https://ioctl.lol/tags/rbac/Recent content in Rbac on ioctlHugoenioctlMon, 16 Mar 2026 00:00:00 +0000https://ioctl.lol/tools/azure-roles-digger/Mon, 16 Mar 2026 00:00:00 +0000https://ioctl.lol/tools/azure-roles-digger/<h2 id="the-problem">The problem</h2> <p>Azure permission auditing is a special kind of hell.</p> <p>You run <code>az role assignment list</code> and get back&hellip; direct assignments. That&rsquo;s it. No inherited roles from group nesting. No Entra ID directory roles. No PIM-eligible roles sitting there waiting to be activated. Nothing about what that service principal can <em>actually</em> do when you trace the full chain.</p> <p>So you&rsquo;re left clicking through 15 portal blades, running separate Graph queries, cross-referencing group memberships by hand, piecing it all together in a spreadsheet like it&rsquo;s 2005. And after 30 minutes you&rsquo;re still not sure you found everything.</p>