azurepowershellstoragerbac
Granting application role of "storage blob data contributor" in storage account
My goal is to make app a "blob storage contributor" of storage account. To do so I am trying to grant application role, but cannot - when trying i encounter an error.
I am trying to do it with this command:
New-AzureRmRoleAssignment -ApplicationId $appId -ResourceGroupName $resourceGroupName -ResourceName $resourceName -ResourceType 'Microsoft.Storage/storageAccounts' -RoleDefinitionName 'Storage Blob Data Contributor'
I am getting an error:
New-AzureRmRoleAssignment : The provided information does not map to an AD object id.
Does anyone know what might be the issue? I checked all parameters, object id is correct for sure (tried objectId and ApplicationId and still not working)
When i did similar thing to grant group role with below command it was successful.
New-AzureRmRoleAssignment -ObjectId $groupObjId -ResourceGroupName $resourceGroupName -ResourceName $resourceName -RoleDefinitionName 'Reader' -ResourceType "Microsoft.Storage/storageAccounts"
Any ideas?
Solution
I am using the AZ Module but the command should be identical with RM module
$contributor = Get-AzRoleDefinition "Contributor"
$contributor
$scope = "/subscriptions/<SubscriptionID>/resourceGroups/Demo/providers/Microsoft.Storage/storageAccounts/<Storage Account name>"
New-AzRoleAssignment -ApplicationId <appicationID> -RoleDefinitionName $contributor.Name -Scope $scope
PS: you can also get Storage account id for scope by;
$stracc = Get-AzStorageAccount -ResourceGroupName <resourecegroupname> -Name <Storage Account name>
$stracc.Id
- Azure SQL trigger for Functions configuration problem
- Does azure blob storage support http2?
- Azure Pronunciation Assessment Could not deserialize speech context error
- Is there a query to run so I can get a list of users who has NOT logged in, in the past 30 days?
- How do I Parse FormData containing a audio file in AZ function app in 2025
- Not able to delete Public IP address in azure
- Azure Devops Apple App Store Release.Missing value for the attribute 'whatsNew'
- Azure Storage accounts container public access level has dissabled
- Issue with adding delegated Graph API permission to Enterprise app with Terraform
- Getting an error when using the Flexible File Destination Task in Visual Studio 2022 SSIS
- Problem with Azure Email Communication Service Custom Domain
- How to refresh client assertion in ConfidentialClientApplication?
- Using Microsoft Graph Explorer (we have code too) we can GET All Subscriptions, but GET one by ID gives access error
- Invalid operands found for operator -eq
- nginx - php-fpm - azure container app returns truncated pages
- Adding custom headers to Azure Functions response
- Azure Queue Trigger is hit but not executing the logic inside of it
- az cli not showing redisenterprise keys
- Enforce MFA for specific API called from SPFx via AADTokenProvider (Even with SPO MFA)
- Azure Devops Server Pipelines: Any way to have a Stage result as "Succeeded" even if a constituent Job reported "SucceededWithIssues"?
- YAML strings including special characters % and & were not printed correctly for Windows environment
- Azure function returns error: No job functions found. Try making your job classes and methods public
- How to view Oldest Query results in Azure Monitor Metrics for an Azure PostgreSQL Flex Server instance
- Authenticate to Azure with certificate from Linux
- What are the minimum Azure permissions required to publish a Power BI report using "App Owns the Data"?
- How to report an Azure Text-to-Speech bug?
- Refresh an Azure search index
- Best way to clean up resources in StatefulService
- Azure Function App - No continuous deployment setting for "Flex Consumption" hosting plan?
- Query Azure SQL Database using Rest-API