Can I get users & groups for an Azure approle using PowerShell?

wgemini
May 11, 2023
280 views
1 vote
2 Answers

In my powershell script, I have used Get-AzADApplication (from Az.resources module) to get an Enterprise Application. I can see the particular approle I am interested in (with an ID) in the result. How can I then get all the users and groups that has the appRoles?

From the portal, looks like ManagedApplications//AppRoleAssignments was used to fetch that info. What’s the powershell equivalent?

Tags: azure powershell

Answers

- KaranSingh
- May 11, 2023 at 8:10 am
- 0 votes
0
You can use below powershell command to retrieve the application role assignments for a service principal.

Get-AzureADServiceAppRoleAssignment -ObjectId $ServicePrincipalId

Below image shows the users assigned the app roles.

Login or Signup to reply.

- Jahnavi
- May 11, 2023 at 9:20 am
- 0 votes
0
To get all the users and groups that has the appRoles:

Use below command to achieve the expected results.

For Users:
```
Get-AzRoleAssignment | Where-Object {$_.objecttype -eq "User"} | select RoleDefinitionName,ObjectType,DisplayName
```
For Groups:
```
Get-AzRoleAssignment | Where-Object {$_.objecttype -eq "Group"} | select RoleDefinitionName,ObjectType,DisplayName
```
Refer Get-AzRoleAssignment Azure PowerShell Command.
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.