Discrepancy in list of users in Access Control in portal vs. get-azurermroleassignment

For audit compliance, I’ve been asked to screencap our complete users list in Azure to show who has access to the portal, as well as provide a text report of the same info.

In Subscriptions -> Contoso Production, within Access Control (IAM) if I filter Type to Users and Role to Owner, there are 12 individuals listed. However, if i run the below Powershell cmdlet, I only have four people listed:

get-azurermroleassignment | where {$_.RoleDefinitionName-eq "Owner"} | where {$_.ObjectType -eq "User"} | select-object DisplayName,SignInName,ObjectType,roledefinitionname,@{Name = 'Timestamp'; Expression = {[datetime]::Now}} 

Is get-azurermroleassignment the wrong cmdlet to use for this? Or am I missing something in how to get it to work properly?

submitted by /u/MohnJaddenPowers
[link] [comments]

Leave a Reply