azureazure-pipelinesazure-cliazure-resource-group

az role assignment delete: The request did not have a subscription or a valid tenant level resource provider


I'm trying to do some cleanup (to solve other issues) within a yaml, and I've come up with this:

    - task: AzureCLI@2
      inputs:
        azureSubscription: 'MYSUBSCRIPTION'
        scriptType: pscore
        scriptLocation: inlineScript
        inlineScript: |
          az role assignment delete --ids "GUID1 GUID2 GUIDn"
      name: CleanupRoleAssignments

And I'm getting this error:

ERROR: (MissingSubscription) The request did not have a subscription or a valid tenant level resource provider.
Code: MissingSubscription
Message: The request did not have a subscription or a valid tenant level resource provider.

I tried adding --scope but that only got me an additional warning WARNING: option '--scope' will be ignored due to use of '--ids'. The error persisted.

Any idea on what I'm doing wrong?

TIA

Jim


Solution

  • Try below in local pc: Replace with your own subscription and resource group

    az role assignment list --scope /subscriptions/xxxx-xxx-xxx-xxx-xxxx/resourceGroups/wb-test-rg
    

    will return like

    [
      {
        "condition": null,
        "conditionVersion": null,
        "createdBy": "492b05b3-bc6c-4497-8d3e-ab42366d3b9a",
        "createdOn": "2024-06-06T08:33:53.807218+00:00",
        "delegatedManagedIdentityResourceId": null,
        "description": null,
        "id": "/subscriptions/xxxx-xxx-xxx-xxx-xxxx/resourceGroups/wb-test-rg/providers/Microsoft.Authorization/roleAssignments/454c98bf-349a-4643-8f41-8bf45293440e",
        "...."
      }
    ]
    
    

    then delete the assignment using the id:

    az role assignment delete --ids "/subscriptions/xxxx-xxx-xxx-xxx-xxxx/resourceGroups/wb-test-rg/providers/Microsoft.Authorization/roleAssignments/454c98bf-349a-4643-8f41-8bf45293440e"