How can I resolve the 'Cannot find user or service principal in graph database' error when assigning a role in Azure Digital Twins using a Microsoft account email?

Question

I'm attempting to do the Digital Twins hands-on lab from GitHub (https://github.com/Azure-Samples/digital-twins-samples/tree/main/HandsOnLab), and I need to assign the Azure Digital Twins Data Owner permission using the following code:

plaintextCopy code
az dt role-assignment create -n $dtname -g $rgname --role "Azure Digital Twins Data Owner" --assignee $username -o json

However, when I enter this code in PowerShell, I get an error:

plaintextCopy code
Cannot find user or service principal in graph database for 'hgl2635@naver.com'. If the assignee is an appId, make sure the corresponding service principal is created with 'az ad sp create --id hgl2635@naver.com'.
Unable to assign role.

How should I proceed?

Answer 1

Hello @hwajeong lee,

welcome to this moderated Azure community forum.

I tried the command on a Azure Digital Twins environment myself and it works as expected:

You need to fill in the name of the ADT environment, resource group and email address of the person

Check if the email address is already registered within EntraID/AAD.

Please check the actual values of $dtname etc.

I did not need to use quotes for the values.

I expect you performed an 'az login' already, pointing to the right subscription.

---

If the response helped, do "Accept Answer". If it doesn't work, please let us know the progress. All community members with similar issues will benefit by doing so. Your contribution is highly appreciated.