Assigning role to managed identity

ashish852004 · June 7, 2025, 1:15pm

Hello,

I am trying to assign role (contributor) to a managed identity however i get i dont have enough permissions. Did someone face similar issue ?

az role assignment create --assignee-object-id 59b4ef9f-5261-4e88-94d9-cb7d456152b2 --assignee-principal-type ServicePrincipal --role “Contributor” --scope /subscriptions/a2b28c85-1948-4263-90ca-bade2bac4df4/resourceGroups/kml_rg_main-8767b13c89144946
(AuthorizationFailed) The client ‘kk_lab_user_main-8767b13c89144946@azurekmlprodkodekloud.onmicrosoft.com’ with object id ‘8c6d029f-6b16-4a35-8b9c-03343f921687’ does not have authorization to perform action ‘Microsoft.Authorization/roleAssignments/write’ over scope ‘/subscriptions/a2b28c85-1948-4263-90ca-bade2bac4df4/resourceGroups/kml_rg_main-8767b13c89144946/providers/Microsoft.Authorization/roleAssignments/b8e85f8b-4638-4d5b-a299-026a4c672a25’ or the scope is invalid. If access was recently granted, please refresh your credentials.
Code: AuthorizationFailed
Message: The client ‘kk_lab_user_main-8767b13c89144946@azurekmlprodkodekloud.onmicrosoft.com’ with object id ‘8c6d029f-6b16-4a35-8b9c-03343f921687’ does not have authorization to perform action ‘Microsoft.Authorization/roleAssignments/write’ over scope ‘/subscriptions/a2b28c85-1948-4263-90ca-bade2bac4df4/resourceGroups/kml_rg_main-8767b13c89144946/providers/Microsoft.Authorization/roleAssignments/b8e85f8b-4638-4d5b-a299-026a4c672a25’ or the scope is invalid. If access was recently granted, please refresh your credentials.

Ashish

rob_kodekloud · June 7, 2025, 7:58pm

I assume this is using our Azure playground; if not, I have no idea what’s up here. The playgrounds do have limitations in what we can allow to grant rights to Azure IAM-type entities. We do this both for security and to make sure that the cost of the playground is kept safe and sane. This would explain your error message.