Solved! Authorization error when creating your RBAC roles

When authorizing my RBAC roles, I ran into an error. Let me share with you what happened and how I fixed it.

I used an existent built-in role to start creating my custom role, and I started getting this error.

New-AzureRmRoleDefinition : The client ‘[email protected]’ with object id ‘1c60dbf3-1b11-450d-8edf-e1a98a26b857’ does not have authorization to perform action ‘Microsoft.Authorization/roleDefinitions/write’ over scope ‘/providers/Microsoft.Authorization/roleDefinitions/2809becb-fcbd-47c8-8739-8c4f1771ec32’.

I went to look at the JSON file and I noticed where was my mistake. It was on the AssignableScopes section. We need to enter a value that starts with either /subscriptions/<subscriptionID> or /providers. If you are not sure what the subscription ID that you need to use, is you can always run Get-AzureRmSubscription cmdlet to retrieve your subscriptions and their IDs.

Here’s the fix: Just make sure to enter in a format similar to the image below and try it again.

Featured image: Pixabay

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top