@Andrei Nicolae - Welcome to Microsoft Q&A and thanks for reaching out to us.
You mentioned that you have already granted the 'Monitoring Contributor' and 'Monitoring Reader' roles to the Service Principal. However, it seems that these roles do not include the required permission to perform the 'Microsoft.Monitor/locations/operationResults/read' action.
- Ensure that the Service Principal has the correct permissions for the specific operation you’re trying to perform. In your case, it’s related to reading operation results in the Azure Monitor location.
- You can try granting the 'Reader' role at the subscription level to the Service Principal. This role should include the required permission to perform the Microsoft.Monitor/locations/operationResults/read' action.
- After granting the 'Reader' role to the Service Principal at the subscription level, try running the destroy command again and see if the issue is resolved. If the issue persists, you may need to check if there are any other permissions that are required for the 'Microsoft.Monitor/locations/operationResults/read' action and grant those permissions to the Service Principal as well.
Hope this helps. and please feel free to reach out if you have any further questions.
If the above response was helpful, please feel free to "Accept as Answer" and click "Yes" so it can be beneficial to the community.