AzRoleAssignment Cmdlet
This cmdlet retrieves Azure role assignments.
Description
The Get-AzRoleAssignment cmdlet retrieves Azure role assignments for a specific scope. You can filter role assignments by scope, role definition, principal, or assignee.
Syntax
Get-AzRoleAssignment
[-Scope ]
[-RoleDefinitionName <String>]
[-SignInName <String>]
[-ObjectId <Guid>]
[-ApplicationId <Guid>]
[-ExpandPrincipalGroupMembership]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[ <CommonParameters> ]
Parameters
| Parameter | Description |
|---|---|
| -Scope | The scope of the role assignment. Examples: '/subscriptions/{subscriptionId}', '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}'. |
| -RoleDefinitionName | The name of the role definition. Example: 'Reader', 'Contributor'. |
| -SignInName | The sign-in name (UPN) of the principal. Example: 'user@example.com'. |
| -ObjectId | The object ID of the principal. |
| -ApplicationId | The application ID of the service principal. |
| -ExpandPrincipalGroupMembership | Expands group memberships for principals. |
| -DefaultProfile | The credentials, account, tenant, and subscription used for communication with Azure. |
| -WhatIf | Shows what would happen if the cmdlet runs. The cmdlet is not run. |
| -Confirm | Prompts you for confirmation before running the cmdlet. |
Examples
Example 1: Get all role assignments for a subscription
Get-AzRoleAssignment -Scope "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
Example 2: Get role assignments for a specific user
Get-AzRoleAssignment -SignInName "user@example.com" -Scope "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup"
Example 3: Get role assignments with the 'Reader' role
Get-AzRoleAssignment -RoleDefinitionName "Reader"