Open skidrow88 opened 4 years ago
@jiasli , please help take a look.
Any news about this ticket ?
"Global reader" and "Global Administrator" are AAD permissions. The PowerShell command you mentioned I believe is Get-AzureADDirectoryRoleMember
from AzureAD module. az role
is for Azure RBAC role assignment instead. Azure CLI doesn't support AD role assignment/member list operation.
Per my rough research, you may use az rest
directly on AD Graph Role Assignment REST API or MS Graph List members REST API. I haven't tested the detailed usage of them. You may create an Azure support ticket to AAD team to get more help.
This was closed - was there a plan to incorporate this feature into az cli?
Let me mark this issue as feature request and see how we can deal with it during MS Graph integration (#12946), or maybe using the MS Graph CLI.
Having this incorporated into the Azure CLI would be mighty helpful.
Problem The
az cli role assignment list
command do not allow to get Directory Roles affected to AD users such as "Global reader" or "Global Administrator". (see https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles)The expected solution Get the members of any Directory Roles with azure-cli
The current alternative It seems only PowerShell could do it currently.