I want to query all the builtin Azure role definitions using Search-AzQuery. I have the Az.ResourceGroup module v1.0.0 installed.
This query works fine in the Azure Portal’s Azure Resource Graph Explorer and returns 5 records:
authorizationresources | where type == "microsoft.authorization/roledefinitions" | where properties["type"] == "BuiltInRole" | limit 5
If I run the same query locally using Search-AzQuery (or az graph query for that matter), I get zero records.
Search-AzGraph -Query 'authorizationresources | where type == "microsoft.authorization/roledefinitions" | where properties["type"] == "BuiltInRole" | limit 5'
However, if I remove the second where, then it does return records.
Search-AzGraph -Query 'authorizationresources | where type == "microsoft.authorization/roledefinitions" | limit 5'
I’ve also tried the =~ operator (to ignore case when comparing) but that makes no difference.
What am I doing wrong?
2
Answers
When you run in local you should not run like the way you run, you will get 0 records as below:
To get correct results, you have to use command as below and followed Microsoft-Document:
Also refer my answer in SO-Thread.
Edit:
Use this command :
Edit2:
You should add
UseTenantScope, I tried a lot and found that this method works.Why it works:
roledefinitionshas the resource id some like this/providers/Microsoft.Authorization/RoleDefinitions/aabbc5dd-1af0-458b-a942-81af88f9c138, which not be related to a certain subscription.