public static ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid ( string scope, string Id ) : string | ||
scope | string | |
Id | string | |
return | string |
/// <summary> /// Creates new role assignment. /// </summary> /// <param name="parameters">The create parameters</param> /// <returns>The created role assignment object</returns> public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parameters) { Guid principalId = ActiveDirectoryClient.GetObjectId(parameters.ADObjectFilter); Guid roleAssignmentId = RoleAssignmentNames.Count == 0 ? Guid.NewGuid() : RoleAssignmentNames.Dequeue(); string scope = parameters.Scope; ValidateScope(scope); string roleDefinitionId = !string.IsNullOrEmpty(parameters.RoleDefinitionName) ? AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, GetSingleRoleDefinitionByName(parameters.RoleDefinitionName, scope).Id) : AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, parameters.RoleDefinitionId); #if !NETSTANDARD RoleAssignmentCreateParameters createParameters = new RoleAssignmentCreateParameters { Properties = new RoleAssignmentProperties { PrincipalId = principalId, RoleDefinitionId = roleDefinitionId } }; RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create(parameters.Scope, roleAssignmentId, createParameters).RoleAssignment; #else var createParameters = new RoleAssignmentProperties { PrincipalId = principalId.ToString(), RoleDefinitionId = roleDefinitionId }; RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create( parameters.Scope, roleAssignmentId.ToString(), createParameters); #endif return(assignment.ToPSRoleAssignment(this, ActiveDirectoryClient)); }
/// <summary> /// Updates a role assignment. /// </summary> /// <param name="roleAssignment">The role assignment to update.</param> /// <returns>The updated role assignment.</returns> public PSRoleAssignment UpdateRoleAssignment(PSRoleAssignment roleAssignment) { string principalId = roleAssignment.ObjectId; var roleAssignmentGuidIndex = roleAssignment.RoleAssignmentId.LastIndexOf("/"); var roleAssignmentId = roleAssignmentGuidIndex != -1 ? roleAssignment.RoleAssignmentId.Substring(roleAssignmentGuidIndex + 1) : roleAssignment.RoleAssignmentId; string scope = roleAssignment.Scope; string roleDefinitionId = AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, roleAssignment.RoleDefinitionId); var Description = string.IsNullOrWhiteSpace(roleAssignment.Description) ? null : roleAssignment.Description; var Condition = string.IsNullOrWhiteSpace(roleAssignment.Condition) ? null : roleAssignment.Condition; var ConditionVersion = string.IsNullOrWhiteSpace(roleAssignment.ConditionVersion) ? null : roleAssignment.ConditionVersion; var createParameters = new RoleAssignmentCreateParameters { PrincipalId = principalId.ToString(), RoleDefinitionId = roleDefinitionId, PrincipalType = roleAssignment.ObjectType, CanDelegate = roleAssignment.CanDelegate, Description = Description, Condition = Condition, ConditionVersion = ConditionVersion }; RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create( scope, roleAssignmentId, createParameters); var PSRoleAssignment = assignment.ToPSRoleAssignment(this, ActiveDirectoryClient); return(PSRoleAssignment); }
/// <summary> /// Creates new role assignment. /// </summary> /// <param name="parameters">The create parameters</param> /// <returns>The created role assignment object</returns> public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parameters, Guid roleAssignmentId = default(Guid)) { string principalId = ActiveDirectoryClient.GetObjectId(parameters.ADObjectFilter); roleAssignmentId = roleAssignmentId == default(Guid) ? Guid.NewGuid() : roleAssignmentId; string scope = parameters.Scope; string roleDefinitionId = string.IsNullOrEmpty(parameters.RoleDefinitionName) ? AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, parameters.RoleDefinitionId) : AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, GetSingleRoleDefinitionByName(parameters.RoleDefinitionName, scope).Id); parameters.Description = string.IsNullOrWhiteSpace(parameters.Description) ? null : parameters.Description; parameters.Condition = string.IsNullOrWhiteSpace(parameters.Condition) ? null : parameters.Condition; parameters.ConditionVersion = string.IsNullOrWhiteSpace(parameters.ConditionVersion) ? null : parameters.ConditionVersion; var createParameters = new RoleAssignmentCreateParameters { PrincipalId = principalId.ToString(), RoleDefinitionId = roleDefinitionId, CanDelegate = parameters.CanDelegate, Description = parameters.Description, Condition = parameters.Condition, ConditionVersion = parameters.ConditionVersion }; RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create( parameters.Scope, roleAssignmentId.ToString(), createParameters); var PSRoleAssignment = assignment.ToPSRoleAssignment(this, ActiveDirectoryClient); return(PSRoleAssignment); }
/// <summary> /// Creates new role assignment. /// </summary> /// <param name="parameters">The create parameters</param> /// <returns>The created role assignment object</returns> public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parameters) { Guid principalId = ActiveDirectoryClient.GetObjectId(parameters.ADObjectFilter); string principalIdStr = null; if (principalId == Guid.Empty) { principalIdStr = ActiveDirectoryClient.GetAdfsObjectId(parameters.ADObjectFilter); } else { principalIdStr = principalId.ToString(); } Guid roleAssignmentId = RoleAssignmentNames.Count == 0 ? Guid.NewGuid() : RoleAssignmentNames.Dequeue(); string scope = parameters.Scope; string roleDefinitionId = !string.IsNullOrEmpty(parameters.RoleDefinitionName) ? AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, GetSingleRoleDefinitionByName(parameters.RoleDefinitionName, scope).Id) : AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, parameters.RoleDefinitionId); var createProperties = new RoleAssignmentProperties { PrincipalId = principalIdStr, RoleDefinitionId = roleDefinitionId }; var createParameters = new RoleAssignmentCreateParameters(createProperties); RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create( parameters.Scope, roleAssignmentId.ToString(), createParameters); return(assignment.ToPSRoleAssignment(this, ActiveDirectoryClient)); }
/// <summary> /// Updates a role assignment. /// </summary> /// <param name="roleAssignment">The role assignment to update.</param> /// <returns>The updated role assignment.</returns> public PSRoleAssignment UpdateRoleAssignment(PSRoleAssignment roleAssignment) { string principalType; // check added in case Set-AzRoleAssignment is called as a create operation but the user didn't add the object type if (roleAssignment.ObjectType == null) { PSADObject asignee = ActiveDirectoryClient.GetADObject(new ADObjectFilterOptions() { Id = roleAssignment.ObjectId }); if (asignee == null) { throw new ArgumentException("No AD object could be found with current parameters, please confirm the information provided is correct and try again"); } principalType = asignee is PSADUser ? "User" : asignee is PSADServicePrincipal ? "ServicePrincipal" : asignee is PSADGroup ? "Group" : null; } else { principalType = roleAssignment.ObjectType; } string principalId = roleAssignment.ObjectId; var roleAssignmentGuidIndex = roleAssignment.RoleAssignmentId.LastIndexOf("/"); var roleAssignmentId = roleAssignmentGuidIndex != -1 ? roleAssignment.RoleAssignmentId.Substring(roleAssignmentGuidIndex + 1) : roleAssignment.RoleAssignmentId; string scope = roleAssignment.Scope; string roleDefinitionId = AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, roleAssignment.RoleDefinitionId); var Description = string.IsNullOrWhiteSpace(roleAssignment.Description) ? null : roleAssignment.Description; var Condition = string.IsNullOrWhiteSpace(roleAssignment.Condition) ? null : roleAssignment.Condition; var ConditionVersion = string.IsNullOrWhiteSpace(roleAssignment.ConditionVersion) ? null : roleAssignment.ConditionVersion; var createParameters = new RoleAssignmentCreateParameters { PrincipalId = principalId.ToString(), RoleDefinitionId = roleDefinitionId, PrincipalType = principalType, CanDelegate = roleAssignment.CanDelegate, Description = Description, Condition = Condition, ConditionVersion = ConditionVersion }; RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create( scope, roleAssignmentId, createParameters); var PSRoleAssignment = assignment.ToPSRoleAssignment(this, ActiveDirectoryClient); return(PSRoleAssignment); }
/// <summary> /// Updates a role assignment. /// </summary> /// <param name="roleAssignment">The role assignment to update.</param> /// <returns>The updated role assignment.</returns> public PSRoleAssignment UpdateRoleAssignment(PSRoleAssignment roleAssignment) { string principalType = null; // check added in case Set-AzRoleAssignment is called as a create operation but the user didn't add the object type if (roleAssignment.ObjectType == null) { var asignee = ActiveDirectoryClient.GetObjectsByObjectId(new List <string> { roleAssignment.ObjectId }).SingleOrDefault(); if (!(asignee is PSErrorHelperObject) && asignee.Type != null) { principalType = asignee.Type; } } else { principalType = roleAssignment.ObjectType; } string principalId = roleAssignment.ObjectId; var roleAssignmentGuidIndex = roleAssignment.RoleAssignmentId.LastIndexOf("/"); var roleAssignmentId = roleAssignmentGuidIndex != -1 ? roleAssignment.RoleAssignmentId.Substring(roleAssignmentGuidIndex + 1) : roleAssignment.RoleAssignmentId; string scope = roleAssignment.Scope; string roleDefinitionId = AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, roleAssignment.RoleDefinitionId); var Description = string.IsNullOrWhiteSpace(roleAssignment.Description) ? null : roleAssignment.Description; var Condition = string.IsNullOrWhiteSpace(roleAssignment.Condition) ? null : roleAssignment.Condition; var ConditionVersion = string.IsNullOrWhiteSpace(roleAssignment.ConditionVersion) ? null : roleAssignment.ConditionVersion; var createParameters = new RoleAssignmentCreateParameters { PrincipalId = principalId.ToString(), RoleDefinitionId = roleDefinitionId, PrincipalType = principalType, CanDelegate = roleAssignment.CanDelegate, Description = Description, Condition = Condition, ConditionVersion = ConditionVersion }; RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create( scope, roleAssignmentId, createParameters); var PSRoleAssignment = assignment.ToPSRoleAssignment(this, ActiveDirectoryClient); return(PSRoleAssignment); }
/// <summary> /// Creates new role assignment. /// </summary> /// <param name="parameters">The create parameters</param> /// <returns>The created role assignment object</returns> public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parameters, Guid roleAssignmentId = default(Guid)) { var asigneeID = ActiveDirectoryClient.GetObjectId(parameters.ADObjectFilter); string asigneeObjectType = parameters.ADObjectFilter?.ObjectType; if (string.IsNullOrWhiteSpace(asigneeObjectType)) { var asigneeObject = ActiveDirectoryClient.GetObjectsByObjectId(new List <string>() { asigneeID }).SingleOrDefault(); asigneeObjectType = (!