Getting all operations for all Providers so create custom roles in RBAC for Azure
Today I was asked to help a customer find ALL the roles available for inclusion into a RBAC role’s they possibly want to create.
There is no definitive list I could find but it definitely is there in Azure somewhere
So I wrote a little script that helps exports all the Providers and Operations you can do for each provider so that you can look and select.
First we login to Azure
Login-AzureRmAccount
Next we use the CmdLet Get-AzureRMProviderOperation
$allOps = Get-AzureRmProviderOperation -OperationSearchString *
This will retrieve EVERYTHING
I am just dropping a text file into a directory per provider for review afterwards but you could export it to a CSV and full filter it.. if you want however I just wanted something quick and simple so the logic is as follows
$sourcedir = $env:userprofile + "\Desktop\AzureRBAC"
$testdir =test-path $sourcedir
if($testdir -eq $false)
{
new-item -type directory $sourcedir
}
for($i=0;$i -lt $allops.count;$i++)
{
$name = $allops[$i].Operation.split("/")[0]
$objarr = @()
$filename = $sourcedir + "\" + $name + ".txt"
for($p=0;$p -lt $allops.Count;$p++)
{
if($name -eq $allops[$p].Operation.split("/")[0])
{
$obj = new-object psobject
$obj |Add-Member -MemberType NoteProperty -Name Provider -Value $name -Force
$obj |Add-Member -MemberType NoteProperty -Name OperationName -Value $allOps[$p].OperationName -Force
$obj |Add-Member -MemberType NoteProperty -Name Operation -Value $allOps[$p].Operation -Force
$objarr += $obj
}
}
$objarr |out-file $filename
}
It will create a separate text file for each provider and the actions you can perform.. you can choose to be very selective in your RBAC role then..