Context:
I need to clean up role assignments using CLI because Azure does not remove them itself when removing the identity.
When running the following command on an Azure DevOps Hosted Agent:
az role assignment list --assignee $principalId --all
Result
The CLI gives the following feedback:
Failed to query xxxx-xxxx-xxxx-xxxx by invoking Graph API. If you don't have permission to query Graph API, please specify --assignee-object-id and --assignee-principal-type.
WARNING: Assuming xxxx-xxxx-xxxx-xxxx as an object ID.
Problem:
assignee-object-id and assignee-principal-type are not valid parameters for az role assignment list.
If used. The following is returned:
unrecognized arguments: --assignee-principal-type ServicePrincipal --assignee-object-id xxxx-xxxx-xxxx-xxxx
(Thankfully using the principalId as ObjectId appearantly works. But we really want to get rid of the warnings in our DevOps dashboard..)
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
Context:
I need to clean up role assignments using CLI because Azure does not remove them itself when removing the identity.
When running the following command on an Azure DevOps Hosted Agent:
az role assignment list --assignee $principalId --allResult
The CLI gives the following feedback:
Failed to query xxxx-xxxx-xxxx-xxxx by invoking Graph API. If you don't have permission to query Graph API, please specify --assignee-object-id and --assignee-principal-type.WARNING: Assuming xxxx-xxxx-xxxx-xxxx as an object ID.Problem:
assignee-object-idandassignee-principal-typeare not valid parameters foraz role assignment list.If used. The following is returned:
unrecognized arguments: --assignee-principal-type ServicePrincipal --assignee-object-id xxxx-xxxx-xxxx-xxxx(Thankfully using the principalId as ObjectId appearantly works. But we really want to get rid of the warnings in our DevOps dashboard..)
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.