When designing your RBAC (role-based access control) in Microsoft Azure, the goal is to reduce the number of individual users and add groups. However, when using management groups, if we try to remove a role assignment, the following error message will be displayed: “Role assignments created at root scope must be removed by using the command line.”
The following PowerShell cmdlet can be used to remove the root-level permissions. Make sure to replace the SignInName parameters to match the username that you want to remove and the RoleDefinition.
Remove-AzRoleAssignment -SignInName [email protected] -Roledefinition "User Access Administrator" -Scope "/"
More Quick Tips articles
- Using location in a consistent way in your ARM template parameters
- Using environment as variables in your Azure DevOps pipelines
- Removing Log Analytics with the soft-delete option
- Using conditions in ARM templates when deploying infrastructure-as-code
- Monitor your Azure VM from your mobile device by scanning a QR code