Skip to content Skip to sidebar Skip to footer
Home / Azure / Azure Active Directory / Azure Resource Manager / Javascript / Node.js

Get Access Control List (IAM) Of A Resource Group In Node.js

Post a Comment
I am using Node.js to interact with Azure, for example, to create a resource group: const { ResourceManagementClient } = require('azure-arm-resource'); createResourceGroup(locatio

Solution 1:

You will need to make use of the Azure Authorization Modules for Node.js

Here is sample code based on Microsoft Docs

Installing Azure Authorization module

npm install azure-arm-authorization

List all role assignments for a specific resource group

const msRestAzure = require('ms-rest-azure');
const authorizationManagement = require('azure-arm-authorization');

const resourceGroup = 'resource-group-name';
const subscriptionId = 'your-subscription-id';

msRestAzure.interactiveLogin().then(credentials => {
 const client = new authorizationManagement(credentials, subscriptionId);
 client.roleAssignments.listForResourceGroup(resourceGroupName).then(result => {
   console.log(result);
 });
});

Also on a side note, know that the actual REST API being used for these operations is:

Role Assignments - List For Resource Group

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Authorization/roleAssignments?api-version=2015-07-01

Similar API, which accepts a generic scope (to work with not just resource groups but other resources as well)

Role Assignments - List For Scope

GET https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleAssignments?api-version=2015-07-01

UPDATE (trying to answer queries from comments)

Using the code above to list all role assignments for a specific resource group (or role assignments - list for resource group REST API).. you will be returned a collection of role assignments, like your comments reflect.

I suppose this is what you need based on the screenshot from your question, as you have Role Assignments tab selected and the list is being shown below in Azure Portal.

Now a role assignment in itself is formed by:

  1. A security principal Id (user, group, service principal etc. to whom you're trying to give permissions through a role)

  2. Role Definition Id (identifier for the role which you assigning like contributor, owner or a custom RBAC role for that matter)

  3. Scope (at which this role is assigned, like at subscription level or at a specific resource group or resource level)

This concept is explained in detail and very well here on Microsoft Docs

For your purpose to make sense of the response UUIDs, you will be able to find the list of all role definitions (to know their ID, Name Description etc. using Role Definitions List through node SDK or using Role Definitions - List REST API

Principal ID is the ID of user, group or app service principal.

Scope in your case is the resource group that you're trying to query role assignments for.

enter image description here


Post a Comment for "Get Access Control List (IAM) Of A Resource Group In Node.js"