azure-cli
azure-cli copied to clipboard
Role assigned to scope not returned unless scope is specified
Describe the bug
When I assign a role to an SP at a given scope that role is not returned with the az role assignment list
command.
Doesn't work in both CLI and Portal, works in REST API
Both
az role assignment list --assignee [objectId]
az role assignment list --assignee [appId]
Do not return roles that are assigned.
The portal does not show roles
But, if I add a scope, roles are returned:
The REST API does not require scope. Roles are returned without scope.
https://management.azure.com/subscriptions/{{subscriptionId}}/providers/Microsoft.Authorization/roleAssignments?api-version=2020-04-01-preview&$filter=assignedTo('aae06f9f-3c90-442b-bdc4-f688818132c6')
If I create a new SP and assign it the Tag Contributor role, then that roles is returned when using the CLI without scope.
To Reproduce
- Create a new SP
az ad sp create-for-rbac --skip-assignment
- Assign a role with scope
az role assignment create --assignee 32c6eeab-6338-4bdb-b21f-69836b2d99c4 --role "Tag Contributor" --scope /subscriptions/25fd0362-aa79-488b-b37b-d6e892009fdf/resourceGroups/aztagsync1
- Query for roles
az role assignment list --assignee 32c6eeab-6338-4bdb-b21f-69836b2d99c4
Zero results are returned.
Expected behavior
Roles are returned without specifying a scope.
This is also true for the Azure portal, but I'm not sure where to report that bug. If you know, Please let me know.
Environment summary
azure-cli 2.8.0 WSL2
Additional context
I'm Microsoft, so ping me on Teams to diagnose further.
azsdke2e