Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Principals of type Application cannot validly be used in role assignments.
See original GitHub issueEnvironment summary
Command az role assignment create \
--assignee-object-id <objec-id> \ --role Contributor \ --scope /subscriptions/<subscription id>/
returning error: Principals of type Application cannot validly be used in role assignments.
Install Method (e.g. pip, interactive script, apt-get, Docker, MSI, edge build) / CLI version (az --version) / OS version / Shell Type (e.g. bash, cmd.exe, Bash on Windows)
macOS High Serria 10.13.2
installed using brew az --version azure-cli (2.0.25)
acr (2.0.19) acs (2.0.24) advisor (0.1.1) appservice (0.1.24) backup (1.0.6) batch (3.1.8) batchai (0.1.4) billing (0.1.7) cdn (0.0.11) cloud (2.0.11) cognitiveservices (0.1.10) command-modules-nspkg (2.0.1) configure (2.0.13) consumption (0.2.1) container (0.1.16) core (2.0.25) cosmosdb (0.1.16) dla (0.0.17) dls (0.0.19) eventgrid (0.1.8) extension (0.0.7) feedback (2.0.8) find (0.2.8) interactive (0.3.13) iot (0.1.16) keyvault (2.0.16) lab (0.0.15) monitor (0.1.0) network (2.0.21) nspkg (3.0.1) profile (2.0.17) rdbms (0.0.11) redis (0.2.11) reservations (0.1.1) resource (2.0.21) role (2.0.17) servicefabric (0.0.9) sql (2.0.19) storage (2.0.23) vm (2.0.24)
Python location ‘/usr/local/opt/python3/bin/python3.6’ Extensions directory ‘/Users/shaun/.azure/cliextensions’
Python (Darwin) 3.6.4 (default, Jan 6 2018, 11:51:59) [GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.39.2)]
Legal docs and information: aka.ms/AzureCliLegal```
Issue Analytics
- State:
- Created 6 years ago
- Reactions:1
- Comments:12 (6 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@smarshal-Quest if you run
az ad sp show --id <objec-id>what you get? (EDIT, if you use--assignee-object-id, it must be the object id of a service principal, not the object id of anApplication, different thing, and I have to agree it is very confusing. If your CLI account has a graph permission, please use--assignee <app id or name>so that CLI can provide much much better support to resolve the right object id for you)I got the same problem when trying to assign a role to a service principal with C# code. The problem is that the service principal ID should be the object ID of the service principal, not the object ID of the application nor the application ID. I got the object ID of the service principal with the AZURE CLI and it worked out.