The role assignments where the user has been removed remain as Identity not found
.
The az role assignment list
does not return displayName to filter it out that way.
Ex:
"canDelegate": null,
"condition": null,
"conditionVersion": null,
"description": "",
"id": "/subscriptions/xxxxxxxxxxxxx/providers/Microsoft.Authorization/roleAssignments/xxxxxxxxxxxxx",
"name": "xxxxxxxxxxxxx",
"principalId": "xxxxxxxxxxxxx",
"principalType": "ServicePrincipal",
"roleDefinitionId": "/subscriptions/xxxxxxxxxxxxx/providers/Microsoft.Authorization/roleDefinitions/xxxxxxxxxxxxx",
"roleDefinitionName": "User Access Administrator",
"scope": "/subscriptions/xxxxxxxxxxxxx",
"type": "Microsoft.Authorization/roleAssignments"
Do we have any easy way of finding these and removing them using az cli? So that this can be put into a script.
Do we have any easy way of finding these and removing them using az cli
Using azure cli I couldn't find any way to get Orphaned Roles but I could able to find an alternative that is Uinsg PowerShell as below and I followed Microsoft-Document and SO-Thread :
Get-AzRoleAssignment | Where-object -Property Displayname -eq $null
Output:
You could also get Orphaned Role using below commands and I followed
$o = "Unknown"
Get-AzRoleAssignment | Where-object -Property ObjectType -eq $o
Output:
Now you can use Remove-AzRoleAssignment
to remove these roles MS-Doc .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.