Please try assigning system-assigned identity the SQL Server Contributor role at the resource group level. It might take a few minutes for the permissions to propagate. You can check the role assignments in the Azure portal under the "Access control (IAM)" section of your resource group.
DataSync Agent permission issue when trying to set up through PowerShell Automation Account
We are trying to automate azure data sync set up through power shell script using azure automation account.
When running the command to set up sync member we are facing permission issue
New-AzSqlSyncMember -ResourceGroupName $resourceGroupName -ServerName $serverName -DatabaseName $databaseName -SyncGroupName $syncGroupName -Name $syncMemberName -MemberDatabaseType $memberDatabaseType -SyncAgentResourceGroupName $syncAgentResourceGroupName
-SyncAgentServerName $syncAgentServerName -SyncAgentName $syncAgentName -SyncDirection $syncDirection -SqlServerDatabaseID $SqlServerDatabaseID
The client '<system-assigned identity>' with object id '<system-assigned identity>' has permission to perform action 'Microsoft.Sql/servers/databases/syncGroups/syncMembers/write' on scope '/subscriptions/<subscription>/resourceGroups/<resource-group>/providers/Microsoft.Sql/servers/<servername>/databases/<db-name>/syncGroups/<syn-group-name>/syncMembers/<syncMemberName>'; however, it does not have permission to perform action(s) 'Microsoft.Sql/servers/syncAgents/write' on the linked scope(s) '/subscriptions/<subscription>/resourceGroups/<resource-group>/providers/Microsoft.Sql/servers/<servername>/syncAgents/<syncAgentName>' (respectively) or the linked scope(s) are invalid.
We have set up system-assigned-identity for automation account with scope at resource group level and role is set to Sql DB Contributor.
Any help on this please?