Getting 403 error in Terraform while assigning RBAC in Azure

Question

I have correct access (Owner) and able to assign RBAC through portal but not Terraform.

│ Error: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client 'xxxxxx' with object id '7229' does not have authorization to perform action 'Microsoft.Authorization/roleAssignments/write' over scope '/subscriptions/58146/resourceGroups/eus2-rg/providers/Microsoft.KeyVault/vaults/kv01/providers/Microsoft.Authorization/roleAssignments/67d' or the scope is invalid. If access was recently granted, please refresh your credentials."

Answer 1

Hi @Harshit Z Kothari 

Thank you for sharing your issue on Microsoft Q&A. 

I Understand that you are getting a 403 error while assigning RBAC in Azure portal but not via Terraform even though you have owner role. 

The error message indicates that the scope is either invalid or the client does not have the required permissions to perform the action. Since you mentioned that you have an owner role, you should be able to assign users under RBAC. so, double-check that it exists and that you have access to it. If possible, please share your Terraform code. 

If the issue continues, provide more details about the error so we can troubleshoot further. 

I hope this information is helpful. Please feel free to reach out if you have any further questions.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Best regards, 
Harshitha Eligeti.