permissions or AZ CLI

Omar Navarro 326 Reputation points
2023-01-03T19:28:43.673+00:00
az iot edge set-modules --hub-name "$IOT_HUB_NAME" --device-id "$DEVICE_ID" --content "$MANIFEST_FILE_PATH" --resource-group $ResourceGroup --only-show-error -o table  

When executing the command on an Ubuntu device the following error occurs. The Service Principal currently has the Owner role but it seems to need another permission. 275707-not-authorized.png

Azure IoT Edge
Azure IoT Edge
An Azure service that is used to deploy cloud workloads to run on internet of things (IoT) edge devices via standard containers.
388 questions
Azure IoT Hub
Azure IoT Hub
An Azure service that enables bidirectional communication between internet of things (IoT) devices and applications.
695 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Matthijs van der Veer 3,651 Reputation points Microsoft MVP
    2023-01-03T19:38:29.437+00:00

    With the owner role, you gain full control of the Azure resource. For instance, it can delete the IoT Hub.

    What you're trying to do is manipulate the data in the IoT Hub. For that, the SP needs access to the data plane. Try assigning one of these:

    • IoT Hub Data Contributor Allows full access to IoT Hub data plane operations.
    • IoT Hub Registry Contributor Allows full access to the IoT Hub device registry.
    • IoT Hub Twin Contributor Allows read and write access to all IoT Hub devices and module twins.

    Here is a list of all the data plane roles.