Search-AzQuery querying authorizationresources returns 0 records
I want to query all the builtin Azure role definitions using Search-AzQuery. I have the Az.ResourceGroup module v1.0.0 installed.
This query works fine in the Azure Portal's Azure Resource Graph Explorer and returns 5 records:
authorizationresources | where type == "microsoft.authorization/roledefinitions" | where properties["type"] == "BuiltInRole" | limit 5
If I run the same query locally using Search-AzQuery (or az graph query for that matter), I get zero records.
Search-AzGraph -Query 'authorizationresources | where type == "microsoft.authorization/roledefinitions" | where properties["type"] == "BuiltInRole" | limit 5'
However, if I remove the second where, then it does return records.
Search-AzGraph -Query 'authorizationresources | where type == "microsoft.authorization/roledefinitions" | limit 5'
I've also tried the =~ operator (to ignore case when comparing) but that makes no difference.
What am I doing wrong?
Search-AzGraph -Query "authorizationresources | where type == 'microsoft.authorization/roledefinitions' | where properties['type'] == 'BuiltInRole' | limit 5" -UseTenantScope
You should add UseTenantScope, I tried a lot and found that this method works.
Why it works:
roledefinitions has the resource id some like this /providers/Microsoft.Authorization/RoleDefinitions/aabbc5dd-1af0-458b-a942-81af88f9c138, which not be related to a certain subscription. It is a Basic tenant query reference
Has the difference to Basic query, need to pass subscriptionIds array.
- How to resolve paging when retrieving data from REST API in R
- SearchService deployment fails if the resource exists
- Azure Bicep - Referencing a variable that cannot be calculated at the start
- Local development with Azure SignalR Service and Azure Functions
- Azure Functions & Application Insights requests "Operation Link" empty
- Disabling allow public blob access using terraform
- how to retrieve all resources under given subnet using Azure Resource Graph Explorer query
- I'm using SSIS in ADF to move .csv from a blob container to another and then ingest into a Azure SQL database. I get an assembly error
- How to build expression in ADF from json using parameterized variable?
- Reference a variable azure pipeline not working
- Graph Powershell adding a user to PIM for a privileged security group
- Indexing static HTML blob storage content with Azure Cognitive Search is not working as expected
- Azure python webapp deploy shows as running even though it is successful
- Azure pipeline get Pull request source and target branch name
- Error while copying Azure Storage table from one Storage to another storage table using Powershell script
- Azure Function App Fails to Delete Blob Image After Deployment
- Use Azure AD authentication but manage roles in database in .NET 6
- Microsoft Azure VMs IaaS or PaaS?
- Can an application property be updated/deleted from a ServiceBusReceivedMessage?
- Why is my Blazor Web App throwing a SocketException when authenticating with OpenIddict when deployed to Azure App Service?
- RPC failed: curl 56 failure when receiving data from the peer
- Read 'Attribute & Claims' from SAML Entra application configuration using PowerShell
- Reading Excel file returns 'Invalid Request' error
- Is it possible to clone an Azure Container App?
- Unable to Enable Encryption at host for Azure VM
- Application Insights does not capture information level logging
- How to look up logical partition count and size in Cosmos DB
- AzureRmWebAppDeployment@4 tries to deploy to a wrong URL to Linux app plan
- Azure B2C client credentials flow throws invalid_grant AADB2C90085
- Why I can't create azurerm_app_service connection?