When designing your RBAC (role-based access control) in Microsoft Azure, the goal is to reduce the number of individual users and add groups. However, when using management groups, if we try to remove a role assignment, the following error message will be displayed: “Role assignments created at root scope must be removed by using the command line.”
The following PowerShell cmdlet can be used to remove the root-level permissions. Make sure to replace the SignInName parameters to match the username that you want to remove and the RoleDefinition.
Remove-AzRoleAssignment -SignInName [email protected] -Roledefinition "User Access Administrator" -Scope "/"
More Quick Tips articles
- Allow a home computer to connect to your Azure SQL server/database
- Delete Microsoft Teams cache fast with this PowerShell one-liner
- Azure Charts: If you’re not using this cool feature, you should be
- Azure Portal Managed View: Finally, a site for sore eyes
- Reading text files the easy way with PowerShell and Linux bash shell