Home > database >  roleassignment to azure resourcegroup in Bicep
roleassignment to azure resourcegroup in Bicep

Time:01-10

I'm trying to create a resourcegroup and assign contributor permissions to it usinng one bicep template. This fails with the error message "A nested resource type must have identical number of segments as its resource name"

my bicep file:

targetScope = 'subscription'

param resourceGroupName string
param resourceGroupLocation string
param contributorsGroupID string

resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = {
  location: resourceGroupLocation
  name: resourceGroupName
}

//assign contributor role to the created AAD group

resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
  name: rg.id
  properties: {
    roleDefinitionId: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
    principalId: contributorsGroupID
    principalType: 'Group'
  }
}

I do not understand what to fill in for name in the roleassignment section to make this work.

CodePudding user response:

You need pass the GUID for the roleassigmentName & Var for the roleID as shown in the below bicep script to create a resource group & to assign a contributor access it.

targetScope = 'subscription'

@description('Name of the resourceGroup to create')
param resourceGroupName string = '<resourcegroupname>'

@description('Location for the resourceGroup')
param resourceGroupLocation string = '<resourcelocation>'

@description('principalId of the user that will be given contributor access to the resourceGroup')
param principalId string = '<userObjectId>'

@description('roleDefinition to apply to the resourceGroup - default is contributor')
param roleDefinitionId string = 'b24988ac-6180-42a0-ab88-20f7382dd24c'

@description('Unique name for the roleAssignment in the format of a guid')
param roleAssignmentName string = guid(principalId, roleDefinitionId, resourceGroupName)

var roleID = '/subscriptions/${subscription().subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/${roleDefinitionId}'

resource newResourceGroup 'Microsoft.Resources/resourceGroups@2019-10-01' = {
name: resourceGroupName
location: resourceGroupLocation
properties: {}
}

resource roleNameGuid_resource 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
name: roleAssignmentName
properties: {
roleDefinitionId: roleID
principalId: principalId
}
}

Page link:https//www.codepudding.com/database/257853.html

Prev:Is it safe to delete Log Analytics Workspace
Next:Gain access to Azure Key Vault from several different principals/users using access policy
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding