Contents x
    Access details
    • 12 Feb 2024
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Access details

    • Updated on 12 Feb 2024
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    Introduction

    The access details document provides a thorough report detailing the access granted within Azure's Active Directory groups, Users, and Service Principals, outlining their respective roles at the subscription, resource group, and resource levels.

    Access details

    Access report can be generated by grouping the details in the following ways:

    • Group by Subscription- The list of Users/AD group/Service principal and their roles in the document will be grouped based on subscriptions.
      • Group by Resource group- The list of Users/AD group/Service principal and their roles in the document will be grouped based on Resource groups under each Subscription.
    • Group by access type- The list of AD group, User, Service principal details along with their role access at the subscription, resource group, and resource levels will be listed.
      • Groups - The list of AD groups along with their role access at the Subscription, Resource group, and Resource levels will be listed.
      • Service principal - The list of Service principals along with their role access at the Subscription, Resource group, and Resource levels will be listed.
      • Users - The list of Users along with their role access at the Subscription, Resource group, and Resource levels will be listed.

    Document structure

    • It includes the overall summary of the subscription(s) and their access at the AD group, service principal and user level.
    • When grouped by Subscription, it includes details about the subscription and the access of each user, service principal and AD groups.

    1.png

    • When grouped by access type, it includes details about the Users/AD groups/Service principal and their access at the subscription, resource group, and resource level.

    2.png

    The service principal must have Group.Read.All / Application.Read.All / User.Read.All permission for Microsoft Graph API to generate the access details document.

    Generate a Document

    1. Click New configuration in the Azure Documenter homepage
    2. Enter a name to the document configuration and click Next
    3. Choose the required subscriptions and click Next
    4. Select Access details as the document type. Choose between group by Subscription (with or without resource group) or Access type and click Next
    5. Filters can be defined to narrow down the document content
    6. Click Next
    7. Choose the publish settings and click Next
    8. Configure notification channels
    9. Click Generate

    The Access details document can also be generated with the help of Generate document option available in any of the existing document configurations.

    Once the generation is completed, the URL will be generated. The user will also be able to download the generated document via the Download hyperlink.

    7.gif

    Was this article helpful?
    What's Next