Hello @suman.kumar ,
Thanks for reaching out.
Looking at above error message, it seems that the client 'suman.kumar@legitquest.com' with object id 'b740b4ee-96a6-4752-932c-0f770c37b929' does not have access to /subscriptions/c92c7baa-eaad-434b-9375-37f5989aa19d to perform action 'Microsoft.Authorization/roleAssignments/write'
Because, az ad sp create-for-rbac
cmdlet create a service principal and configure its access to Azure resources. By default, this command assigns the 'Contributor' role to the service principal at the subscription scope.
Therefore, account which you are using to Login to CLI must have RBAC owner access at subscription level to perform role assignment.
To fix this issue, either ask your subscription admin to assign RBAC Owner role to your account (or) If you just wanted to create login credentials without role assignment to subscription then use --skip-assignment
parameter as shown below and this doesn't require access to subscription level.
az ad sp create-for-rbac --sdk-auth --skip-assignment
Here is similar thread for your reference
Hope this helps.
---
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
To lean more, refer.