Getting all operations for all Providers so create custom roles in RBAC for Azure

Today I was asked to help a customer find ALL the roles available for inclusion into a RBAC role’s they possibly want to create.

There is no definitive list I could find but it definitely is there in Azure somewhere

So I wrote a little script that helps exports all the Providers and Operations you can do for each provider so that you can look and select.

First we login to Azure


Next we use the CmdLet Get-AzureRMProviderOperation

$allOps = Get-AzureRmProviderOperation -OperationSearchString *

This will retrieve EVERYTHING

I am just dropping a text file into a directory per provider for review afterwards but you could export it to a CSV and full filter it.. if you want  however I just wanted something quick and simple so the logic is as follows

$sourcedir = $env:userprofile + "\Desktop\AzureRBAC"
$testdir =test-path $sourcedir
if($testdir -eq $false)
new-item -type directory $sourcedir

for($i=0;$i -lt $allops.count;$i++)
$name = $allops[$i].Operation.split("/")[0]

$objarr = @()
$filename = $sourcedir + "\" + $name + ".txt"
for($p=0;$p -lt $allops.Count;$p++)

if($name -eq $allops[$p].Operation.split("/")[0])
$obj = new-object psobject
$obj |Add-Member -MemberType NoteProperty -Name Provider -Value $name -Force
$obj |Add-Member -MemberType NoteProperty -Name OperationName -Value $allOps[$p].OperationName -Force
$obj |Add-Member -MemberType NoteProperty -Name Operation -Value $allOps[$p].Operation -Force
$objarr += $obj


$objarr |out-file $filename


It will create a separate text file for each provider and the actions you can perform.. you can choose to be very selective in your RBAC role then..