Assigning ad role - global reader role to service principal

Question

Assigning ad role - global reader role to service principal

Nitin Naidu 21

I am trying to assign ad role- global reader to service principal in terraform. I says role not found. Want to know whether I can assign ad role to service principal. I am getting this error on trying to assign global reader role to service principal-

Error: loading Role Definition List: could not find role 'Global Reader'
│
│ with module.infrastructure_cloud-scanner-app.azurerm_role_assignment.main["/subscriptions/aeca76e8-1861-4aed-b28a-b8c48923f89b"],
│ on ../../modules/infrastructure/cloud-scanner-app/main.tf line 49, in resource "azurerm_role_assignment" "main":
│ 49: resource "azurerm_role_assignment" "main" {

2 answers

Your answer

Answer 1

Andy David - MVP 157.8K

Yes, go to the Role in Azure and add there

Nitin Naidu 21 Reputation points

2022-08-04T14:43:14.913+00:00

I am trying to assign to service principal with terraform but getting this error-

Error: loading Role Definition List: could not find role 'Global Reader'
│
│ with module.infrastructure_cloud-scanner-app.azurerm_role_assignment.main["/subscriptions/aeca76e8-1861-4aed-b28a-b8c48923f89b"],
│ on ../../modules/infrastructure/cloud-scanner-app/main.tf line 49, in resource "azurerm_role_assignment" "main":
│ 49: resource "azurerm_role_assignment" "main" {
Andy David - MVP 157.8K Reputation points

2022-08-04T14:52:21.133+00:00

See some solutions here:
https://github.com/hashicorp/terraform-provider-azurerm/issues/669

Answer 2

James Hamil 27,221 Microsoft Employee Moderator

Hi @Nitin Naidu , please try using role_definition_id in place of role_definition_name as suggested in the GitHub link above. Please let me know if this works or not.

Best,
James

Share via

Assigning ad role - global reader role to service principal

2 answers

Your answer