Share via

How to use Azure C# SDK to retriever filtered role assignments

Fernando Almeida 0 Reputation points
2025-02-01T11:05:56.0733333+00:00

I'm starting to feel like Azure C# SDK does not provide a way for me to list all role assignments a user has been assigned directly or indirectly assigned at a given scope (e.g. subscription).

I know this is supported via the underlying REST API and available via PowerShell but for the life of me I'm unable to figure out who to go about specifying a filter for SDK if one indeed exists. If there's none then I can build the relevant API endpoint directly and hit it but was hoping I'd not need to do that. I've found this extension method which I believe would be abstracting this but it seems to provide no filtering functionality parametrized. Using this method seems like it would NOT retrieve implicit assignments (E.g. for a user being part of a group) which I'd like to abstract way.

Can anyone explain if what I'm seeing is really not supported by the SDK.

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
876 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
11,266 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Kancharla Saiteja 230 Reputation points Microsoft Vendor
    2025-02-04T10:01:22.7366667+00:00

    Hi @Fernando Almeida ,

    Thank you for posting your query on Microsoft Q&A. I am Saiteja from Q&A will be assisting you with your query.

    Based on your query, here is my understanding: You would like to know if there is any possibility to retrieve implicit role assignments for a given scope using SDK.

    I have checked with available documents and found there is no filter or an option to provide the implicit role assignment for any given scope using SDK. As you have mentioned, List role assignments is possible from Azure portal, CLI, PowerShell and RestAPI. These are the available methods to retrieve the role assignments in Azure. This is because of the complexity and vast possibilities of customization of roles with various (eg: Subscriptions, Resources groups and resources). There are also Deny assignments which is another customization opted for the resources and subscriptions which would explicitly hefty task to perform using an SDK.

    Here is the document which continues with all the possible ways of finding the role assignments for any given scope.

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly "upvote it". If you have extra questions about this answer, please click "Comment"

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.