-
Notifications
You must be signed in to change notification settings - Fork 285
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
azuread_group_role_management_policy throws 403 permission scope not granted error #1407
Comments
Hi @cveld, thanks for reporting this. As you have suggested, this does seem to be an issue with the delegated permissions obtained by Azure CLI. At this time there is little we can do about it, except suggest, as it has been in the linked issue, that you use application credentials to authenticate instead of a user account (and furthermore, our recommendation would be to use the provider's native support rather than using Azure CLI). I recognise this may be undesirable or infeasible due to organizational policies or other concerns, however we are unfortunately blocked on Azure CLI at this time. |
@manicminer if user identity is not supported as this moment, can you can add that to the docs? the current version gave the impression to me that it should work:
|
Yes, I'm hoping soon to audit the documented scopes for all resources and update accordingly. |
Maybe azuread could implement its own user auth and provide a customizable client id 😅 well I am more a fan of delegating access tokens to az cli. But never hit into the limitation of the client id permissions before. That surprised me. |
Community Note
Terraform (and AzureAD Provider) Version
Affected Resource(s)
azuread_group_role_management_policy
Terraform Configuration Files
Debug Output
Panic Output
Expected Behavior
The azuread provider should run fine without a permission error.
Actual Behavior
Steps to Reproduce
terraform apply
Important Factoids
References
Maybe the following azure cli issues are helpful:
The text was updated successfully, but these errors were encountered: