Anteckning
Åtkomst till den här sidan kräver auktorisering. Du kan prova att logga in eller ändra kataloger.
Åtkomst till den här sidan kräver auktorisering. Du kan prova att ändra kataloger.
Today I was asked to help a customer find ALL the roles available for inclusion into a RBAC role’s they possibly want to create.
There is no definitive list I could find but it definitely is there in Azure somewhere
So I wrote a little script that helps exports all the Providers and Operations you can do for each provider so that you can look and select.
First we login to Azure
Login-AzureRmAccount
Next we use the CmdLet Get-AzureRMProviderOperation
$allOps = Get-AzureRmProviderOperation -OperationSearchString *
This will retrieve EVERYTHING
I am just dropping a text file into a directory per provider for review afterwards but you could export it to a CSV and full filter it.. if you want however I just wanted something quick and simple so the logic is as follows
$sourcedir = $env:userprofile + "\Desktop\AzureRBAC"
$testdir =test-path $sourcedir
if($testdir -eq $false)
{
new-item -type directory $sourcedir
}
for($i=0;$i -lt $allops.count;$i++)
{
$name = $allops[$i].Operation.split("/")[0]
$objarr = @()
$filename = $sourcedir + "\" + $name + ".txt"
for($p=0;$p -lt $allops.Count;$p++)
{
if($name -eq $allops[$p].Operation.split("/")[0])
{
$obj = new-object psobject
$obj |Add-Member -MemberType NoteProperty -Name Provider -Value $name -Force
$obj |Add-Member -MemberType NoteProperty -Name OperationName -Value $allOps[$p].OperationName -Force
$obj |Add-Member -MemberType NoteProperty -Name Operation -Value $allOps[$p].Operation -Force
$objarr += $obj
}
}
$objarr |out-file $filename
}
It will create a separate text file for each provider and the actions you can perform.. you can choose to be very selective in your RBAC role then..