Description:
You want to deploy Enterprise-Scale Architecture at your Azure Environment.
One of the prerequisite is to explicitly provide roleAssignment (RBAC) at the tenant root scope via CLI or PowerShell (Note: There’s no portal UX to make this roleAssignment)
However several error occurred when you try to run the following command at Azure CLI to provide the role Assignment.
- az login
Error message: The following tenants don't contain accessible subscriptions. Use 'az login --allow-no-subscriptions' to have tenant level access.
- az role assignment create --scope '/' --role 'Owner' --assignee-object-id $(az ad signed-in-user show --query objectId)
Error message: Failed to query --assignee-principal-type for "7786a679-034b-42cc-a23a-xxxxxxxxxxxx" by invoking Graph API. RBAC server might reject creating role assignment without --assignee-principal-type in the future. Better to specify --assignee-principal-type manually. The Principal ID '"7786a679-034b-42cc-a23a-xxxxxxxxxxxx"' is not valid. Principal ID must be a GUID.
Resolution:
To fix the issue, the command needs some small changes. Instead of using the above command, try to use the following command:
- az login -t yourdomainname.onmicrosoft.com
- az role assignment create --scope '/' --role 'Owner' --assignee-object-id "7786a679-034b-42cc-a23a-xxxxxxxxxxx"
No comments:
Post a Comment