Home > Enterprise >  What rights or permissiones does a user need to be able to run certain powershell commands in azure?
What rights or permissiones does a user need to be able to run certain powershell commands in azure?

Time:04-13

Iam trying to determine the minimum user rights , roles I can assign a user just so they can pull information from Azure AD, etc.

Currently the commands I am looking into are : Get-AzureADDevice , Get-AzureADUser, Get-MsolDevice.

All documentation I find just lists uses, examples etc. but not rights and I am currently unable to test out a case by case from normal user up to admin to find which rights are required.

CodePudding user response:

Assigned the Global Reader role to the user and tested one of the given commands (Get-AzureADUser) in the Question.

enter image description here

Tried to update the user but not possible due to the role permission restrictions.

enter image description here

Note: Global Reader - Can read everything that a Global Administrator can, but not update anything.

Updated Answer:

Assigned the Directory Reader Role to the user and checked the workflow, able to get the information but not successful to update or do management work like updating/modifying the information using Azure Active Directory PowerShell Commands:

enter image description here

Workaround Result:

enter image description here

Note: Directory Reader Role - Can read basic directory information. Commonly used to grant directory read access to applications and guests.

Depending on your requirement, you can choose any of the above RBAC for the user.

  • Related