turbot/azure

steampipe plugin install azuresteampipe plugin install azure
azure_ad_groupazure_ad_service_principalazure_ad_userazure_api_managementazure_app_service_environmentazure_app_service_function_appazure_app_service_planazure_app_service_web_appazure_application_security_groupazure_compute_availability_setazure_compute_diskazure_compute_disk_encryption_setazure_compute_disk_metric_read_opsazure_compute_disk_metric_read_ops_dailyazure_compute_disk_metric_read_ops_hourlyazure_compute_disk_metric_write_opsazure_compute_disk_metric_write_ops_dailyazure_compute_disk_metric_write_ops_hourlyazure_compute_imageazure_compute_resource_skuazure_compute_snapshotazure_compute_virtual_machineazure_compute_virtual_machine_metric_cpu_utilizationazure_compute_virtual_machine_metric_cpu_utilization_dailyazure_compute_virtual_machine_metric_cpu_utilization_hourlyazure_cosmosdb_accountazure_cosmosdb_mongo_databaseazure_cosmosdb_sql_databaseazure_data_factoryazure_data_factory_datasetazure_data_factory_pipelineazure_diagnostic_settingazure_express_route_circuitazure_firewallazure_key_vaultazure_key_vault_keyazure_key_vault_secretazure_kubernetes_clusterazure_locationazure_log_alertazure_log_profileazure_management_lockazure_mysql_serverazure_network_interfaceazure_network_security_groupazure_network_watcherazure_network_watcher_flow_logazure_policy_assignmentazure_policy_definitionazure_postgresql_serverazure_providerazure_public_ipazure_resource_groupazure_role_assignmentazure_role_definitionazure_route_tableazure_security_center_auto_provisioningazure_security_center_contactazure_security_center_settingazure_security_center_subscription_pricingazure_sql_databaseazure_sql_serverazure_storage_accountazure_storage_blobazure_storage_blob_serviceazure_storage_containerazure_storage_queueazure_storage_tableazure_storage_table_serviceazure_subnetazure_subscriptionazure_tenantazure_virtual_networkazure_virtual_network_gateway

Table: azure_role_assignment

Azure role assignments is the authorization system to manage access to Azure resources. To grant access, you assign roles to users, groups, service principals, or managed identities at a particular scope.

Examples

Role assignment basic info

select
name,
id,
principal_id,
principal_type
from
azure_role_assignment;

List of role assignments which has permission at root level

select
name,
id,
scope
from
azure_role_assignment
where
scope = '/';

List of role assignments which has subscription level permission and full access to the subscription

select
ra.name as roll_assignment_name,
rd.role_name
from
azure_role_assignment ra
join azure_role_definition rd on ra.role_definition_id = rd.id
cross join jsonb_array_elements(rd.permissions) as perm
where
ra.scope like '/subscriptions/%'
and perm -> 'actions' = '["*"]';

.inspect azure_role_assignment

Azure Role Assignment

NameTypeDescription
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
idtextContains ID to identify a role assignment uniquely.
nametextThe friendly name that identifies the role assignment.
principal_idtextContains the principal id.
principal_typetextPrincipal type of the assigned principal ID.
role_definition_idtextName of the assigned role definition.
scopetextCurrent state of the role assignment.
subscription_idtextThe Azure Subscription ID in which the resource is located.
titletextTitle of the resource.
typetextContains the resource type.