Successful Role Assignments
Query
//Show the count of successful role assignments per user.
AzureActivity
| where TimeGenerated > ago(90d) and Authorization contains "Microsoft.Authorization/roleAssignments/write" and ActivityStatusValue == "Success"
| parse ResourceId with * "/providers/" TargetResourceAuthProvider "/" *
| summarize count(), makeset(Caller) by TargetResourceAuthProviderExplanation
This query shows the number of successful role assignments per user. It filters the Azure activity logs for the past 90 days and looks for role assignments that were successfully written. It then extracts the target resource authentication provider from the resource ID and summarizes the count of role assignments and the unique callers (users) by the target resource authentication provider.
Details

Rod Trent
Released: June 2, 2022
Tables
AzureActivity
Keywords
AzureActivityTimeGeneratedAuthorizationMicrosoft.Authorization/roleAssignments/writeActivityStatusValueResourceIdTargetResourceAuthProviderCaller
Operators
where>agoandcontains==parsewith*/providers//summarizecount()makeset()by