turbot/azure

steampipe plugin install azuresteampipe plugin install azure
azure_ad_groupazure_ad_service_principalazure_ad_userazure_api_managementazure_app_service_environmentazure_app_service_function_appazure_app_service_planazure_app_service_web_appazure_application_security_groupazure_compute_availability_setazure_compute_diskazure_compute_disk_encryption_setazure_compute_disk_metric_read_opsazure_compute_disk_metric_read_ops_dailyazure_compute_disk_metric_read_ops_hourlyazure_compute_disk_metric_write_opsazure_compute_disk_metric_write_ops_dailyazure_compute_disk_metric_write_ops_hourlyazure_compute_imageazure_compute_resource_skuazure_compute_snapshotazure_compute_virtual_machineazure_compute_virtual_machine_metric_cpu_utilizationazure_compute_virtual_machine_metric_cpu_utilization_dailyazure_compute_virtual_machine_metric_cpu_utilization_hourlyazure_cosmosdb_accountazure_cosmosdb_mongo_databaseazure_cosmosdb_sql_databaseazure_data_factoryazure_data_factory_datasetazure_data_factory_pipelineazure_diagnostic_settingazure_express_route_circuitazure_firewallazure_key_vaultazure_key_vault_keyazure_key_vault_secretazure_kubernetes_clusterazure_locationazure_log_alertazure_log_profileazure_management_lockazure_mysql_serverazure_network_interfaceazure_network_security_groupazure_network_watcherazure_network_watcher_flow_logazure_policy_assignmentazure_policy_definitionazure_postgresql_serverazure_providerazure_public_ipazure_resource_groupazure_role_assignmentazure_role_definitionazure_route_tableazure_security_center_auto_provisioningazure_security_center_contactazure_security_center_settingazure_security_center_subscription_pricingazure_sql_databaseazure_sql_serverazure_storage_accountazure_storage_blobazure_storage_blob_serviceazure_storage_containerazure_storage_queueazure_storage_tableazure_storage_table_serviceazure_subnetazure_subscriptionazure_tenantazure_virtual_networkazure_virtual_network_gateway

Table: azure_role_definition

A role definition lists the operations that can be performed, such as read, write, and delete.

Examples

List the custom roles

select
name,
description,
role_name,
role_type,
title
from
azure_role_definition
where
role_type = 'CustomRole';

List of roles whose assignable scope is set to root('/') scope

select
name,
role_name,
scope
from
azure_role_definition,
jsonb_array_elements_text(assignable_scopes) as scope
where
scope = '/';

Permissions of all custom roles

select
name,
role_name,
role_type,
permission -> 'actions' as action,
permission -> 'dataActions' as data_action,
permission -> 'notActions' as no_action,
permission -> 'notDataActions' as not_data_actions
from
azure_role_definition
cross join jsonb_array_elements(permissions) as permission
where
role_type = 'CustomRole';

.inspect azure_role_definition

Azure Role Definition

NameTypeDescription
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
assignable_scopesjsonbA list of assignable scopes for which the role definition can be assigned.
descriptiontextDescription of the role definition.
idtextContains ID to identify a role definition uniquely.
nametextThe friendly name that identifies the role definition.
permissionsjsonbA list of actions, which can be accessed.
role_nametextCurrent state of the role definition.
role_typetextName of the role definition.
subscription_idtextThe Azure Subscription ID in which the resource is located.
titletextTitle of the resource.
typetextContains the resource type.