Reputation: 95
Role assignment for an outside/foreign group with az cli?
What I'm trying to do is use a foreign/outside AAD Security Group in a Role Assignment. I tried with az cli (because the portal does not give me the option to choose Groups from another Directory):
So, I have a resource in Directory # 1 and a Security Group in Directory # 2
az role assignment create --role <role_name> --assignee-object-id <securityGroup_objectId(from Directory#2)> --assignee-principal-type Group --scope <ressource(from Directory#1)>
The error that I get is:
Principal '' does not exist in the directory ''.
I have also tried using --assignee-principal-type ForeignGroup instead of --assignee-principal-type Group
My problem is that I do not understand how should I specify the AAD when I'm using the ForeignGroup, this is the doc I've found
Upvotes: 0
Views: 1154
Answers (1)
Reputation: 58873
Looks like that can be used for assigning access to a CSP partner: https://learn.microsoft.com/en-us/partner-center/reinstate-csp?tabs=workspaces-view.
I'm pretty sure that you can't just grant a security group from another tenant access in your subscription.
Upvotes: 1
Related Questions
- Assigning Custom Azure AD Role to a Security Group
- Assign contributor role to application using az cli
- Azure role assignments to a AD group for a subscription
- Powershell: Can I add a role assignment without adding user to AAD?
- Azure AD Assign Roles to Group
- Trying to find Azure CLI Equivalent of New-AzureADGroupAppRoleAssignment
- How to make group assignments for azure active directory roles?
- How can I use powershell to assign AD groups to Application Roles in Azure?
- Is it possible to set Azure AD directory role via group membership?
- Assign nested group to role in Azure AD Applications Users and groups