Thank you for posting this in Microsoft Q&A.
I understand you are trying to create Azure custom roles (RBAC) using Azure CLI but getting error "The client xxx with object id xxx does not have authorization to perform action 'Microsoft.Authorization/roleDefinitions/write' over scope '/subscriptions/[my subscription id]/providers/Microsoft.Authorization/roleDefinitions/d31d7669-45bf-xxxx-xxxx-494fb02b1f00' or the scope is invalid".
Based on the error you don't have permissions to create custom (RBAC) on the subscription.
In order to create Azure custom roles (RBAC), you must have either Owner or User administrator roles. Role-based Access Control Administrator is not sufficient for creating custom roles (RBAC).
For your reference: https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-cli
Hope this helps. Do let us know if you any further queries.
Thanks,
Navya.
If this answers your query, do click Accept Answer
and Yes
for was this answer helpful. And, if you have any further query do let us know.