This message was deleted.
# azure
s
This message was deleted.
t
Yes, this should be the case, and it worked for me in the past. Would love to see a repro.
w
I’ll see what I can do.
I think I know what the problem was. It was probably me playing around and testing too many things at once. I thought I would switch to use a service principal instead, but some of the resources was created with my user and now the service principal didn't have enough resources. Is it right to assume that if one are to use a Service Principal you almost need to give the Service Principal god like access to Azure?
t
Yeah, if I need to create resource groups from SP, I ended up giving Contributor role to it. Otherwise, you could limit the scope to a resource group.
w
are there any recommendation on how to do it? If you want to create an "Application" you need Active Directory role.
t
Somewhat embarrassingly, I don’t have enough experience here