แชร์ผ่าน


Getting all operations for all Providers so create custom roles in RBAC for Azure

Today I was asked to help a customer find ALL the roles available for inclusion into a RBAC role’s they possibly want to create.

There is no definitive list I could find but it definitely is there in Azure somewhere

So I wrote a little script that helps exports all the Providers and Operations you can do for each provider so that you can look and select.

First we login to Azure

Login-AzureRmAccount

Next we use the CmdLet Get-AzureRMProviderOperation

$allOps = Get-AzureRmProviderOperation -OperationSearchString *

This will retrieve EVERYTHING

I am just dropping a text file into a directory per provider for review afterwards but you could export it to a CSV and full filter it.. if you want  however I just wanted something quick and simple so the logic is as follows

$sourcedir = $env:userprofile + "\Desktop\AzureRBAC"
$testdir =test-path $sourcedir
if($testdir -eq $false)
{
new-item -type directory $sourcedir
}

for($i=0;$i -lt $allops.count;$i++)
{
$name = $allops[$i].Operation.split("/")[0]

$objarr = @()
$filename = $sourcedir + "\" + $name + ".txt"
for($p=0;$p -lt $allops.Count;$p++)
{

if($name -eq $allops[$p].Operation.split("/")[0])
{
$obj = new-object psobject
$obj |Add-Member -MemberType NoteProperty -Name Provider -Value $name -Force
$obj |Add-Member -MemberType NoteProperty -Name OperationName -Value $allOps[$p].OperationName -Force
$obj |Add-Member -MemberType NoteProperty -Name Operation -Value $allOps[$p].Operation -Force
$objarr += $obj

}

}
$objarr |out-file $filename

}

It will create a separate text file for each provider and the actions you can perform.. you can choose to be very selective in your RBAC role then..