Reader role assignment to registered application via powershell at subscription scope

Question

Trying to assign Reader role for application at subscription level using the following powershell command. but it gets failed

foreach ($Id in Get-AzSubscription)
{
    New-AzRoleAssignment -ObjectId '<Application-Object-Id>' -RoleDefinitionName "Reader" -Scope '/subscriptions/$Id'
}

getting this error "New-AzRoleAssignment: Operation returned an invalid status code 'BadRequest'"

score 0 · Answer 1 · answered Jul 11 '23 at 11:31

0

Please try by changing your code to:

foreach ($subscription in Get-AzSubscription)
{
    New-AzRoleAssignment -ObjectId '<Application-Object-Id>' -RoleDefinitionName "Reader" -Scope '/subscriptions/$subscription.Id'
}

Essentially the issue with your code was that $Id variable is an object of type Microsoft.Azure.Commands.Profile.Models.PSAzureSubscription which contains information about the subscription and not just the subscription id.

answered Jul 11 '23 at 11:31

Gaurav Mantri

128,066
12
206
241

After this change too getting the same error. *** Operation returned an invalid status code 'BadRequest' *** – DAK Jul 11 '23 at 11:46
Please try to run `New-AzRoleAssignment` with `-Debug` switch parameter i.e. `New-AzRoleAssignment -ObjectId '' -RoleDefinitionName "Reader" -Scope '/subscriptions/$subscription.Id' -Debug` and it should show you the exact error message. I get the same error if I use an invalid application object id. HTH. – Gaurav Mantri Jul 11 '23 at 12:08

Reader role assignment to registered application via powershell at subscription scope

1 Answers1