(asigneeObject is PSErrorHelperObject) && asigneeObject != null) ? asigneeObject.Type : null; } string principalId = asigneeID; roleAssignmentId = roleAssignmentId == default(Guid) ? Guid.NewGuid() : roleAssignmentId; string scope = parameters.Scope; string roleDefinitionId = string.IsNullOrEmpty(parameters.RoleDefinitionName) ? AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, parameters.RoleDefinitionId) : AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, GetSingleRoleDefinitionByName(parameters.RoleDefinitionName, scope).Id); parameters.Description = string.IsNullOrWhiteSpace(parameters.Description) ? null : parameters.Description; parameters.Condition = string.IsNullOrWhiteSpace(parameters.Condition) ? null : parameters.Condition; parameters.ConditionVersion = string.IsNullOrWhiteSpace(parameters.ConditionVersion) ? null : parameters.ConditionVersion; var createParameters = new RoleAssignmentCreateParameters { PrincipalId = principalId.ToString(), PrincipalType = asigneeObjectType, RoleDefinitionId = roleDefinitionId, CanDelegate = parameters.CanDelegate, Description = parameters.Description, Condition = parameters.Condition, ConditionVersion = parameters.ConditionVersion }; RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create( parameters.Scope, roleAssignmentId.ToString(), createParameters); var PSRoleAssignment = assignment.ToPSRoleAssignment(this, ActiveDirectoryClient); return(PSRoleAssignment); }
/// <summary> /// Creates new role assignment. /// </summary> /// <param name="parameters">The create parameters</param> /// <returns>The created role assignment object</returns> public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parameters, Guid roleAssignmentId = default(Guid)) { var assigneeID = parameters.ADObjectFilter?.Id; var assigneeObjectType = parameters.ADObjectFilter?.ObjectType; if (string.IsNullOrWhiteSpace(assigneeObjectType) || string.IsNullOrWhiteSpace(assigneeID)) { try { var assigneeObject = ActiveDirectoryClient.GetADObject(parameters.ADObjectFilter); assigneeID = assigneeID ?? assigneeObject?.Type; assigneeObjectType = assigneeObjectType ?? assigneeObject?.Type; } catch (Common.MSGraph.Version1_0.DirectoryObjects.Models.OdataErrorException) when(!string.IsNullOrEmpty(assigneeID)) { // If assigneeID is not null, swallow OdataErrorException } } string principalId = assigneeID; roleAssignmentId = roleAssignmentId == default(Guid) ? Guid.NewGuid() : roleAssignmentId; string scope = parameters.Scope; string roleDefinitionId = string.IsNullOrEmpty(parameters.RoleDefinitionName) ? AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, parameters.RoleDefinitionId) : AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, GetSingleRoleDefinitionByName(parameters.RoleDefinitionName, scope).Id); parameters.Description = string.IsNullOrWhiteSpace(parameters.Description) ? null : parameters.Description; parameters.Condition = string.IsNullOrWhiteSpace(parameters.Condition) ? null : parameters.Condition; parameters.ConditionVersion = string.IsNullOrWhiteSpace(parameters.ConditionVersion) ? null : parameters.ConditionVersion; var createParameters = new RoleAssignmentCreateParameters { PrincipalId = principalId, PrincipalType = assigneeObjectType, RoleDefinitionId = roleDefinitionId, Description = parameters.Description, Condition = parameters.Condition, ConditionVersion = parameters.ConditionVersion }; return(AuthorizationManagementClient.RoleAssignments.Create(parameters.Scope, roleAssignmentId.ToString(), createParameters).ToPSRoleAssignment(this, ActiveDirectoryClient)); }
/// <summary> /// Updates a role assignment. /// </summary> /// <param name="roleAssignment">The role assignment to update.</param> /// <returns>The updated role assignment.</returns> public PSRoleAssignment UpdateRoleAssignment(PSRoleAssignment roleAssignment) { string principalType = null; // check added in case Set-AzRoleAssignment is called as a create operation but the user didn't add the object type if (string.IsNullOrEmpty(roleAssignment.ObjectType)) { try { var assignee = ActiveDirectoryClient.GetObjectByObjectId(roleAssignment.ObjectId); principalType = assignee?.Type; } catch { // Ignore } } else { principalType = roleAssignment.ObjectType; } string principalId = roleAssignment.ObjectId; var roleAssignmentId = roleAssignment.RoleAssignmentId.GuidFromFullyQualifiedId(); string scope = roleAssignment.Scope; string roleDefinitionId = AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, roleAssignment.RoleDefinitionId); var Description = string.IsNullOrWhiteSpace(roleAssignment.Description) ? null : roleAssignment.Description; var Condition = string.IsNullOrWhiteSpace(roleAssignment.Condition) ? null : roleAssignment.Condition; var ConditionVersion = string.IsNullOrWhiteSpace(roleAssignment.ConditionVersion) ? null : roleAssignment.ConditionVersion; var createParameters = new RoleAssignmentCreateParameters { PrincipalId = principalId.ToString(), RoleDefinitionId = roleDefinitionId, PrincipalType = principalType, Description = Description, Condition = Condition, ConditionVersion = ConditionVersion }; return(AuthorizationManagementClient.RoleAssignments.Create(scope, roleAssignmentId, createParameters).ToPSRoleAssignment(this, ActiveDirectoryClient)); }
/// <summary> /// Creates new role assignment. /// </summary> /// <param name="parameters">The create parameters</param> /// <returns>The created role assignment object</returns> public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parameters, Guid roleAssignmentId = default(Guid)) { PSADObject asignee = ActiveDirectoryClient.GetADObject(parameters.ADObjectFilter); if (asignee == null) { throw new ArgumentException(ProjectResources.NoADObjectFound); } string principalId = asignee.Id; string principalType = asignee is PSADUser ? "User" : asignee is PSADServicePrincipal ? "ServicePrincipal" : asignee is PSADGroup ? "Group" : null; roleAssignmentId = roleAssignmentId == default(Guid) ? Guid.NewGuid() : roleAssignmentId; string scope = parameters.Scope; string roleDefinitionId = string.IsNullOrEmpty(parameters.RoleDefinitionName) ? AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, parameters.RoleDefinitionId) : AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, GetSingleRoleDefinitionByName(parameters.RoleDefinitionName, scope).Id); parameters.Description = string.IsNullOrWhiteSpace(parameters.Description) ? null : parameters.Description; parameters.Condition = string.IsNullOrWhiteSpace(parameters.Condition) ? null : parameters.Condition; parameters.ConditionVersion = string.IsNullOrWhiteSpace(parameters.ConditionVersion) ? null : parameters.ConditionVersion; var createParameters = new RoleAssignmentCreateParameters { PrincipalId = principalId.ToString(), PrincipalType = principalType, RoleDefinitionId = roleDefinitionId, CanDelegate = parameters.CanDelegate, Description = parameters.Description, Condition = parameters.Condition, ConditionVersion = parameters.ConditionVersion }; RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create( parameters.Scope, roleAssignmentId.ToString(), createParameters); var PSRoleAssignment = assignment.ToPSRoleAssignment(this, ActiveDirectoryClient); return(PSRoleAssignment); }
public List <PSRoleAssignment> FilterRoleAssignments(FilterRoleAssignmentsOptions options, string currentSubscription) { List <PSRoleAssignment> result = new List <PSRoleAssignment>(); string assignedToPrincipalId = null; string principalId = null; PSADObject adObject = null; if (options.ADObjectFilter.HasFilter) { adObject = ActiveDirectoryClient.GetADObject(options.ADObjectFilter); if (adObject == null) { throw new KeyNotFoundException(ProjectResources.PrincipalNotFound); } // Filter first by principal if (options.ExpandPrincipalGroups) { if (!