September 27, 2020

List the permissions on an Azure role

az role definition list --name "<role-name>" --output json | jq '.[] | .permissions[0].actions'
Get-AzRoleDefinition -Name "<role name>" | Select Actions | ConvertTo-Json

To get the most current list of resource provider operations:

Get-AzProviderOperation */{resourceType}/*

To list all the custom roles:

az role definition list --custom-role-only true --output json | jq '.[] | {"roleName":.roleName, "roleType":.roleType}'

or

Get-AzRoleDefinition | ? {$_.IsCustom -eq $true} | FT Name, IsCustom

To list custom role assignments:

az role assignment list --role "<role-name>"

or

Get-AzRoleAssignment -RoleDefinitionName "<role-name>"

To delete a custom role (after the role assignments have been removed):

az role definition delete --name "<role-name>"

or

Get-AzRoleDefinition "<role-name>" | Remove-AzRoleDefinition

To get the subscription ID:

az account list  --output json | jq '.[] | .id, .name'