I'm trying to do some cleanup (to solve other issues) within a yaml, and I've come up with this:
- task: AzureCLI@2
inputs:
azureSubscription: 'MYSUBSCRIPTION'
scriptType: pscore
scriptLocation: inlineScript
inlineScript: |
az role assignment delete --ids "GUID1 GUID2 GUIDn"
name: CleanupRoleAssignments
And I'm getting this error:
ERROR: (MissingSubscription) The request did not have a subscription or a valid tenant level resource provider.
Code: MissingSubscription
Message: The request did not have a subscription or a valid tenant level resource provider.
I tried adding --scope but that only got me an additional warning WARNING: option '--scope' will be ignored due to use of '--ids'. The error persisted.
Any idea on what I'm doing wrong?
TIA
Jim
Try below in local pc: Replace with your own subscription and resource group
az role assignment list --scope /subscriptions/xxxx-xxx-xxx-xxx-xxxx/resourceGroups/wb-test-rg
will return like
[
{
"condition": null,
"conditionVersion": null,
"createdBy": "492b05b3-bc6c-4497-8d3e-ab42366d3b9a",
"createdOn": "2024-06-06T08:33:53.807218+00:00",
"delegatedManagedIdentityResourceId": null,
"description": null,
"id": "/subscriptions/xxxx-xxx-xxx-xxx-xxxx/resourceGroups/wb-test-rg/providers/Microsoft.Authorization/roleAssignments/454c98bf-349a-4643-8f41-8bf45293440e",
"...."
}
]
then delete the assignment using the id:
az role assignment delete --ids "/subscriptions/xxxx-xxx-xxx-xxx-xxxx/resourceGroups/wb-test-rg/providers/Microsoft.Authorization/roleAssignments/454c98bf-349a-4643-8f41-8bf45293440e"