(adObject is PSADUser)) { throw new InvalidOperationException(ProjectResources.ExpandGroupsNotSupported); } assignedToPrincipalId = adObject.Id.ToString(); } else { principalId = string.IsNullOrEmpty(options.ADObjectFilter.Id.ToString()) ? adObject.Id.ToString() : options.ADObjectFilter.Id; } var tempResult = AuthorizationManagementClient.RoleAssignments.List( new Rest.Azure.OData.ODataQuery <RoleAssignmentFilter>(f => f.PrincipalId == principalId && f.AssignedTo(assignedToPrincipalId))); result.AddRange(tempResult.FilterRoleAssignmentsOnRoleId(AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(currentSubscription, options.RoleDefinitionId)) .ToPSRoleAssignments(this, ActiveDirectoryClient, options.Scope, options.ExcludeAssignmentsForDeletedPrincipals)); while (!string.IsNullOrWhiteSpace(tempResult.NextPageLink)) { tempResult = AuthorizationManagementClient.RoleAssignments.ListNext(tempResult.NextPageLink); result.AddRange(tempResult.FilterRoleAssignmentsOnRoleId(AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(currentSubscription, options.RoleDefinitionId)) .ToPSRoleAssignments(this, ActiveDirectoryClient, options.Scope, options.ExcludeAssignmentsForDeletedPrincipals)); } // Filter out by scope if (!string.IsNullOrEmpty(options.Scope)) { result.RemoveAll(r => !options.Scope.StartsWith(r.Scope, StringComparison.OrdinalIgnoreCase)); } } else if (!string.IsNullOrEmpty(options.Scope)) { // Filter by scope and above directly var tempResult = AuthorizationManagementClient.RoleAssignments.ListForScope( options.Scope, new Rest.Azure.OData.ODataQuery <RoleAssignmentFilter>( f => f.AtScope() && f.PrincipalId == principalId && f.AssignedTo(assignedToPrincipalId))); result.AddRange(tempResult.FilterRoleAssignmentsOnRoleId(AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(currentSubscription, options.RoleDefinitionId)) .ToPSRoleAssignments(this, ActiveDirectoryClient, options.Scope, options.ExcludeAssignmentsForDeletedPrincipals)); while (!string.IsNullOrWhiteSpace(tempResult.NextPageLink)) { tempResult = AuthorizationManagementClient.RoleAssignments.ListForScopeNext(tempResult.NextPageLink); result.AddRange(tempResult.FilterRoleAssignmentsOnRoleId(AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(currentSubscription, options.RoleDefinitionId)) .ToPSRoleAssignments(this, ActiveDirectoryClient, options.Scope, options.ExcludeAssignmentsForDeletedPrincipals)); } } else { var tempResult = AuthorizationManagementClient.RoleAssignments.List( new Rest.Azure.OData.ODataQuery <RoleAssignmentFilter>(f => f.PrincipalId == principalId && f.AssignedTo(assignedToPrincipalId))); result.AddRange(tempResult .FilterRoleAssignmentsOnRoleId(AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(currentSubscription, options.RoleDefinitionId)) .ToPSRoleAssignments(this, ActiveDirectoryClient, options.Scope, options.ExcludeAssignmentsForDeletedPrincipals)); while (!string.IsNullOrWhiteSpace(tempResult.NextPageLink)) { tempResult = AuthorizationManagementClient.RoleAssignments.ListNext(tempResult.NextPageLink); result.AddRange(tempResult .FilterRoleAssignmentsOnRoleId(AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(currentSubscription, options.RoleDefinitionId)) .ToPSRoleAssignments(this, ActiveDirectoryClient, options.Scope, options.ExcludeAssignmentsForDeletedPrincipals)); } } if (!string.IsNullOrEmpty(options.RoleDefinitionName)) { result = result.Where(r => r.RoleDefinitionName.Equals(options.RoleDefinitionName, StringComparison.OrdinalIgnoreCase)).ToList(); } if (options.IncludeClassicAdministrators) { // Get classic administrator access assignments List <ClassicAdministrator> classicAdministrators = AuthorizationManagementClient.ClassicAdministrators .List(AuthorizationManagementClient.ApiVersion).ToList(); List <PSRoleAssignment> classicAdministratorsAssignments = classicAdministrators.Select(a => a.ToPSRoleAssignment(currentSubscription)).ToList(); // Filter by principal if provided if (options.ADObjectFilter.HasFilter) { if (!(adObject is PSADUser)) { throw new InvalidOperationException(ProjectResources.IncludeClassicAdminsNotSupported); } var userObject = adObject as PSADUser; classicAdministratorsAssignments = classicAdministratorsAssignments.Where(c => c.DisplayName.Equals(userObject.UserPrincipalName, StringComparison.OrdinalIgnoreCase)).ToList(); } result.AddRange(classicAdministratorsAssignments); } return(result); }