permissions or AZ CLI

Question

permissions or AZ CLI

Omar Navarro 326

az iot edge set-modules --hub-name "$IOT_HUB_NAME" --device-id "$DEVICE_ID" --content "$MANIFEST_FILE_PATH" --resource-group $ResourceGroup --only-show-error -o table

When executing the command on an Ubuntu device the following error occurs. The Service Principal currently has the Owner role but it seems to need another permission.

Answer 1

Matthijs van der Veer 3,651 Microsoft MVP

With the owner role, you gain full control of the Azure resource. For instance, it can delete the IoT Hub.

What you're trying to do is manipulate the data in the IoT Hub. For that, the SP needs access to the data plane. Try assigning one of these:

IoT Hub Data Contributor Allows full access to IoT Hub data plane operations.
IoT Hub Registry Contributor Allows full access to the IoT Hub device registry.
IoT Hub Twin Contributor Allows read and write access to all IoT Hub devices and module twins.

Here is a list of all the data plane roles.

Omar Navarro 326 Reputation points

2023-01-03T19:56:33.707+00:00

@Matthijs van der Veer after adding the role to the SP, how much time must pass for the new role to take effect?
Matthijs van der Veer 3,651 Reputation points Microsoft MVP

2023-01-04T08:25:36.61+00:00

It shouldn't take more than a few minutes, although I've seen it take up to half an hour. Be sure to log in with your SP again and it should be good to go.
Ashok Peddakotla 9,961 Reputation points Microsoft Employee

2023-01-31T05:38:55.4433333+00:00

Omar Navarro Are you still blocked? If the suggestions answers your query, do click Accept Answer and Yes. And, if you have any further queries do let us know.

permissions or AZ CLI

1 answer

Activity