The request to create role assignment ”xxx” is not valid. Role assignment scope. … must match the scope specified on the URI …

Hi,

If you trying to make a role assignment via ARM template and encountered this error, then please note that this something annoying and not very clear even on MS docs.

The solution:

1- Either notice that there is a small difference in how ResourceGroups is written: resourceGroups vs resourcegroups –> You need to use lowercase or use a replace to replace resourceGroups by resourcegroups

In my case, i have created a variable where i replace resourceGroups by resourcegroups

"variables": {
      "factoryId": "[replace(resourceid('Microsoft.DataFactory/factories/', parameters('DataFactoryObject').name),'resourceGroups','resourcegroups')]",
  }

2- If this does not then it means that you are likely using “type”: “Microsoft.Authorization/roleAssignments” for your role assignment. Unfortunately this does not work if you are making an assignment to anything else the resource group you are deploying in.

To solve this, you can something like:

{
            "type": "/Microsoft.DataFactory/factories/providers/roleAssignments",
            "name": "[variables('adfroleassignmentname')]",
            "apiVersion": "2015-07-01",
            "dependsOn": [
                "[variables('factoryId')]"
              ],
            "properties": {
              "roleDefinitionId": "[variables('ADFRunpipelineRoleDefId')]",
              "principalId": "[parameters('AzDcrbObjectId')]"
            }
          },

In orther words you will make a sub-resource deployment “ResourceType/providers/roleAssignments”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s