Role assignment through principal id instead of indiviual id

[gaurav12de]

Is there any way to give write access permission to a service principal instead of individual users .We are unable to give RBAC to user ids and need a way to provide service principal which will already have all permissions. Right now, deployment is failing with below error

_ERROR: deployment failed: failing invoking action 'provision', error deploying infrastructure: deploying to subscription:

Deployment Error Details: InvalidTemplateDeployment: The template deployment failed with error: 'Authorization failed for template resource 'xcxcxcxcxcx' of type 'Microsoft.Authorization/roleAssignments'. The client 'xxx' with object id 'yyyyy' does not have permission to perform action_

Thank you!

- [ x ] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

[anfibiacreativa]

Hi @gaurav12de. At this time, permissions are set at a subscription level only, that should have Azure OpenAI credentials. That subscription can enable deployment for additional subscription ids using RBAC, as described in the documentation. https://github.com/Azure-Samples/azure-search-openai-javascript?tab=readme-ov-file#getting-started