I am trying to use Azure CLI to monitor messages from the devices registered in an IoT Central application. I have been able to do this if I log in to Azure CLI using my credentials but I would like to log in to Azure CLI using a service principal and when I do this I do not have the correct permissions.
In Active Directory I registered an app and created a client secret for it. I then used the Access Control (IAM) for the Azure subscription to assign the app to the built-in ‘Reader’ role.
I can then log in to Azure CLI using this service principal.
az login --service-principal -u <app-url> -p <password-or-cert> --tenant <tenant>
However, when I try to monitor IoT Central messages I receive the following error:
The user does not have permission to perform the requested actions: /operating/devices/read Please ensure that the user is logged through the
az logincommand, has the correct tenant set (the users home tenant) and has access to the application through http://apps.azureiotcentral.com
I am not sure where to go from here. I was wondering if perhaps I needed to assign a different role to the service principal but I don’t know what permissions are required to be able to monitor IoT Central device messages.
I would appreciate it if someone could point me in the right direction.