I am facing following error "The request to create role assignment 'c*****************5' is not valid. Role assignment scope '/subscriptions/c**********************5/resourceGroups/MyResourceGroup/providers/Microsoft.Storage/storageAccounts/mystorageaccountname' must match the scope specified on the URI"
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"principalId": {
"type": "string",
"defaultValue": "My AD app ID",
"metadata": {
"description": "The principal to assign the role to"
}
},
"builtInRoleType": {
"type": "string",
"defaultValue": "Reader",
"allowedValues": [
"Owner",
"Contributor",
"Reader"
],
"metadata": {
"description": "Built-in role to assign"
}
},
"roleNameGuid": {
"type": "string",
"defaultValue": "random guid (i am getting this guid using following PS command "[System.Guid]::NewGuid().toString()")",
"metadata": {
"description": "A new GUID used to identify the role assignment"
}
}
},
"variables": {
"Owner": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'this is my ownerid')]",
"Contributor": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'this is my contributor id')]",
"Reader": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', 'this is my reader id')]",
"scope": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/MyResourceGroup/providers/Microsoft.Storage/storageAccounts/', 'this is my storage account name')]"
},
"resources": [
{
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "2014-10-01-preview",
"name": "[parameters('roleNameGuid')]",
"properties": {
"roleDefinitionId": "[variables(parameters('builtInRoleType'))]",
"principalId": "[parameters('principalId')]",
"scope": "[variables('scope')]"
}
}
]
}
