Search code examples
azureazure-powershellazure-automationazure-rbac

Azure Automation - Unable to get AzRoleAssignement

In order to automate some processes, I'm using Azure Automation with Owner rights for RunAsAccount.

$connection = Get-AutomationConnection -Name AzureRunAsConnection

while(!($connectionResult) -And ($logonAttempt -le 10))
{
    $LogonAttempt++
    # Logging in to Azure...
    $connectionResult =    Connect-AzAccount `
                               -ServicePrincipal `
                               -Tenant $connection.TenantID `
                               -ApplicationId $connection.ApplicationID `
                               -CertificateThumbprint $connection.CertificateThumbprint

    Start-Sleep -Seconds 30
    Write-Output $connectionResult
}

Get-AzRoleAssignment -ResourceGroupName $USERRGNAME -SignInName $USEREMAIL -verbos

An error is being thrown each time I execute the script:

Get-AzRoleAssignment: Cannot find principal using the specified options

Any idea to solve this issue?

Solution

  • Probably you need to give RunAsAccount with the Application permission Directory.Read.All of the Azure AD Graph(not Microsoft Graph, not Delegated permission). By default, RunAsAccount doesn't have the Azure AD permission.

    enter image description here

    You could read Joy's answer for more details.