How can I assign a role to a group? We have `Pulum...
# azure
p
How can I assign a role to a group? We have
Pulumi.Azure.Authorization.Assignment
, but when I try to user a group for
PrincipalId
I get the error message: Status=400 Code="UnmatchedPrincipalType" Message="The PrincipalId 'xyz' has type 'Group' , which is different from specified PrinciaplType 'ServicePrincipal'." I can not set a PrincipalType, there is no such property available.
t
Hmm… I haven’t seen this error before. Any chance it could be a temporary glitch/AAD replication lag?
p
Well the group exists already for days.
f
are you using
id
or
objectId
of the group? not sure if it matters
p
As far as I know you always have to use object id.
@tall-librarian-49374 Take a look at: https://docs.microsoft.com/en-us/cli/azure/role/assignment?view=azure-cli-latest#az-role-assignment-create There is a parameter called: assignee-principal-type 😮
It seems like you should not use SkipServicePrincipalAadCheck = true, when using a group as a principalid.