I am trying to create a new Resource Group, a new Active Directory User and then assign the User to the Resource Group as a Contributor.
So far I have used the Microsoft.Azure.Management.ResourceManager to create the Resource Group successfully and the AD User with the Microsoft.Graph. I can see both in Azure and can access them both.
However, I can't find clearly how to assign the user to the resource group with C# in either the Resource Manager or Graph API.
I can see how to do it in everything else here > https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
I have taken that as being the Graph API call graphClient.DeviceManagement.RoleAssignments However, from the properties I can't clearly see where I put the Resource Group details.
This is my attempt below, but I get an error: Request not applicable to target tenant
var roleAssignment = await graphClient.DeviceManagement.RoleAssignments.Request().AddAsync(new DeviceAndAppManagementRoleAssignment
{
DisplayName = "Test Role",
Members = new List<string>
{
createdUser.Id // GUID of new User
},
ResourceScopes = new List<string>
{
"/subscriptions/04cbb440-e619-4c8f-869f-8dc4d7dd6e42/resourceGroups/NewResourceGroup" // ID of Resource Group
},
RoleDefinition = new RoleDefinition
{
RolePermissions = new List<RolePermission> {
new RolePermission {
ResourceActions = new List<ResourceAction>
{
new ResourceAction {
AllowedResourceActions = new List<string> {"*"},
NotAllowedResourceActions = new List<string>
{
"Microsoft.Authorization/*/Delete",
"Microsoft.Authorization/*/Write",
"Microsoft.Authorization/elevateAccess/Action"
}
}
}
}
}
}
}).ConfigureAwait(false);
Can someone either tell me how I can easliy do this or where to look?
