Getting all operations for all Providers so create custom roles in RBAC for Azure
Today I was asked to help a customer find ALL the roles available for inclusion into a RBAC role’s they possibly want to create.
There is no definitive list I could find but it definitely is there in Azure somewhere
So I wrote a little script that helps exports all the Providers and Operations you can do for each provider so that you can look and select.
First we login to Azure
Next we use the CmdLet Get-AzureRMProviderOperation
$allOps = Get-AzureRmProviderOperation -OperationSearchString *
This will retrieve EVERYTHING
I am just dropping a text file into a directory per provider for review afterwards but you could export it to a CSV and full filter it.. if you want however I just wanted something quick and simple so the logic is as follows
$sourcedir = $env:userprofile + "\Desktop\AzureRBAC"
$testdir =test-path $sourcedir
if($testdir -eq $false)
new-item -type directory $sourcedir
for($i=0;$i -lt $allops.count;$i++)
$name = $allops[$i].Operation.split("/")
$objarr = @()
$filename = $sourcedir + "\" + $name + ".txt"
for($p=0;$p -lt $allops.Count;$p++)
if($name -eq $allops[$p].Operation.split("/"))
$obj = new-object psobject
$obj |Add-Member -MemberType NoteProperty -Name Provider -Value $name -Force
$obj |Add-Member -MemberType NoteProperty -Name OperationName -Value $allOps[$p].OperationName -Force
$obj |Add-Member -MemberType NoteProperty -Name Operation -Value $allOps[$p].Operation -Force
$objarr += $obj
$objarr |out-file $filename
It will create a separate text file for each provider and the actions you can perform.. you can choose to be very selective in your RBAC role then..