CODEWITHSUNDEEP
azureazure-powershellazure-automationazure-rbac
Makram
Makram

Reputation: 843

Azure Automation - Unable to get AzRoleAssignement

In order to automate some processes, I'm using Azure Automation with Owner rights for RunAsAccount.

$connection = Get-AutomationConnection -Name AzureRunAsConnection

while(!($connectionResult) -And ($logonAttempt -le 10))
{
    $LogonAttempt++
    # Logging in to Azure...
    $connectionResult =    Connect-AzAccount `
                               -ServicePrincipal `
                               -Tenant $connection.TenantID `
                               -ApplicationId $connection.ApplicationID `
                               -CertificateThumbprint $connection.CertificateThumbprint

    Start-Sleep -Seconds 30
    Write-Output $connectionResult
}

Get-AzRoleAssignment -ResourceGroupName $USERRGNAME -SignInName $USEREMAIL -verbos

An error is being thrown each time I execute the script:

Get-AzRoleAssignment: Cannot find principal using the specified options

Any idea to solve this issue?

Upvotes: 1

Views: 616

Answers (2)

Nancy Xiong
Nancy Xiong

Reputation: 28224

Probably you need to give RunAsAccount with the Application permission Directory.Read.All of the Azure AD Graph(not Microsoft Graph, not Delegated permission). By default, RunAsAccount doesn't have the Azure AD permission.

enter image description here

You could read Joy's answer for more details.

Upvotes: 2

Mski
Mski

Reputation: 37

This error is showing when there is no Role Assignment for name that is provided in the SignInName option.

Upvotes: 1

Related Questions