From df2ede1faa85b06396bda8a8d2dd561e3b8859c4 Mon Sep 17 00:00:00 2001
From: Helder Pinto <hepint@microsoft.com>
Date: Fri, 13 Jan 2023 16:29:21 +0000
Subject: [PATCH] Fixed more granular role assignments missing and simplified
 output

---
 ...-AutomationRunAsAccountRoleAssignments.ps1 | 25 +++++--------------
 1 file changed, 6 insertions(+), 19 deletions(-)

diff --git a/Utility/AzRunAs/Check-AutomationRunAsAccountRoleAssignments.ps1 b/Utility/AzRunAs/Check-AutomationRunAsAccountRoleAssignments.ps1
index 625cf05..ebb952e 100644
--- a/Utility/AzRunAs/Check-AutomationRunAsAccountRoleAssignments.ps1
+++ b/Utility/AzRunAs/Check-AutomationRunAsAccountRoleAssignments.ps1
@@ -1,7 +1,7 @@
 
 <#PSScriptInfo
  
-.VERSION 1.0.1
+.VERSION 1.0.2
  
 .GUID c383bb81-c95e-4845-bc95-428db6a36ba5
  
@@ -91,7 +91,7 @@ function GetRunAsAccountAADApplicationId([string] $resourceGroupName, [string] $
 
 function GetRunAsAccountRoleAssignments ([string] $subscriptionId)
 {
-    Select-AzSubscription -Subscription $subscriptionId
+    Select-AzSubscription -Subscription $subscriptionId | Out-Null
     $automationAccounts = Get-AzAutomationAccount
 
     if (!$automationAccounts) 
@@ -110,22 +110,9 @@ function GetRunAsAccountRoleAssignments ([string] $subscriptionId)
             -automationAccountName $AutomationAccount.AutomationAccountName
         if ($runasAccountAADAplicationId) 
         { 
-            $subscriptionScope = "/subscriptions/" + $SubscriptionId
-            if ($ReplaceCustomRoleAssignment -eq $true)
-            {
-                $currentRoleAssignments = Get-AzRoleAssignment `
-                    -ServicePrincipalName $runasAccountAADAplicationId `
-                    -Scope $subscriptionScope `
-                    -ErrorAction Stop
-            }
-            else
-            {
-                $currentRoleAssignments = Get-AzRoleAssignment `
-                    -ServicePrincipalName $runasAccountAADAplicationId `
-                    -RoleDefinitionName "Contributor" `
-                    -Scope $subscriptionScope `
-                    -ErrorAction Stop
-            }
+			$currentRoleAssignments = Get-AzRoleAssignment `
+				-ServicePrincipalName $runasAccountAADAplicationId `
+				-ErrorAction Stop -WarningAction SilentlyContinue | Format-Table Scope, DisplayName, RoleDefinitionName, ObjectId
 
             Write-Host ("The following role assignments exist in automation account: " + $automationAccount.AutomationAccountName)
             $currentRoleAssignments
@@ -154,4 +141,4 @@ foreach ($subscriptionId in $SubscriptionIds)
 }
 
 
-# Main code ends here
+# Main code ends here
\ No newline at end of file