Thank you goes to @flomb :)
To see all role assignments for a resource group in Azure (including inherited once from management groups), send an API request through the azure-cli:

`az rest --method get --url "https://management.azure.com/subscriptions/<subscription-id>/resourcegroups/<resource-group-name>/providers/Microsoft.Authorization/roleAssignments?api-version=2022 -04-01" | jq '.value[].properties | .scope + " " + .principalType + ":"+ .principalId'`

The jq collects the scope of the role assignments, then the type like User, service account etc. and then the identifier for the principal that has a role assignment.
#Azure #azcli #cloudhacking #cloud

In the azure portal, going to any resource or resource group/subscription and clicking on "Access control" and then "Role Assignments". You see many entries including Inherited once, i.e. "Management group (Inherited)", in the scope column.

**How do you recreate this information in the Azure cli?**

#azure #az #cloud #cloudhacking #azcli