question

RaitisNeitals-3771 avatar image
0 Votes"
RaitisNeitals-3771 asked RaitisNeitals-3771 commented

Can't remove last role assignment to Privileged Role Administrator in Azure

Hello!

As Global Administrator why i can't remove last admin assignment to Privileged Role Administrator role?

Response from Azure i am receiving is: "Removing role assignment failed. Cannot delete the last admin assignment."

Is this set up like that by default for all admin Roles?

Thanks in advance!

azure-ad-privileged-identity-management
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

ShwetaMathur avatar image
0 Votes"
ShwetaMathur answered RaitisNeitals-3771 commented

Hi @RaitisNeitals-3771,

Thanks for reaching out.

I understand you are trying to delete all the role assignments to Privileged Role Administrator and getting error while deleting last assignment.

The error you are getting is expected as you can't remove last assignment from Privileged Role Administrator. This role manages Azure AD PIM and grants the ability to manage assignments for all Azure AD roles including the Global Administrator role.

The Azure AD Privileged Identity Management (PIM) service also allows Privileged role administrators to make permanent admin role assignments.

This has only been setup like that only for Privileged Role Administrator, not for all the administrator roles.

Hope this will help.

Thanks,
Shweta


Please remember to "Accept Answer" if answer helped you.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks a lot for support!

1 Vote 1 ·