No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Yes, this should be the case, and it worked for me in the past. Would love to see a repro.

I think I know what the problem was. It was probably me playing around and testing too many things at once. I thought I would switch to use a service principal instead, but some of the resources was created with my user and now the service principal didn't have enough resources.

Is it right to assume that if one are to use a Service Principal you almost need to give the Service Principal god like access to Azure?

Yeah, if I need to create resource groups from SP, I ended up giving Contributor role to it. Otherwise, you could limit the scope to a resource group.

are there any recommendation on how to do it? If you want to create an "Application" you need Active Directory role.

Somewhat embarrassingly, I don’t have enough experience here