@Artyom Lukianov Firstly, Apologies for the delay response here! Thank you for posting your query here! Welcome to Microsoft Q&A Forum.
When you assign roles or remove role assignments, it can take up to 10 minutes for changes to take effect. If you're using the Azure portal, Azure PowerShell, or Azure CLI, you can force a refresh of your role assignment changes by signing out and signing in. If you're making role assignment changes with REST API calls, you can force a refresh by refreshing your access token.
Cause You added managed identities to a group and assigned a role to that group. The back-end services for managed identities maintain a cache per resource URI for around 24 hours. Solution It can take several hours for changes to a managed identity's group or role membership to take effect. For more information, see Limitation of using managed identities for authorization. When you make changes to role assignments in Azure, it can take some time for all components to be aware of the changes. The amount of time it takes for the changes to propagate can vary depending on a number of factors, such as the size of your Azure environment and the number of role assignments that need to be updated.
In general, changes to role assignments should propagate within a few minutes. However, in some cases it may take longer for the changes to take effect. If you are experiencing delays in the propagation of role assignment changes, you can try the following steps:
- Check the status of the role assignment changes in the Azure portal. You can do this by going to the "Activity log" in the Azure portal and looking for any errors or warnings related to the role assignment changes.
- Check the status of the Azure services that are affected by the role assignment changes. If there are any issues with the services, it may be affecting the propagation of the role assignment changes.
- Try logging out of the Azure portal and logging back in again. This can sometimes help to refresh the portal and ensure that the changes are being propagated correctly.
Additional information: Steps to assign an Azure role
Assign Azure resource roles in Privileged Identity Management
Once you know the security principal, role, and scope, you can assign the role. You can assign roles using the Azure portal, Azure PowerShell, Azure CLI, Azure SDKs, or REST APIs.
You can have up to 4000 role assignments in each subscription. This limit includes role assignments at the subscription, resource group, and resource scopes. You can have up to 500 role assignments in each management group. For more information, see Troubleshoot Azure RBAC limits.
Please let us know if you have any further queries. I’m happy to assist you further.
---
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.