Script Sample - Apply RBAC Role to Users on Resources

@20aman    Oct 22, 2018

If you have to assign a role to users onto multiple resources, this script can reduce your workload and can do the heavy lifting for you. Simply provide the inputs and you can provide access to the users at any scope i.e. Subscriptions, Resource Group or individual resource.

Currently, the script factors in Virtual Machines as individual resources, but these can be replaced by any resource type.

Inputs and Script Requirements

The script takes in the following inputs:

  1. csvLocation - this is the CSV containing the name of the resources on which you want to provide the role-based access. An example CSV is also provided with the script. It is simply two column CSV. The first column being the VM Name (or resource name if you want to generalize) and the second column is the Resource Group containing that resource.
  2. role - This is the role that you want to assign. E.g. "Virtual Machine Operator"
  3. Scope - this can be one of the 3 values viz. "VirtualMachine", "Subscription" or "ResourceGroup"
  4. Usernames - this can be an array of the user names who will be assigned the access on the resources
  5. Groupnames - if groups need to be assigned access then they can be mentioned here
  6. RBACOperatorFlag - a boolean value with the default value of true. You set this to false when you are making changes and do not want the script to perform any actions. You do not need to worry about this parameter for most scenarios and can ignore this.

Example Execution

Example execution of the script will look like below.

Apply-RBACRoleToResources -csvLocation "C:\Users\aman\Documents\AzureVM.csv" -role "Virtual Machine Operator" -Scope "VirtualMachine" -UserNames "user1,user2" -GroupNames "abac" 

The above command will read the VM names and their related REsource Groups form the AzureVM.csv file. This will assign "Virtual machine operator" role at the Virtual Macine level. This role will be assigned to the user1 and user2 users along with abac Group name.

Location of the Script

You can find this script in GitHub at this location: Apply-RBACRoleToResources.ps1





Comments powered by Disqus