Public/Get-Role.ps1

#requires -module Az.Resources
using namespace Microsoft.Azure.Commands.Profile.Models

function Get-Role {
  [CmdletBinding()]
  param(
    #The subscription Id(s) to search for roles. This normally doesn't need to be specified, it will find all available roles.
    [Parameter(ValueFromPipeline, ValueFromPipelineByPropertyName)][Alias('Id')][String]$Scope = '/',
    #Fetch roles for everyone, not just yourself. This usually requires additional permissions.
    [Switch]$All,
    #Only fetch activated eligible roles.
    [Parameter(ParameterSetName = 'Enabled')][Switch]$EligibleActivated
  )

  process {
    $filter = if (-not $All) {
      'asTarget()'
    }
    try {
      if ($EligibleActivated) {
        Get-AzRoleAssignmentScheduleInstance -Scope $scope -Filter $filter -ErrorAction stop |
          Where-Object AssignmentType -EQ 'Activated'
      } else {
        Get-AzRoleEligibilitySchedule -Scope $scope -Filter $filter -ErrorAction stop
      }
    } catch {
      if (-not ($PSItem.FullyQualifiedErrorId.Split(',')[0] -eq 'InsufficientPermissions')) {
        $PSCmdlet.WriteError($PSItem)
        return
      }

      $PSItem.ErrorDetails = "You specified -All but do not have sufficient rights to view all available roles at this scope, this usually requires Owner rights at the specified scope ($Scope)."

      $PSCmdlet.WriteError($PSItem)
      return
    }
  }
}

#Formatting for
# Update-TypeData -TypeName 'Microsoft.Azure.PowerShell.Cmdlets.Resources.Authorization.Models.Api20201001Preview.RoleEligibilityScheduleRequest' -DefaultDisplayPropertySet 'PrincipalEmail', 'ScopeDisplayName', 'RoleDefinitionDisplayName', 'ExpirationEndDateTime'

#Get active roles. Ones with Activated State