Search code examples
azureterraformazure-active-directory

List Microsoft Entra ID -> group role/permissions

I have a below code to give Reader role to a group.

data "azuread_group" "example" {
  display_name     = "users-group"
}
resource "azurerm_role_assignment" "example" {
  principal_id         = data.azuread_group.example.id
  role_definition_name = "Reader"
  scope                = "/subscriptions/subscription_id/resourceGroups/${data.azuread_group.example.object_id}"
}

I want to list group role assigned through azurerm_role_assignment using code, Bash command or through UI

Solution

  • In Portal, you can find the list of roles assigned to Microsoft Entra ID group by visiting Azure role assignments tab like this:

    enter image description here

    To fetch these details via Bash, you can make use of below commands:

    groupId="xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx"
az role assignment list --all --query "[?principalId=='$groupId'].{RoleName:roleDefinitionName,Scope:scope, PrincipalName:principalName}" --output table

    Response:

    enter image description here