From 273edcef579f7046cff7e1803f45ed07a5839a0e Mon Sep 17 00:00:00 2001
From: Jurjen Ladenius <jurjen.ladenius@effectory.com>
Date: Thu, 25 Jul 2024 16:54:19 +0200
Subject: [PATCH] rbac fixes

---
 .gitignore                           | 1 +
 Powershell/Lists/Azure/AzurePIM.ps1  | 3 ++-
 Powershell/Lists/Azure/AzureRBAC.ps1 | 6 +++---
 3 files changed, 6 insertions(+), 4 deletions(-)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..ae3dc7d
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+Powershell/Tools/temp.ps1
diff --git a/Powershell/Lists/Azure/AzurePIM.ps1 b/Powershell/Lists/Azure/AzurePIM.ps1
index bda56e1..b8a9308 100644
--- a/Powershell/Lists/Azure/AzurePIM.ps1
+++ b/Powershell/Lists/Azure/AzurePIM.ps1
@@ -30,7 +30,8 @@ function GetEligibleAssignments {
         [string] $scope
     )
 
-    $access_token = (Get-AzAccessToken -TenantId "e9792fd7-4044-47e7-a40d-3fba46f1cd09").Token
+    $securetoken = (Get-AzAccessToken -TenantId "e9792fd7-4044-47e7-a40d-3fba46f1cd09" -AsSecureString).Token
+    $access_token= ConvertFrom-SecureString -SecureString $securetoken -AsPlainText
 
     $url = "https://management.azure.com/$scope/providers/Microsoft.Authorization/roleEligibilityScheduleInstances?api-version=2020-10-01&`$filter=atScope()"
     
diff --git a/Powershell/Lists/Azure/AzureRBAC.ps1 b/Powershell/Lists/Azure/AzureRBAC.ps1
index 0f1e6a9..95745f6 100644
--- a/Powershell/Lists/Azure/AzureRBAC.ps1
+++ b/Powershell/Lists/Azure/AzureRBAC.ps1
@@ -158,15 +158,15 @@ foreach ($managementGroup in $managementGroups)
             $Result | Export-Csv -Path $fileName -Append -NoTypeInformation
         }
         
-        $allResources = Get-AzResource 
+        $allResources = Get-AzResource #-ResourceType Microsoft.Storage/storageAccounts/blobServices
 
         foreach ($resource in $allResources) {
 
             [ResourceCheck[]]$Result = @()
 
             try {
-                $roleAssignments = Get-AzRoleAssignment -Scope $resource.ResourceId | Where-Object Scope -eq $resource.ResourceId
-
+                $roleAssignments = Get-AzRoleAssignment -Scope $resource.ResourceId | Where-Object Scope -like "$($resource.ResourceId)*"
+                
                 foreach($roleAssignment in $roleAssignments) {
                     [ResourceCheck] $resourceCheck = [ResourceCheck]::new()
                     $resourceCheck.ResourceId = $resource.ResourceId