v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/azuread
Overview
15Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install azuread

Table: azuread_directory_role - Query Azure Active Directory Directory Roles using SQL

Azure Active Directory (Azure AD) is Microsoft's multi-tenant, cloud-based directory, and identity management service. It combines core directory services, application access management, and identity protection into a single solution. Directory Roles in Azure AD provide access to various features and capabilities in the Azure portal and Azure AD administrative features.

Table Usage Guide

The azuread_directory_role table provides insights into Directory Roles within Azure Active Directory. As a DevOps engineer or IT professional, you can explore role-specific details through this table, including permissions, and associated metadata. Utilize it to uncover information about roles, such as their assigned permissions, the users associated with each role, and the verification of role-specific settings.

Examples

Basic info

Explore the roles within your Azure Active Directory to understand their functions and who has been assigned to them. This can be useful for auditing purposes or to ensure the correct permissions have been granted.

select
  id,
  display_name,
  description,
  member_ids
from
  azuread_directory_role;
select
  id,
  display_name,
  description,
  member_ids
from
  azuread_directory_role;

List users with access to directory roles

Explore which users have access to specific directory roles. This is useful for managing and reviewing user permissions in a system.

select
  u.display_name as username,
  role.display_name as directory_role
from
  azuread_directory_role as role,
  jsonb_array_elements_text(member_ids) as m_id,
  azuread_user as u
where
  u.id = m_id;
select
  u.display_name as username,
  role.display_name as directory_role
from
  azuread_directory_role as role,
  json_each(role.member_ids) as m_id,
  azuread_user as u
where
  u.id = m_id.value;

Query examples

Control examples

Schema for azuread_directory_role

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
descriptiontextThe description for the directory role.
display_nametextThe display name for the directory role.
idtext=The unique identifier for the directory role.
member_idsjsonbId of the owners of the application. The owners are a set of non-admin users who are allowed to modify this object.
role_template_idtextThe id of the directoryRoleTemplate that this role is based on. The property must be specified when activating a directory role in a tenant with a POST operation. After the directory role has been activated, the property is read only.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
tenant_idtext=, !=, ~~, ~~*, !~~, !~~*The Azure Tenant ID where the resource is located.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azuread

You can pass the configuration to the command with the --config argument:

steampipe_export_azuread --config '<your_config>' azuread_directory_role