how to get the list of SPN role assignment access

Question

We assigned built-in roles and custom roles to the service principle, but where we are check all SPN access list?

when we go to subscription and can verify the roles.

Answer 1

Hello Gangasani, Narender,

Thank you for reaching out to Microsoft Q&A. 

We understand that you are looking for an option to get the list of SPN role assignment access after going to the subscription. You can achieve that by following below steps. 

1. In the Azure portal, click All services and then select the scope. For example, you can select Management groups, Subscriptions, Resource groups, or a resource.
2. Click the specific resource.
3. Click Access control (IAM).
4. On the Check access tab, click the Check access button.
5. In the Check access pane, click User, group, or service principal or Managed identity.
6. In the search box, enter a string to search the directory for display names, email addresses, or object identifiers.

• On this pane, you can see the access for the selected security principal at this scope and inherited to this scope. Assignments at child scopes are not listed. You see the following assignments:
  • Role assignments added with Azure RBAC.
  • Deny assignments added using Azure Blueprints or Azure managed apps.
• Kindly refer this document for more information. 

Hope this helps. Do let us know if you any further queries.

---

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.