When designing your RBAC (role-based access control) in Microsoft Azure, the goal is to reduce the number of individual users and add groups. However, when using management groups, if we try to remove a role assignment, the following error message will be displayed: “Role assignments created at root scope must be removed by using the command line.”
The following PowerShell cmdlet can be used to remove the root-level permissions. Make sure to replace the SignInName parameters to match the username that you want to remove and the RoleDefinition.
Remove-AzRoleAssignment -SignInName [email protected] -Roledefinition "User Access Administrator" -Scope "/"
More Quick Tips articles
- Integrating Microsoft Defender with Cloud App Security
- New from Microsoft: Azure Security Center onboarding guide
- Fixing Azure Key Vault when moving to a different tenant
- Restore Azure Key Vault using just two PowerShell cmdlets
- This overlooked feature in Visual Studio Code can speed release time