Skip to content

[Bug]: RoleAssignment cmdlets didn't handle it properly when insufficient MSGraph permission #28583

New issue
New issue
Closed
Bug
#28584
Closed
[Bug]: RoleAssignment cmdlets didn't handle it properly when insufficient MSGraph permission#28583
Bug
#28584
Assignees
copilot-swe-agent
Labels
AuthorizationAzure PS TeambugThis issue requires a change to an existing behavior in the product in order to be resolved.
@isra-fel

Description

@isra-fel
isra-fel
opened on Sep 18, 2025

Description

The ToPSRoleAssignment() method takes a role assignment object returned from Azure and gathers extra information from Microsoft Graph to enrich the model for display in PowerShell.

azure-powershell/src/Resources/Resources/Models.Authorization/AuthorizationClientExtensions.cs

Line 70 in 8e96a77

public static PSRoleAssignment ToPSRoleAssignment(this RoleAssignment assignment, AuthorizationClient policyClient, ActiveDirectoryClient activeDirectoryClient, string scopeForRoleDefinition = null)

It takes a priority order like the following for determining ObjectType:

  1. Live Active Directory object type (most current)
  2. Cached principal type from the assignment (fallback)
  3. "Unknown" type (when AD lookup fails)

However, when an exception occurs in the ToPSRoleAssignment() method, the ObjectType will be "Unknown", not the cached principal type.

Metadata

Metadata

Assignees

Labels

AuthorizationAzure PS TeambugThis issue requires a change to an existing behavior in the product in order to be resolved.

Type

Bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions