Attempt to create service principal for RBAC with contributor role fails with "WARNING: Role assignment creation failed."

Siegfried Heintze 1,861 Reputation points

I'm trying to follow these instructions:

az ad sp create-for-rbac --name spad_ServiceBusSimpleSendReceive002 --role contributor --scopes /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx7db/resourceGroups/rg_ServiceBusSimpleSendReceive002

WARNING: Creating 'contributor' role assignment under scope '/subscriptions/acc26051-92a5-4ed1-a226-64a187bc27db/resourceGroups/rg_ServiceBusSimpleSendReceive002


WARNING:   Role assignment creation failed. 

WARNING:   role assignment response headers: {'Content-Type': 'text/html; charset=us-ascii', 'Date': 'Sat, 27 Apr 2024 22:39:51 GMT', 'Connection': 'close', 'Content-Length': '324'}

ERROR: Operation returned an invalid status 'Bad Request'

Also: I don't understand the --json-auth. I could not determine what this is for from the documentation.



Microsoft Entra
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marcin Policht 13,480 Reputation points MVP

    Verify that the value of the --scopes parameter is correct and that you have sufficient permissions to the target Entra tenant and the corresponding Azure subscription.

    The --json-auth parameter results in the JSON output which can be added directly to GitHub as a secret and referenced in GitHub Actions that require access to the target Azure subscription

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.