StratoLens LogoStratoLens

Using the Page

The Role Assignments page is split into two columns: a list of every principal with at least one role assignment, and a detail panel that opens when you select one of them. Open it from Security > Role Assignments in the sidebar (key icon).

On This Page

Prerequisites

  • You need a StratoLens role with Data Read permission. See the installation guide for which roles include it.
  • At least one completed scan must exist. The page is empty until the first scan finishes. See Scan Overview.

Principals Column

The left column lists every user, group, and service principal with at least one role assignment in the selected scan. Principals with no assignments at all do not appear here.

Each row shows three things: a principal-type icon, the display name, and color-coded count badges per role category. Badges only appear for categories where the count is greater than zero, and counts respect the active filters.

Badge colors

Red
Admin
Orange
Management
Green
Read
Blue
Other

See Role Categories for what each category contains.

Access Details Panel

Click any principal row to open the Access Details panel on the right. The panel header shows the principal type and name (for example, User: Jane Doe) and the body lists every assignment they hold as a card.

Click the same row again to close the panel. The footer reads Showing N assignment(s), and that count reflects the same filters that control the principal list.

Panel filters mirror the page filters

Changing a filter in the page header updates the principal list, the badge counts, and the assignment cards in the open panel together. There is no separate filter set inside the panel.

Assignment Cards

Each assignment is one card in the panel. Cards are arranged top-down based on the panel's Sort by dropdown (Privilege Level by default).

Card elements

Entity icon & type
The kind of resource the assignment is on: management group, subscription, resource group, or resource.
Role badge
Colored to match the role's category (Admin, Management, Read, Other).
Inherited badge
Purple badge that only appears for assignments granted via group membership. See Inherited Assignments.
Key/value rows
Entity name, scope context, assigned and updated dates, and (for inherited) the granting group on an Inherited via row.
View in Explorer
Opens the underlying entity in the Resource Explorer with the same scan selected. Hidden for scopes that don't have a direct Explorer counterpart, such as management groups.

Scan Picker

The Scan picker on the right side of the header chooses which scan is being audited. The page always reflects RBAC captured by exactly one scan, so switching scans rebuilds the principal list and the open panel against the new snapshot.

← Back to OverviewNext: Filters & Sort →