https://pulumi.com logo
Title
p

plain-tiger-79744

06/12/2020, 9:38 AM
How can I assign a role to a group? We have
Pulumi.Azure.Authorization.Assignment
, but when I try to user a group for
PrincipalId
I get the error message: Status=400 Code="UnmatchedPrincipalType" Message="The PrincipalId 'xyz' has type 'Group' , which is different from specified PrinciaplType 'ServicePrincipal'." I can not set a PrincipalType, there is no such property available.
t

tall-librarian-49374

06/12/2020, 10:02 AM
Hmm… I haven’t seen this error before. Any chance it could be a temporary glitch/AAD replication lag?
p

plain-tiger-79744

06/12/2020, 10:18 AM
Well the group exists already for days.
f

famous-jelly-72366

06/12/2020, 12:07 PM
are you using
id
or
objectId
of the group? not sure if it matters
p

plain-tiger-79744

06/12/2020, 12:15 PM
As far as I know you always have to use object id.
@tall-librarian-49374 Take a look at: https://docs.microsoft.com/en-us/cli/azure/role/assignment?view=azure-cli-latest#az-role-assignment-create There is a parameter called: assignee-principal-type 😮
It seems like you should not use SkipServicePrincipalAadCheck = true, when using a group as a principalid.