Azure Question posted in
The official documentation to get you started can be found here.

Azure – az role assignment delete: The request did not have a subscription or a valid tenant level resource provider

I’m trying to do some cleanup (to solve other issues) within a yaml, and I’ve come up with this:

    - task: AzureCLI@2
      inputs:
        azureSubscription: 'MYSUBSCRIPTION'
        scriptType: pscore
        scriptLocation: inlineScript
        inlineScript: |
          az role assignment delete --ids "GUID1 GUID2 GUIDn"
      name: CleanupRoleAssignments

And I’m getting this error:

ERROR: (MissingSubscription) The request did not have a subscription or a valid tenant level resource provider.
Code: MissingSubscription
Message: The request did not have a subscription or a valid tenant level resource provider.

I tried adding --scope but that only got me an additional warning WARNING: option '--scope' will be ignored due to use of '--ids'. The error persisted.

Any idea on what I’m doing wrong?

TIA

Jim

Tags:

2

Answers


  1. 0

    The –ids parameter expects resource IDs for the role assignments. This is what it should look like for a resource-specific assignment:

    /subscriptions/5ef3ad25-ad2f-4fbd-846c-e0de974adf45/resourceGroups/myresourcegroup/providers/Microsoft.CognitiveServices/accounts/mycognitiveaccount/providers/Microsoft.Authorization/roleAssignments/c89f4724-986a-47ca-9f1b-2c152a6b5a73

    For assignments at subscription or resource group level, some of the parts of that ID would be left out.
    The idea is that the ID identifies where the role assignment is as well as the assignment ID.

    Login or Signup to reply.
  2. 0

    Try below in local pc: Replace with your own subscription and resource group

    az role assignment list --scope /subscriptions/xxxx-xxx-xxx-xxx-xxxx/resourceGroups/wb-test-rg

    will return like

    [
  {
    "condition": null,
    "conditionVersion": null,
    "createdBy": "492b05b3-bc6c-4497-8d3e-ab42366d3b9a",
    "createdOn": "2024-06-06T08:33:53.807218+00:00",
    "delegatedManagedIdentityResourceId": null,
    "description": null,
    "id": "/subscriptions/xxxx-xxx-xxx-xxx-xxxx/resourceGroups/wb-test-rg/providers/Microsoft.Authorization/roleAssignments/454c98bf-349a-4643-8f41-8bf45293440e",
    "...."
  }
]

    then delete the assignment using the id:

    az role assignment delete --ids "/subscriptions/xxxx-xxx-xxx-xxx-xxxx/resourceGroups/wb-test-rg/providers/Microsoft.Authorization/roleAssignments/454c98bf-349a-4643-8f41-8bf45293440e"
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search