1

Is type microsoft.authorization/roledefinitions available through Azure Resource Graph?

Context

I'm hoping to query Azure Resource Graph to fetch all roles which have specific permissions. Looking around I found microsoft.authorization/roledefinitions which seems to be a good starting point; it's documented here and is listed under tables in Azure Resource Graph Explorer / double clicking it adds the line | where type == "microsoft.authorization/roledefinitions" which seems promising.

However, when I run the below Kusto this type doesn't show up:

Search-AzGraph -query @'
resources 
| where type startswith "Microsoft.Aut" 
| distinct type
'@

The response is simply:

type
----
microsoft.automation/automationaccounts
microsoft.automation/automationaccounts/runbooks

I do have access to view role definitions though; as running Get-AzRoleDefinition produces a list of results.

Is there something more I need to do to make this type visible via Kusto; or is it simply not yet available through ARG?

JohnLBevan
  • 1,214
  • 7
  • 22
  • 46

1 Answers1

1

you can change the table to authorizationresources and that should provide the definitions:

$query = 'authorizationresources | where type == "microsoft.authorization/roledefinitions"' 
Search-AzGraph -query $query -UseTenantScope
ClumsyPuffin
  • 86
  • 1
  • 7
  • 1
    Ah - thank-you; I'd not even thought to question the table the resources would be under. That works perfectly. – JohnLBevan Aug 15 '23 at 08:03