My blogs have relatively simple, and sometimes complex, examples. I’m hoping that you will be able to tailor them to your need or use them in your own scripts.

The goal of this blog is to show one way to accomplish a task. It is not to show how to write a perfect script, solution or process to accomplish a task.

Prerequisites

First thing to remember is to install Azure PowerShell. Otherwise, you can use Cloud Shell if you prefer to stay within Azure Portal.

PowerShell Cmdlets

Get-AzWebApp Gets Azure Web Apps in the specified resource group.
Get-AzRoleAssignment Lists Azure RBAC role assignments at the specified scope. By default it lists all role assignments in the selected Azure subscription. Use respective parameters to list assignments to a specific user, or to list assignments on a specific resource group or resource.
Get-AzWebAppSlot Gets an Azure Web App slot.

Sign in to Azure

Sign in to Azure. If you have multiple subscriptions or tenants, make sure to sign in to the correct subscription.
You can use Set-AzContext to set the tenant, subscription, and environment for cmdlets to use in the current session.

PowerShell

Connect-AzAccount -Subscription "aa1111a1-1111-1a1a-11a1-1111a1a1a1a1

1

Connect-AzAccount -Subscription "aa1111a1-1111-1a1a-11a1-1111a1a1a1a1

Get Role Assignments

The script is easy to follow.

# CSV file name to export data to
$OutFile = "C:\Support\WebAppsRoleAssignments.csv"
# Gets Azure Web Apps
$WebApps = Get-AzWebApp
# Initialize variable to hold data
$RoleAssignments = @()
# Loop for each WebApp
Foreach ($WebApp in $WebApps)
{
    Write-Host "Role assignments for WebApp &#91;$($WebApp.Name)]"
    # Get role assignment for the main/production slot of the WebApp
    $RoleAssignments += Get-AzRoleAssignment -Scope $WebApp.Id -WarningAction SilentlyContinue | Select  @{Name="App";Expression={$WebApp.Name}}, @{Name="Slot";Expression={"Main"}}, DisplayName, RoleDefinitionName
    # Get WebApp slots
    $AppSlots = Get-AzWebAppSlot -ResourceGroupName $WebApp.ResourceGroup -Name $WebApp.Name | Sort-Object Name
    # Loop for each slot
    ForEach ($AppSlot in $AppSlots) {
        # Get role assignment for the slot
        $RoleAssignments += Get-AzRoleAssignment -Scope $AppSlot.Id -WarningAction SilentlyContinue | Select  @{N="App";E={$WebApp.Name}}, @{N="Slot";E={$AppSlot.Name.Split('/')&#91;1]}}, DisplayName, RoleDefinitionName
    }
}
# Export result to a CSV file
$RoleAssignments | Export-Csv -Path $OutFile -NoTypeInformation

# CSV file name to export data to

$OutFile = "C:\Support\WebAppsRoleAssignments.csv"

# Gets Azure Web Apps

$WebApps = Get-AzWebApp

# Initialize variable to hold data

$RoleAssignments = @()

# Loop for each WebApp

Foreach ($WebApp in $WebApps)

{

Write-Host "Role assignments for WebApp [$($WebApp.Name)]"

# Get role assignment for the main/production slot of the WebApp

$RoleAssignments += Get-AzRoleAssignment -Scope $WebApp.Id -WarningAction SilentlyContinue | Select @{Name="App";Expression={$WebApp.Name}}, @{Name="Slot";Expression={"Main"}}, DisplayName, RoleDefinitionName

# Get WebApp slots

$AppSlots = Get-AzWebAppSlot -ResourceGroupName $WebApp.ResourceGroup -Name $WebApp.Name | Sort-Object Name

# Loop for each slot

ForEach ($AppSlot in $AppSlots) {

# Get role assignment for the slot

$RoleAssignments += Get-AzRoleAssignment -Scope $AppSlot.Id -WarningAction SilentlyContinue | Select @{N="App";E={$WebApp.Name}}, @{N="Slot";E={$AppSlot.Name.Split('/')[1]}}, DisplayName, RoleDefinitionName

}

# Export result to a CSV file

$RoleAssignments | Export-Csv -Path $OutFile -NoTypeInformation

Calculated fields

I used calculated fields to display WebApp name and Slot name.

Value	Expression	Result
WebApp1	@{Name=”App”;Expression={$WebApp.Name}}	WebApp1
WebApp1/Stage	@{N=”Slot”;E={$AppSlot.Name.Split(‘/’)[1]}}	Stage

In conclusion

In summary, we explored how to get role assignments for all exiting App Services (WebApp).

Did you find this blog easy to follow and helpful to you? I certainly would love to hear your feedback and suggestions. So, let me know in the comments below. Happy PowerShelling.

Disclaimer

Purpose of the code contained in blog is solely for learning and demo purposes. Author will not be held responsible for any failure or damages caused due to any other usage.