-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to use Application principals for RBAC operations. #4776
Comments
@darshanhs90 Can you take a look? This is a pretty fundamental scenario. Want to ensure that this is the right kind of service principal. |
If it helps, this may be more of an API issue since both the CLI and PowerShell cmdlet give the same error. Maybe I'm just doing it wrong. |
I am getting the same issue when trying to add a custom role to my service principal in a subscription scope. I can add the role to the application in the UI, but i have to do a lot of these and I'm trying to script it. |
@ericrini @dreck410 The issue is that the applicationId and the graph object ID are not the same. If you provide the applicationId to the 'ServicePrincipalName' parameter rather than the 'ObjectId' parameter, the cmdlet will query graph for the object ID for you. If you get the service principal details using |
For those finding this thread now or later, the command
|
Cmdlet(s)
New-AzureRmRoleAssignment
PowerShell Version
Module Version
OS Version
Description
All attempts to add AD application principal to a resource or resource group role fail with the error "Principals of type Application cannot validly be used in role assignments". This can be done through the Azure portal.
Debug Output
Full output...
The text was updated successfully, but these errors were encountered: