turbot/azure_insights

Query: resource_group_role_definitions_for_activedirectory_user

Usage

powerpipe query azure_insights.query.resource_group_role_definitions_for_activedirectory_user

SQL

select
d.id || '/' || d.subscription_id as role_definition_id,
a.scope
from
azuread_user as u
left join azure_role_assignment as a on a.principal_id = u.id
left join azure_role_definition as d on d.id = a.role_definition_id
where
((a.scope like '%/resourceGroups/%')
or (a.scope like '%/resourcegroups/%'))
and d.id is not null
and u.id = split_part($1, '/', 1)
and u.tenant_id = split_part($1, '/', 2);