Failed to set Azure permission 'RoleAssignmentId

Question

Hi

Failed to set Azure permission 'RoleAssignmentId: 'xxxxxx' for the service principal 'xxxxxx' on subscription ID 'xxxxxxxx': error code: Forbidden, inner error code: AuthorizationFailed, inner error message The client 'UPN@' with object id 'xxxxxxxxxxx' does not have authorization to perform action 'Microsoft.Authorization/roleAssignments/write' over scope '/subscriptions/xxxxxxxxxxxx/resourcegroups/RG-XXX-DEV/providers/Microsoft.Authorization/roleAssignments/xxxxxxxxxxxx' or the scope is invalid. If access was recently granted, please refresh your credentials. Ensure that the user has 'Owner' or 'User Access Administrator' permissions on the Subscription.

I've added it to the correct group for the RG, but feel like I'm missing another permission, which could be for the subscription??

Cheers
Dave

Answer 1

Hello Dave Leafa

Welcome to Microsoft Q&A Platform, thanks for posting your query here.

Based on the error message you provided, looks like the service principal you are using does not have the required permissions to perform the action 'Microsoft.Authorization/roleAssignments/write' over the specified scope '/subscriptions/xxxxxxxxxxxx/resourcegroups/RG-XXX-DEV/providers/Microsoft.Authorization/roleAssignments/xxxxxxxxxxxx'.

To resolve this issue, you can try the following steps:

1. Ensure that the service principal has the 'Owner' or 'User Access Administrator' role assigned to it at the subscription level.

If the service principal already has the required role assigned, try refreshing the credentials for the service principal.

1. If the issue persists, you can try granting the 'Microsoft.Authorization/roleAssignments/write' permission to the service principal at the subscription level.

I hope this helps!