Listing my Azure permissions from Azure Java SDK

Question

There is Azure API for listing my own permissions. It's partially documented in Azure API Permissions doc (thought they miss the per-subscription case in documentation).

I am struggling to find a way how to call this API via Azure Java SDK - there is Access Management interface accessible via .accessManagement() method, but that contains methods for listing roles and role assignments, not for listing the actual permissions.

Is this missing from the SDK or am I just searching badly?

Answer 1

Sometimes Azure SDK lacks some functionality. And I also checked the java SDK source seems there is no such interface to call this API directly.

So you have 2 options here:

1. Get the role assignments so that you can get the actual role ID, use this role ID you can get the role actual permissions by code below:

        Set<Permission> permissions = azureResourceManager.accessManagement().roleDefinitions().getById(
                        "{role id}")
                        .permissions();

2. Call the REST API directly, just try the code below:

import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.URL;
import java.net.URLConnection;
import java.util.List;
import java.util.stream.Collectors;

import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.management.AzureEnvironment;
import com.azure.core.management.profile.AzureProfile;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.google.gson.Gson;

public class testAzureAPI {

    public static void main(String[] args) {

        AzureProfile azureProfile = new AzureProfile(AzureEnvironment.AZURE);
        //I use ClientSecretCredential just for demo here, you can change it your self
        TokenCredential tokenCredential = new ClientSecretCredentialBuilder()
                .clientId("").clientSecret("")
                .tenantId("")  
   .authorityHost(azureProfile.getEnvironment().getActiveDirectoryEndpoint()).build();

        String accessToken = tokenCredential
                .getToken(new TokenRequestContext().addScopes("https://management.azure.com/.default")).block()
                .getToken();

        String reqURL = "https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Authorization/permissions?api-version=2015-07-01";

        try {

            URL url = new URL(reqURL);
            URLConnection conn = url.openConnection();
            conn.setRequestProperty("Authorization", "Bearer " + accessToken);
            BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream()));
            String inputLine = in.lines().collect(Collectors.joining());
            in.close();

            Permissions perms = new Gson().fromJson(inputLine, Permissions.class);

            System.out.println(perms.getValue().get(2).getActions());

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public class Value {
        public List<String> actions;

        public List<Object> notActions;

        public List<String> getActions() {
            return actions;
        }

        public void setActions(List<String> actions) {
            this.actions = actions;
        }

        public List<Object> getNotActions() {
            return notActions;
        }

        public void setNotActions(List<Object> notActions) {
            this.notActions = notActions;
        }
    }

    public class Permissions {
        public List<Value> value;

        public List<Value> getValue() {
            return value;
        }

        public void setValue(List<Value> value) {
            this.value = value;
        }
    }
}

I have tested on my side and it works for me perfectly:

Result: By API:

By code: