When authorizing my RBAC roles, I ran into an error. Let me share with you what happened and how I fixed it.
I used an existent built-in role to start creating my custom role, and I started getting this error.
New-AzureRmRoleDefinition : The client ‘[email protected]’ with object id ‘1c60dbf3-1b11-450d-8edf-e1a98a26b857’ does not have authorization to perform action ‘Microsoft.Authorization/roleDefinitions/write’ over scope ‘/providers/Microsoft.Authorization/roleDefinitions/2809becb-fcbd-47c8-8739-8c4f1771ec32’.
I went to look at the JSON file and I noticed where was my mistake. It was on the AssignableScopes section. We need to enter a value that starts with either /subscriptions/<subscriptionID> or /providers. If you are not sure what the subscription ID that you need to use, is you can always run Get-AzureRmSubscription cmdlet to retrieve your subscriptions and their IDs.
Here’s the fix: Just make sure to enter in a format similar to the image below and try it again.
Featured image: Pixabay