[BUG] RoleAssignment not working with Java but works through AZ CLI

[nebojsa-db]

Describe the bug I'm trying to assign role to Managed Identity with precise scope to storage account / container level and it fails that I don't have enough permission to do so, even though my principal has custom role assigned which allows granting roles to Service Principals.

Code snippet (Not working):

Az CLI (working): az role assignment create --assignee-object-id <object_id> --assignee-principal-type ServicePrincipal --role "Storage Blob Data Contributor" --scope /subscriptions//resourceGroups/<rg_name>/providers/Microsoft.Storage/storageAccounts/nebojsaazurebucket123/blobServices/default/containers/testcontainer

My principal does not have GraphAPI permissions, thats why it is needed for AZ CLI to use --assignee-object-id and assignee-principal-type, does Java SDK require graph api permissions?

Exception or Stack Trace Status code 403, "{"error":{"code":"AuthorizationFailed","message":"The client '90516a84-d215-479d-b7f4-0ee01b47ab84' with object id '90516a84-d215-479d-b7f4-0ee01b47ab84' does not have authorization to perform action 'Microsoft.Authorization/roleAssignments/write' over scope '/subscriptions/<subsc_id>/resourceGroups/<rg_name>/providers/Microsoft.Storage/storageAccounts/nebojsaazurebucket123/providers/Microsoft.Authorization/roleAssignments/roleAssignmentName' or the scope is invalid. If access was recently granted, please refresh your credentials."}}"