StratoLens LogoStratoLens

Role Assignments

See every user, group, and service principal in your tenant alongside the role assignments they hold. Role Assignments rolls up direct assignments and assignments inherited via Azure AD group membership into a single principal-centric view, so you can answer "who has access to what?" without walking each subscription, resource group, and resource by hand.

What You'll Learn

This documentation covers how to audit Azure RBAC with the Role Assignments page:

  • Browse principals and open the Access Details panel for any one of them
  • Filter by principal type, role category, scope, and assignment source
  • Read assignment cards, including inherited assignments and their granting group
  • Switch which scan is being audited

Key Capabilities

Principal-Centric View

Every user, group, and service principal with at least one role assignment appears in a single list, with color-coded badges showing how many Admin, Management, Read, and Other roles they hold.

Direct and Inherited Assignments

Assignments granted to a person via group membership, including nested groups, are surfaced on the same page as direct assignments and labeled with an Inherited badge that names the granting group.

Filter for Privileged Access

Filter by Role Category (Admin, Management, Read, Other), Scope, and Assignment Source to focus on the access that matters for the review you're running.

Point-in-Time Audits

Each view reflects the Azure RBAC state captured by one scan. Switch the Scan picker to audit a specific historical snapshot.

Related Features

Feature Integration

  • Resource Explorer: every assignment card has a View in Explorer button that opens the underlying subscription, resource group, or resource with the same scan selected.
  • Automated Scanning: the page reflects RBAC captured by scans, so scan cadence and exclusions affect what you see here.

Documentation Sections

Start with Using the Page for the layout and main controls, then dig into filters and inherited assignments as needed.

Using the Page

Page layout, the Principals column, the Access Details panel, and the Scan picker.

Read: Using the Page →

Filters & Sort

How the four header filters combine, what each role category contains, and the sort options on both the principal list and the detail panel.

Read: Filters & Sort →

Inherited Assignments

How direct and inherited assignments differ, how to read the Inherited via row, and what to do when group resolution is incomplete.

Read: Inherited Assignments →

Troubleshooting

Common questions: missing principals, mismatched badge counts, missing View in Explorer buttons, and stale identities.

Read: Troubleshooting →

Want to learn more about what Role Assignments can do?

Check out the feature page for benefits, use cases, and highlights.

View Feature Page