straight-sunset-92336
05/05/2022, 1:45 PMconst managementGroup = new management.ManagementGroup("managementGroup", {
details: {
parent: {
id: "/providers/Microsoft.Management/managementGroups/<id of parent group>",
},
},
displayName: args.groupname,
groupId: groupid,
name: groupid,
});
groupid is prepared like this:
const groupid = randomUuid.id.apply(id => {
if (id === undefined) {
throw new Error("Id is undefined");
}
return id;
});
This is the error message I get:
error: cannot check existence of resource '/providers/Microsoft.Management/managementGroups/<group id of new group>': status code 403, {"error":{"code":"AuthorizationFailed","message":"The client '<my serviceprincipal object id>' with object id '<my serviceprincipal object id>' does not have authorization to perform action 'Microsoft.Management/managementGroups/read' over scope '/providers/Microsoft.Management/managementGroups/<group id of new group>' or the scope is invalid. If access was recently granted, please refresh your credentials."}}
The servicePrincipal has "Management Group Contributor" role on the Tenant Root Groupclean-truck-93285
05/05/2022, 10:38 PMstraight-sunset-92336
05/06/2022, 5:56 PMclean-truck-93285
05/06/2022, 6:02 PM