how to run Update API to update Azure RBAC role settings using POSTMAN?

NeelDarji-7992 91 Reputation points
2023-12-18T17:08:50.8966667+00:00

We have requirement to update Role settings for any RBAC role using API using POSTMAN. All GET APIs are working perfectly OK, but when I tried to use any POST, PUT, PATCH api calls, it is giving below error:

{
    "error": {
        "code": "AuthorizationFailed",
        "message": "The client 'xxxxxx' with object id 'xxxx' does not have authorization to perform action 'Microsoft.Authorization/roleManagementPolicyAssignments/action' over scope '/providers/Microsoft.Subscription/subscriptions/xxxxx/providers/Microsoft.Authorization' or the scope is invalid. If access was recently granted, please refresh your credentials."
    }
}

I have given Registered Application Reader and Contributor access to this subscription.

What else can be issues here?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,171 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Akhilesh Vallamkonda 11,680 Reputation points Microsoft Vendor
    2023-12-19T10:39:56.4833333+00:00

    Hi @Darji, Neel
    Thank you for posting your query on Q&A.
    I understand that you are trying to update Azure RBAC role settings using HTTP methods, such as GET, PUT, PATCH, and POST in Postman. As you mentioned in the Q&A, you have Contributor access to the subscription.

    With the Contributor access, you can create and manage all types of Azure resources, but you cannot assign roles in Azure RBAC.

    The POST, PUT, and PATCH methods are not compatible with the Contributor access to update Azure RBAC role, because they would change the role definitions, which are not allowed by the Contributor role. You can only use the GET method to read the role definitions.

    The POST, PUT, and PATCH methods are used to create or modify resources which is explained below.

    The POST HTTP method is used to send data to a resource and create a new entity.

    The PUT HTTP method is used to update or create a resource with the given data.

    The PATCH HTTP method is used to update some fields of a resource without affecting the rest.
    I hope this answer helps! If you have any further questions, please feel free to ask.

    Reference: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

    https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-rest

    Thanks,

    Akhilesh.
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.