Connect-AzAccount using service principle

Question

Hi Everyone,

I'm trying to login using service principle for Connect-AzCccount

Connect-AzAccount -Tenant $tenantId -Subscription $subscription -Credential $psCredential -ServicePrincipal

The login is successful, however I'm not able to execute the Set-AzKeyVaultManagedStorageSasDefinition.

Set-AzKeyVaultManagedStorageSasDefinition -AccountName $staccname -VaultName $kvname `
-Name $SASDefinitionName -TemplateUri $sasToken -SasType 'account' -ValidityPeriod ([System.Timespan]::FromDays(1))

Below is the error I'm getting. I have given permission to keyvault on storage account as well as permission to service principle to keyvault. Not sure why this error is again popping up. If I use normal login using Connect-AzAccount, then everything works fine. Only issue comes when I login using service principle. Can someone let me know what am i missing in here. Permission to keyvault /storage account / service principle are already give. If anything I'm missing let me know. Thanks

Answer 1

@Sameer Bhat Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

Based on the error message Add-AzKeyVaultManagedStorageAccount : Operation returned an invalid status code 'Forbidden' there is a similar thread discussion, please refer to the troubleshooting steps and let me know the status.

Also check in the access policy->Select principal is been added

You can also refer to this thread it explains How RBAC works and designed.

You can provide or

You can check this article for a complete example: Add-AzureKeyVaultManagedStorageAccount

Please let us know if you have any further queries. I’m happy to assist you further.
Looking forward for your reply!

----------------------------------------------------------------------------------------------------------------------------------------------------------------

Please do not forget to and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.