>]
[-Scope <String>]
[-IncludeClassicAdministrators]
[] Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| -Name | String[] | No | One or more role definition names to retrieve. |
| -Id | Guid | No | Unique identifier of the role definition. |
| -Scope | String | No | Scope at which the role definition is effective (e.g., subscription, resource group). |
| -IncludeClassicAdministrators | SwitchParameter | No | Includes classic administrators in the results. |
| -WhatIf | SwitchParameter | No | Shows what would happen if the command runs. |
| -Confirm | SwitchParameter | No | Prompts for confirmation before executing. |
Examples
1. Get all role definitions
Get-AzRoleDefinition2. Get a role definition by name
Get-AzRoleDefinition -Name "Contributor"3. Get a role definition by ID
Get-AzRoleDefinition -Id 0e0c9c12-0f0a-4e95-8d33-4c5c7d2ff8d54. Get role definitions at a specific scope
Get-AzRoleDefinition -Scope "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyRG"Output
The cmdlet returns objects of type Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRoleDefinition. Common properties include:
- Name – Role name.
- Id – Guid identifier.
- IsCustom – Indicates if the role is custom.
- Permissions – List of allowed actions.
- AssignableScopes – Scopes where the role can be assigned.