When designing your RBAC (role-based access control) in Microsoft Azure, the goal is to reduce the number of individual users and add groups. However, when using management groups, if we try to remove a role assignment, the following error message will be displayed: “Role assignments created at root scope must be removed by using the command line.”
The following PowerShell cmdlet can be used to remove the root-level permissions. Make sure to replace the SignInName parameters to match the username that you want to remove and the RoleDefinition.
Remove-AzRoleAssignment -SignInName [email protected] -Roledefinition "User Access Administrator" -Scope "/"
More Quick Tips articles
- How to delete a sprint when using Azure DevOps
- IaaS VM ‘cheat sheets’ available in Azure Portal
- Finding Azure locations with PowerShell
- Check if Azure Key Vault certificate uses exportable private keys
- Managing access to your Azure invoices