Share via

The request did not have a subscription or a valid tenant level resource provider

David He (AU) 5 Reputation points
2024-01-10T06:00:24.7633333+00:00

I've received the error below when trying to assign a role to a group on EntraID while scoping it to a given cluster.

az role assignment create \
    --assignee a-test-group \
    --role "Azure Kubernetes Service Cluster User Role" \
    --scope /subscriptions/xxx/resourceGroups/yyy/providers/Microsoft.ContainerService/managedClusters/my-cluster

error message

(MissingSubscription) The request did not have a subscription or a valid tenant level resource provider. Code: MissingSubscription Message: The request did not have a subscription or a valid tenant level resource provider.

I can confirm I have the right permission and cli has been configured to point to the right subscription.

Any help is welcome.

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
689 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. JamesTran-MSFT 36,486 Reputation points Microsoft Employee
    2024-01-10T19:34:40.6566667+00:00

    Thank you for your post!

    Error Message:

    (MissingSubscription) The request did not have a subscription or a valid tenant level resource provider. Code: MissingSubscription Message: The request did not have a subscription or a valid tenant level resource provider.

    From the error message that you received, this indicates that the request didn't have a subscription or a valid tenant level resource provider. To hopefully help point you in the right direction, you can try the following steps to troubleshoot.

    1. Double-check that Azure CLI is configured to use the correct subscription. You can use the following command to set the default subscription:
    Replace `<subscription-id>` with the ID of the subscription you want to use.

az account set --subscription <subscription-id>
    1. Ensure that Azure CLI command's --scope for your resource is the full resource ID, such as:
    /subscriptions/<guid>/resourceGroups/myResourceGroup

/subscriptions/<guid>/resourceGroups/myResourceGroupVnet/providers/Microsoft.Network/virtualNetworks/myVnet.
    1. If assigning the Azure Kubernetes Service Cluster User Role to a group on within MS Entra ID isn't working from CLI on your desktop, you can see if using Bash from the Azure Portal helps to resolve the issue.

    If you're still having issues, please share the documentation that you're following so I can try to reproduce your issue on my end.

    Additional Links:

    I hope this helps!

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

    1 person found this answer helpful.
    0 comments