Privileged Roles not Available for Assignment in Azure Portal

Amal Antony 50 Reputation points
2024-01-29T15:34:34.6933333+00:00

The requirement is to assign the Contributor + Role Based Access Control Administrator or the Owner role on a resource group to service principal. When selecting the IAM blade of the resource group and searching for the roles, only 2 privileged roles are displayed, as opposed to 4 roles, as noted in this article - https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-steps. Attaching a screenshot of the 2 roles available.Screenshot from 2024-01-29 20-03-53 I can assign the Contributor role, but cannot see the other roles at all. I have Owner permission on this specific resource group, inherited from the subscription. So, technically, I should be able to manage all aspects of the RG.

Another piece of information - This does not seem like an IAM issue, because I have been able to assign Role Based Access Control Administrator through Azure CLI on the same RG. The issue appears to be on the presentation/availability of roles in the UI.
Any ideas on what might be causing this behaviour?

Thanks in advance.

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
784 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,275 questions
{count} votes

Accepted answer
  1. Navya 9,320 Reputation points Microsoft Vendor
    2024-02-02T12:37:53.0666667+00:00

    Hi @Amal Antony

    I understand you are unable to see all the privileged roles when trying to assign roles on a resource group to a service principal in the Azure portal.

    There may be restrictions on the role assignments you receive. View the roles assigned to you and Check if there is a condition that constrains the role assignments.

    To resolve this problem, please follow the instructions in this document: https://learn.microsoft.com/en-us/azure/role-based-access-control/troubleshooting?tabs=bicep#symptom---roles-or-principals-are-not-listed

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.