I am using this [subscription api][https://management.azure.com/subscriptions?api-version=2020-01-01] to get the azure subscription details. but in the response we are getting authorization source has role based. How can we fetch the users present in that subscription and what are there permissions(ex- owner, reader)
Firstly, you can use this API to get the role assignment of your subscription, just as below:
Each item record presents a role assignment. And you can find roleDefinitionId
which means the role you assigned and principalId
means the role assigned to which Azure AD app or user.
So if you want to get the details about the role information, you should call the API below sparately:
GET https://management.azure.com/<value of roleDefinitionId>?api-version=2018-07-01
And if you want to get the details information of principalId
, you should call Microsoft Graph API : get directory object just as below:
If you just want to query a user/Azure ad application is assigned with subscription roles, it will be much easier as This API provides a $filter
param for us, lets say if you have a user's object ID, you can filter this user's role by request below: