az role assignment error when using –assignee

Written by James McDonald

September 6, 2019

So I created a Security group in Azure Active Directory named “Development” and then tried to assign it to the “Website Contributor” role with less than stellar results

But going to Azure AD and getting the object ID for the “Development” group and changing fro --assignee to --assignee-object-id did the trick

Seethe example output below

Jamess-MacBook-Pro:~ jmcd$ az role assignment create --assignee "Development" --role "Website Contributor"
Operation failed with status: 'Bad Request'. Details: 400 Client Error: Bad Request for url: https://graph.windows.net/78c7859b-b3cd-442b-812f-c0baad4689a3/getObjectsByObjectIds?api-version=1.6

Jamess-MacBook-Pro:~ jmcd$ az role assignment create --assignee-object-id "18b7ac1b-3334-403d-86f4-976b9ef75681" --role "Website Contributor"
{
  "canDelegate": null,
  "id": "/subscriptions/<SUBSCRIPTION ID>/providers/Microsoft.Authorization/roleAssignments/6096153f-f130-46ec-ab34-a59ba6a30ef4",
  "name": "6096153f-f130-46ec-ab34-a59ba6a30ef4",
  "principalId": "18b7ac1b-3334-403d-86f4-976b9ef75681",
  "principalType": "Group",
  "roleDefinitionId": "/subscriptions/<SUBSCRIPTION ID>/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772",
  "scope": "/subscriptions/<SUBSCRIPTION ID>",
  "type": "Microsoft.Authorization/roleAssignments"
}

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

Squarespace Image Export

To gain continued access to your Squarespace website images after cancelling your subscription you have several...

MySQL 8.x GRANT ALL STATEMENT

-- CREATE CREATE USER 'tgnrestoreuser'@'localhost' IDENTIFIED BY 'AppleSauceLoveBird2024'; GRANT ALL PRIVILEGES ON...

Exetel Opt-Out of CGNAT

If your port forwards and inbound and/or outbound site-to-site VPN's have failed when switching to Exetel due to their...