Role Assignment error

Hari Vidya Sankar 1 Reputation point


Logged in as a Global Administrator and was trying to assign a role and getting the following error

New-AzRoleAssignment : The client 'email id' with object id 'axxx'
does not have authorization to perform action 'Microsoft.Authorization/roleAssignments/write' over scope
'/providers/Microsoft.Authorization/roleAssignments/xx' or the scope is invalid. If
access was recently granted, please refresh your credentials.

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
601 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Saurabh Sharma 23,171 Reputation points Microsoft Employee

    Hi @Hari Vidya Sankar ,

    You need to have "User Access Administrator" or "Owner" Permissions to assign specific roles to a resource as these roles has Microsoft.Authorization/roleAssignments/write permissions which normally Global Administrator doesn't have. GA can mange all aspects of Azure AD but managing resources you need to other RBAC permissions. Here is the documentation for your reference.

    Please let me know if you have any other questions.



    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.