Hi all I have created a key vault with default access policy

Question

Hi all I have created a key vault with default access policy as mentioned in and I have even changed the permissions based on I want to add the roles `Key Vault Crypto Officer` and `Key Vault Secrets Officer` to the objectId but I cannot set it somehow After running Pulumi using azure pipelines everytime I go to Secrets tab in Key vault I see the following error ```The operation is not allowed by RBAC If role assignments were recently changed please wait several minutes for role assignments to become effective ``` How can I make it visible with the objectId

ripe-russia-4239 · Answer

Ah this is because there are two models of access control on Azure Key Vault built in policies as deployed by the example you followed and Azure Active Directory The roles `Key Vault Crypto Officer` and `Key Vault Secrets Officer` are Azure Active Directory roles not built in Key Vault roles You will need to 1 Set `enableRbacAuthorization` to true on the Key Value Properties 2 Add your user account service principal managed identity to the two Key Vault roles using Note the `RoleAssignmentName` property is a GUID UUID not the human readable name You can get the values for this property from 3 Remove the access policy defintion from the key vault

adventurous-mechanic-24805 · Answer

Thank you so much slightly smiling face

ripe-russia-4239 · Answer

No problem slightly smiling face