Search code examples
powershellazureazure-powershellazure-automation

"Reader and Data Access" role is not available through powershell?

I am trying to assign "Reader and Data Access" role to my service principal in Azure however it's throwing an error

I don't see this role listed on MSDN but visible on azure portal

New-AzureRmRoleAssignment 
      -RoleDefinitionName 'Reader and Data Access' `
      -ServicePrincipalName $app.ApplicationId`

New-AzureRmRoleAssignment : The filter 'roleName eq 'Reader and Data Access'' is not supported. Supported filters are either roleName eq '{value}' or type eq 'BuiltInRole|CustomRole'

However I can see and assign this role from Azure UI console.

enter image description here

Solution

  • I test in my lab, I get same error log with you. I solve this issue by using -RoleDefinitionId not -RoleDefinitionName. The following script works for me.

    $value=Get-AzureRmRoleDefinition
$a=$value |where {$_.Name -eq "Reader and Data Access"}

New-AzureRmRoleAssignment -ObjectId $app.ObjectId -Scope /subscriptions/$subscriptionID -RoleDefinitionId $a.Id