`az role assignment delete` returns an error if the role assignment does not exist

[rellis-of-rhindleton]

az feedback auto-generates most of the information requested below, as of CLI version 2.0.62

Describe the bug
The az role assignment delete --assignee {object id} --role {role} --subscription {sub id} command returns an error if the assigment does not exist. The message is ERROR: No matched assignments were found to delete.

This is inconsistent with the behavior of az role assignment create, which does not return an error if the role assignment already exists.

We are trying to use the delete command in some automated workflows, and the behavior of delete imposes difficulties. To make things work we are having to query the assignments first. That requires extra permissions that would otherwise not be needed.

Expected behavior
The delete command should be idempotent. It should not fail if the item being deleted does not exist.

Environment summary
GitHub Actions workflow, Ubuntu, AZ CLI 2.27

[jiasli]

Thanks for reporting this issue. This is another instance that idempotence is not honored. We will look into it.

[RanjeetDhole]

az role assignment delete --role "${{ parameters.accesslevel }}" --scope "subscriptions/${{ parameters.subscriptionId }}/resourceGroups/${{ parameters.resourceGroup }}/providers/${{ parameters.MicrosoftProviders }}/${{ parameters.resourceName }}" --assignee ${{ parameters.mailID }}

for above command getting error like No matched assignments were found to delete
we are try to delete role assignment with single resource each as well but does not getting exactly issue with that ,please let me know regards with this @jiasli @yonzhan

[microsoft-github-policy-service]

🔔 Routing this issue to @act-identity-squad.