Azure Support Team,
Requirement: To create a custom RBAC role using Python(3.12)
Code is pasted below:
On executing the code getting the following error
azure.core.exceptions.ResourceNotFoundError: (MissingSubscription) The request did not have a subscription or a valid tenant level resource provider.
Code: MissingSubscription
Message: The request did not have a subscription or a valid tenant level resource provider.
Please note I am running this code with the required privileges(Owner account) & when I run az account show, I am able to see the subscription id, tenant id,everything.
Based on previous slutions, tried using subscriptions instead of subscription, also tried using double slash/single slash, but nothing is working in my case.
Please provide a solution for the same.
from azure.identity import DefaultAzureCredential
from azure.mgmt.authorization import AuthorizationManagementClient
from azure.mgmt.authorization.models import RoleDefinition
from azure.mgmt.resource import ResourceManagementClient
def create_custom_rbac_role(subscription_id, resource_group_name, role_definition_name, role_definition_id,
assignable_scopes, permissions, description):
# Initialize Azure credentials
credentials = DefaultAzureCredential()
# Initialize Resource Management client
resource_client = ResourceManagementClient(credentials, subscription_id)
# Initialize Authorization Management client
authorization_client = AuthorizationManagementClient(credentials, subscription_id)
# Create custom role definition
role_definition = RoleDefinition(
assignable_scopes=assignable_scopes,
permissions=permissions,
description=description,
role_name=role_definition_name
)
# Create or update role definition
authorization_client.role_definitions.create_or_update(resource_group_name, role_definition_id, role_definition)
print("Custom RBAC role created successfully.")
# Example usage:
subscription_id = 'your-subscription-id'
resource_group_name = 'your-resource-group'
role_definition_name = 'CustomRoleName'
role_definition_id = f"/subscriptions/{subscription_id}/providers/Microsoft.Authorization/roleDefinitions/{role_definition_name}"
assignable_scopes = ['/subscriptions/{subscription_id}']
permissions = [
{
"actions": ["Microsoft.Storage/storageAccounts/listKeys/action"],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
description = 'Custom role for accessing user storage account'
create_custom_rbac_role(subscription_id, resource_group_name, role_definition_name, role_definition_id,
assignable_scopes, permissions, description)