Is your feature request related to a problem? Please describe.
As a user, permissions errors may be confusing when working with RBAC systems in az ad and could be improved to provide meaningful guidance to address permissions in the correct location. E.g. Azure vs AAD permissions and User account vs Service Principal account.
Describe the solution you'd like
- If the user signed in to the cli with a service principal, if the call to the Graph returns insufficient permissions the cli could say
“you signed in with a service principal, either sign in as a user or add the service principal to a role in AAD that has permissions
to create service principals (like Application Developer)”.
- If the user signed in to the cli with a user, the cli could say “add your user account to a role in AAD that has permissions to
create service principals (like Application Developer)”.
Describe alternatives you've considered
NA
Additional context
Adding @skwan for tracking and conversation.
Is your feature request related to a problem? Please describe.
As a user, permissions errors may be confusing when working with RBAC systems in
az adand could be improved to provide meaningful guidance to address permissions in the correct location. E.g. Azure vs AAD permissions and User account vs Service Principal account.Describe the solution you'd like
“you signed in with a service principal, either sign in as a user or add the service principal to a role in AAD that has permissions
to create service principals (like Application Developer)”.
create service principals (like Application Developer)”.
Describe alternatives you've considered
NA
Additional context
Adding @skwan for tracking and conversation.