Unable to add Event Grid System-assigned Managed Identity to Storage Account Role

Question

I'm unable to search for and assign an Event Grid SAMI to a Storage Account. It doesn't appear when searched for unless I select Users instead of Managed Identity.

1. Azure Storage account (ADLS Gen2 w/ hierarchical namespaces)

• stgstackoverflowtest

2. Create a new Queue

• stgqueue

3. Create New Event and Subscription

• Source: stgstackoverflowtest
• Trigger: When blob created
• Destination: stgqueue

4. Enable System Assigned Managed Identity (SAMI) for EventGrid system topic

5. Add SAMI as Owner to Storage Account

• Herein lies the problem(?). I can't select the SAMI because there is no option for "Event Grid"
• If instead of "Managed Identity", I select "Users" I'm able to locate the Event Grid system topic and add as owner

Answer 1

You can do it from within the Event Grid Topic resource. Go to the blade Identity and then click the button Azure role assigments. From there it will show the way itself.

Alternatively Powershell and the Azure CLI commands would also work. An example using the CLI:

az role assignment create `
--assignee <GUID of the managed identity> `
--role 'Storage Queue Data Contributor' `
--scope /subscriptions/<subscription>/resourceGroups/<resourcegroup>/providers/Microsoft.Storage/storageAccounts/<storage>