Azure · jiasli · Apr 3, 2025 · Mar 31, 2025
@@ -347,6 +347,9 @@ def load_arguments(self, _):
                         "principalName property with it. "
                         "If the logged-in account has no permission or the machine has no network access to query "
                         "Microsoft Graph, set this flag to false to avoid warning or error.")
+        c.argument('fill_role_definition_name', arg_type=get_three_state_flag(),
+                   help="Fill roleDefinitionName property in addition to roleDefinitionId. This operation is "
+                        "expensive. If you encounter performance issue, set this flag to false.")
 
     time_help = 'The {} of the query in the format of %Y-%m-%dT%H:%M:%SZ, e.g. 2000-12-31T12:59:59Z. Defaults to {}'
     with self.argument_context('role assignment list-changelogs') as c:

@@ -232,10 +232,10 @@ def _create_role_assignment(cli_ctx, role, assignee, resource_group_name=None, s
                                          condition=condition, condition_version=condition_version)
 
 
-def list_role_assignments(cmd, assignee=None, role=None, resource_group_name=None,
+def list_role_assignments(cmd, assignee=None, role=None, resource_group_name=None,  # pylint: disable=too-many-locals
                           scope=None, include_inherited=False,
                           show_all=False, include_groups=False, include_classic_administrators=False,
-                          fill_principal_name=True):
+                          fill_role_definition_name=True, fill_principal_name=True):
     '''
     :param include_groups: include extra assignments to the groups of which the user is a
     member(transitively).
@@ -267,23 +267,23 @@ def list_role_assignments(cmd, assignee=None, role=None, resource_group_name=Non
     if not results:
         return []
 
-    # 1. fill in logic names to get things understandable.
-    # (it's possible that associated roles and principals were deleted, and we just do nothing.)
-    # 2. fill in role names
-    role_defs = list(definitions_client.list(
-        scope=scope or ('/subscriptions/' + definitions_client._config.subscription_id)))
-    worker = MultiAPIAdaptor(cmd.cli_ctx)
-    role_dics = {i.id: worker.get_role_property(i, 'role_name') for i in role_defs}
-    for i in results:
-        if not i.get('roleDefinitionName'):
-            if role_dics.get(worker.get_role_property(i, 'roleDefinitionId')):
-                worker.set_role_property(i, 'roleDefinitionName',
-                                         role_dics[worker.get_role_property(i, 'roleDefinitionId')])
-            else:
-                i['roleDefinitionName'] = None  # the role definition might have been deleted
+    # Fill in role definition names
+    if fill_role_definition_name:
+        worker = MultiAPIAdaptor(cmd.cli_ctx)
+        role_defs = list(definitions_client.list(
+            scope=scope or ('/subscriptions/' + definitions_client._config.subscription_id)))
+        role_dics = {i.id: worker.get_role_property(i, 'role_name') for i in role_defs}
+        for i in results:
+            if not i.get('roleDefinitionName'):
+                if role_dics.get(worker.get_role_property(i, 'roleDefinitionId')):
+                    worker.set_role_property(i, 'roleDefinitionName',
+                                             role_dics[worker.get_role_property(i, 'roleDefinitionId')])
+                else:
+                    i['roleDefinitionName'] = None  # the role definition might have been deleted
 
-    # fill in principal names
+    # Fill in principal names
     if fill_principal_name:
+        worker = MultiAPIAdaptor(cmd.cli_ctx)
         principal_ids = set(worker.get_role_property(i, 'principalId')
                             for i in results if worker.get_role_property(i, 'principalId'))
 

@@ -66,4 +66,9 @@ ad app federated-credential delete:
         federated_identity_credential_id_or_name:
             rule_exclusions:
             - option_length_too_long
+role assignment list:
+    parameters:
+        fill_role_definition_name:
+            rule_exclusions:
+            - option_length_too_long
 ...