New-AzRoleAssignment needs allways a ResourceGroup in Scope #22473
Labels
ARM - RBAC
bug
This issue requires a change to an existing behavior in the product in order to be resolved.
customer-reported
Service Attention
This issue is responsible by Azure service team.
Tracking
We will track status and follow internally
Milestone
Description
I need to assign a role to an objectId with scope that is not a resource group.
I got the following error, because the scope has no resourcegroup in path:
New-AzRoleAssignment: Scope '/subscriptions/<subid>/providers/Microsoft.DocumentDB/locations/westeurope/restorableDatabaseAccounts/<dbaccountid>' should begin with '/subscriptions/<subid>/resourceGroups'.
Subid and dbaccount id are part of my scope.
I like to assign the role CosmosRestoreOperator. This is a role, that can not assign on a scope with a resource group
I looke at the implementation and there was a verification, that "resourcegroups" is needed in scope path.
Issue script & Debug output
Environment data
Module versions
Error output
The text was updated successfully, but these errors were encountered: