若要列出特定资源的角色分配,请使用 Get-AzRoleAssignment 和 -Scope
参数。 范围将因资源而异。 若要获取作用域,可以运行不带任何参数的 Get-AzRoleAssignment
来列出所有角色分配,然后查找要列出的作用域。
Get-AzRoleAssignment -Scope "/subscriptions/<subscription_id>/resourcegroups/<resource_group_name>/providers/<provider_name>/<resource_type>/<resource>
This following example shows how to list the role assignments for a storage account. Note that this command also lists role assignments at higher scopes, such as resource groups and subscriptions, that apply to this storage account.
PS C:\> Get-AzRoleAssignment -Scope "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/storage-test-rg/providers/Microsoft.Storage/storageAccounts/storagetest0122"
If you want to just list role assignments that are assigned directly on a resource, you can use the Where-Object command to filter the list.
PS C:\> Get-AzRoleAssignment | Where-Object {$_.Scope -eq "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/storage-test-rg/providers/Microsoft.Storage/storageAccounts/storagetest0122"}