Error deleting Role Definition - Service returned an error. Status=403 Code="AuthorizationFailed" #5038
Labels
question
service/roles
upstream/microsoft
Indicates that there's an upstream issue blocking this issue/PR
Community Note
Terraform (and AzureRM Provider) Version
Terraform v0.12.16
Affected Resource(s)
azurerm_role_definition
Terraform Configuration Files
Debug Output
Error: Error deleting Role Definition "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" at Scope "": authorization.RoleDefinitionsClient#Delete: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client 'YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY' with object id 'YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY' does not have authorization to perform action 'Microsoft.Authorization/roleDefinitions/delete' over scope '/providers/Microsoft.Authorization/roleDefinitions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX' or the scope is invalid. If access was recently granted, please refresh your credentials."
Panic Output
Expected Behavior
A defined and existing custom role definition should be deleted with the
terraform apply
-command. Creation and modification is working as expected.Actual Behavior
Defined roled should be deleted. After the
terraform apply
-command I got the following error code:Error: Error deleting Role Definition "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" at Scope "": authorization.RoleDefinitionsClient#Delete: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client 'YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY' with object id 'YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY' does not have authorization to perform action 'Microsoft.Authorization/roleDefinitions/delete' over scope '/providers/Microsoft.Authorization/roleDefinitions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX' or the scope is invalid. If access was recently granted, please refresh your credentials."
We also gave the serviceprincipal account the Owner rights on the subscription without any success.
Steps to Reproduce
C1 should be deleted and C2 should be created
Creation will be successfull and deletion will fail.
Important Factoids
References
The text was updated successfully, but these errors were encountered: