search

Azure / azure-powershell

Microsoft Azure PowerShell
Other
4.27k stars 3.87k forks source link

Get-AzRoleAssignment -scope "/" returns BadRequest, but Get-AzRoleAssignment | Where-Object {$_.scope -eq "/"} is fine #20323

Open ChristopherGLewis opened 2 years ago

ChristopherGLewis commented 2 years ago

Description

Get-AzRoleAssignment -scope "/" returns a BadRequest error:

c:\> Get-AzRoleAssignment -scope "/"                       
Get-AzRoleAssignment: Operation returned an invalid status code 'BadRequest'

but this works OK with a Where-Object 

c:\> Get-AzRoleAssignment | Where-Object {$_.scope -eq "/"}

RoleAssignmentName : 8f0f3d8b-4536-47ce-95a0-edcb424c49db
RoleAssignmentId   : /providers/Microsoft.Authorization/roleAssignments/8f0f3d8b-4536-47ce-95a0-edcb424c49db
Scope              : /
DisplayName        : First Last
SignInName         : First.Last@domain.com
RoleDefinitionName : User Access Administrator
RoleDefinitionId   : 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9
ObjectId           : 901c8c08-56c4-4df6-a651-2e4ba77c74f0
ObjectType         : User
CanDelegate        : False
Description        : 
ConditionVersion   : 
Condition          : 

RoleAssignmentName : 4dd06e22-14cf-4fab-9ff4-1845878a4d6f
RoleAssignmentId   : /providers/Microsoft.Authorization/roleAssignments/4dd06e22-14cf-4fab-9ff4-1845878a4d6f
Scope              : /
DisplayName        : First Last
SignInName         : First.Last@domain.com
RoleDefinitionName : Owner
RoleDefinitionId   : 8e3af657-a8ff-443c-a75c-2fe8c4bcb635
ObjectId           : 901c8c08-56c4-4df6-a651-2e4ba77c74f0
ObjectType         : User
CanDelegate        : False
Description        : 
ConditionVersion   : 
Condition          : 
'

Note this works perfectly fine using the AZ CLI:

c:\>  az role assignment list --scope "/"
[
  {
    "canDelegate": null,
    "condition": null,
    "conditionVersion": null,
    "description": null,
    "id": "/providers/Microsoft.Authorization/roleAssignments/8f0f3d8b-4536-47ce-95a0-edcb424c49db",
    "name": "8f0f3d8b-4536-47ce-95a0-edcb424c49db",
    "principalId": "xx-xx-xx-xx-xx",
    "principalName": "First.Last@domain.com",
    "principalType": "User",
    "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
    "roleDefinitionName": "User Access Administrator",
    "scope": "/",
    "type": "Microsoft.Authorization/roleAssignments"
  },
  {
    "canDelegate": null,
    "condition": null,
    "conditionVersion": null,
    "description": null,
    "id": "/providers/Microsoft.Authorization/roleAssignments/4dd06e22-14cf-4fab-9ff4-1845878a4d6f",
    "name": "4dd06e22-14cf-4fab-9ff4-1845878a4d6f",
    "principalId": "xx-xx-xx-xx-xx",
    "principalName": "First.Last@domain.com",
    "principalType": "User",
    "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
    "roleDefinitionName": "Owner",
    "scope": "/",
    "type": "Microsoft.Authorization/roleAssignments"
  }
]

Issue script & Debug output

c:\> $DebugPreference='Continue'  
DEBUG: Setting WindowTitle: C:\ - PowerShell 7.2 (33032)
C:\> Get-AzRoleAssignment -scope "/"
DEBUG: 1: 14: 20 PM - GetAzureRoleAssignmentCommand begin processing with ParameterSet 'ScopeParameterSet'.
DEBUG: 1: 14: 20 PM - using account id 'First.Last@domain.com'...
DEBUG: 1: 14: 20 PM - [ConfigManager
] Got nothing from [DisplayBreakingChangeWarning
], Module = [], Cmdlet = []. Returning default value [True
].
DEBUG: [Common.Authentication
]: Authenticating using Account: 'First.Last@domain.com', environment: 'AzureCloud', tenant: 'xx-xx-xx-xx'
DEBUG: 1: 14: 20 PM - [SilentAuthenticator
] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'xx-xx-xx-xx', Scopes:'https: //graph.microsoft.com//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'First.Last@domain.com'
DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https: //graph.microsoft.com//.default ] ParentRequestId: 
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
        11/29 19: 14: 20.84 - 90767871-2240-422a-b6da-3d8caef0e1c3
    ] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
        11/29 19: 14: 20.84 - 90767871-2240-422a-b6da-3d8caef0e1c3
    ] [Region discovery
    ] Not using a regional authority.         
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
        11/29 19: 14: 20.84 - 90767871-2240-422a-b6da-3d8caef0e1c3
    ] [Region discovery
    ] Not using a regional authority.         
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
        11/29 19: 14: 20.84 - 90767871-2240-422a-b6da-3d8caef0e1c3
    ] [Region discovery
    ] Not using a regional authority.         
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
        11/29 19: 14: 20.84 - 90767871-2240-422a-b6da-3d8caef0e1c3
    ] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
        11/29 19: 14: 20.84 - 90767871-2240-422a-b6da-3d8caef0e1c3
    ] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
        11/29 19: 14: 20.84
    ] Found 2 cache accounts and 0 broker accounts
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
        11/29 19: 14: 20.84
    ] Returning 2 accounts
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
        11/29 19: 14: 20.84 - 211efbab-11f8-45e4-88ff-7b8ed44d231b
    ] MSAL MSAL.NetCore with assembly version '4.39.0.0'. CorrelationId(211efbab-11f8-45e4-88ff-7b8ed44d231b)
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
        11/29 19: 14: 20.84 - 211efbab-11f8-45e4-88ff-7b8ed44d231b
    ] === AcquireTokenSilent Parameters ===
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
        11/29 19: 14: 20.84 - 211efbab-11f8-45e4-88ff-7b8ed44d231b
    ] LoginHint provided: False
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
        11/29 19: 14: 20.84 - 211efbab-11f8-45e4-88ff-7b8ed44d231b
    ] Account provided: True
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
        11/29 19: 14: 20.84 - 211efbab-11f8-45e4-88ff-7b8ed44d231b
    ] ForceRefresh: False
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
        11/29 19: 14: 20.84 - 211efbab-11f8-45e4-88ff-7b8ed44d231b
    ] 
=== Request Data ===
Authority Provided? - True
Scopes - https: //graph.microsoft.com//.default
Extra Query Params Keys (space separated) - 
ApiId - AcquireTokenSilent
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 211efbab-11f8-45e4-88ff-7b8ed44d231b
UserAssertion set: False
LongRunningOboCacheKey set: False

DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
        11/29 19: 14: 20.84 - 211efbab-11f8-45e4-88ff-7b8ed44d231b
    ] === Token Acquisition (SilentRequest) started:
         Scopes: https: //graph.microsoft.com//.default
        Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
        11/29 19: 14: 20.85 - 211efbab-11f8-45e4-88ff-7b8ed44d231b
    ] [Region discovery
    ] Not using a regional authority.         
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
        11/29 19: 14: 20.85 - 211efbab-11f8-45e4-88ff-7b8ed44d231b
    ] Access token is not expired. Returning the found cache entry. [Current time (11/29/2022 19: 14: 20) - Expiration Time (11/29/2022 19: 44: 47 +00: 00) - Extended Expiration Time (11/29/2022 19: 44: 47 +00: 00)
    ]
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
        11/29 19: 14: 20.85 - 211efbab-11f8-45e4-88ff-7b8ed44d231b
    ] Returning access token found in cache. RefreshOn exists ? False
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
        11/29 19: 14: 20.85 - 211efbab-11f8-45e4-88ff-7b8ed44d231b
    ] [Region discovery
    ] Not using a regional authority.         
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
        11/29 19: 14: 20.85 - 211efbab-11f8-45e4-88ff-7b8ed44d231b
    ] Fetched access token from host login.microsoftonline.com.  
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
        11/29 19: 14: 20.85 - 211efbab-11f8-45e4-88ff-7b8ed44d231b
    ] 
        === Token Acquisition finished successfully:
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
        11/29 19: 14: 20.85 - 211efbab-11f8-45e4-88ff-7b8ed44d231b
    ]  AT expiration time: 11/29/2022 7: 44: 47 PM +00: 00, scopes email openid profile https: //graph.microsoft.com//AuditLog.Read.All https://graph.microsoft.com//Directory.AccessAsUser.All https://graph.microsoft.com//.default source Cache from login.microsoftonline.com appHashCode 27500791
DEBUG: SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https: //graph.microsoft.com//.default ] ParentRequestId:  ExpiresOn: 2022-11-29T19:44:47.0000000+00:00
DEBUG: [Common.Authentication
        ]: Received token with LoginType 'User', Tenant: 'xx-xx-xx-xx', UserId: 'First.Last@domain.com'
DEBUG: [Common.Authentication
        ]: Authenticating using Account: 'First.Last@domain.com', environment: 'AzureCloud', tenant: 'xx-xx-xx-xx'
DEBUG: 1: 14: 20 PM - [SilentAuthenticator
        ] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'xx-xx-xx-xx', Scopes:'https: //management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'First.Last@domain.com'
DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https: //management.core.windows.net//.default ] ParentRequestId: 
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
                11/29 19: 14: 20.86 - 6876f069-8152-4fb3-9b8c-ae90cfd918df
            ] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
                11/29 19: 14: 20.86 - 6876f069-8152-4fb3-9b8c-ae90cfd918df
            ] [Region discovery
            ] Not using a regional authority.         
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
                11/29 19: 14: 20.86 - 6876f069-8152-4fb3-9b8c-ae90cfd918df
            ] [Region discovery
            ] Not using a regional authority.         
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
                11/29 19: 14: 20.86 - 6876f069-8152-4fb3-9b8c-ae90cfd918df
            ] [Region discovery
            ] Not using a regional authority.         
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
                11/29 19: 14: 20.86 - 6876f069-8152-4fb3-9b8c-ae90cfd918df
            ] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
                11/29 19: 14: 20.86 - 6876f069-8152-4fb3-9b8c-ae90cfd918df
            ] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
                11/29 19: 14: 20.86
            ] Found 2 cache accounts and 0 broker accounts
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
                11/29 19: 14: 20.86
            ] Returning 2 accounts
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
                11/29 19: 14: 20.86 - 06323c4f-3a43-40ee-a2fb-ee7488614688
            ] MSAL MSAL.NetCore with assembly version '4.39.0.0'. CorrelationId(06323c4f-3a43-40ee-a2fb-ee7488614688)
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
                11/29 19: 14: 20.86 - 06323c4f-3a43-40ee-a2fb-ee7488614688
            ] === AcquireTokenSilent Parameters ===
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
                11/29 19: 14: 20.86 - 06323c4f-3a43-40ee-a2fb-ee7488614688
            ] LoginHint provided: False
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
                11/29 19: 14: 20.86 - 06323c4f-3a43-40ee-a2fb-ee7488614688
            ] Account provided: True
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
                11/29 19: 14: 20.86 - 06323c4f-3a43-40ee-a2fb-ee7488614688
            ] ForceRefresh: False
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
                11/29 19: 14: 20.86 - 06323c4f-3a43-40ee-a2fb-ee7488614688
            ] 
=== Request Data ===
Authority Provided? - True
Scopes - https: //management.core.windows.net//.default
Extra Query Params Keys (space separated) - 
ApiId - AcquireTokenSilent
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 06323c4f-3a43-40ee-a2fb-ee7488614688
UserAssertion set: False
LongRunningOboCacheKey set: False

DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
                11/29 19: 14: 20.86 - 06323c4f-3a43-40ee-a2fb-ee7488614688
            ] === Token Acquisition (SilentRequest) started:
         Scopes: https: //management.core.windows.net//.default
        Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
                11/29 19: 14: 20.87 - 06323c4f-3a43-40ee-a2fb-ee7488614688
            ] [Region discovery
            ] Not using a regional authority.         
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
                11/29 19: 14: 20.87 - 06323c4f-3a43-40ee-a2fb-ee7488614688
            ] Access token is not expired. Returning the found cache entry. [Current time (11/29/2022 19: 14: 20) - Expiration Time (11/29/2022 19: 43: 26 +00: 00) - Extended Expiration Time (11/29/2022 19: 43: 26 +00: 00)
            ]
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
                11/29 19: 14: 20.87 - 06323c4f-3a43-40ee-a2fb-ee7488614688
            ] Returning access token found in cache. RefreshOn exists ? False
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
                11/29 19: 14: 20.87 - 06323c4f-3a43-40ee-a2fb-ee7488614688
            ] [Region discovery
            ] Not using a regional authority.         
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
                11/29 19: 14: 20.87 - 06323c4f-3a43-40ee-a2fb-ee7488614688
            ] Fetched access token from host login.microsoftonline.com.  
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
                11/29 19: 14: 20.87 - 06323c4f-3a43-40ee-a2fb-ee7488614688
            ] 
        === Token Acquisition finished successfully:
DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [
                11/29 19: 14: 20.87 - 06323c4f-3a43-40ee-a2fb-ee7488614688
            ]  AT expiration time: 11/29/2022 7: 43: 26 PM +00: 00, scopes https: //management.core.windows.net//user_impersonation https://management.core.windows.net//.default source Cache from login.microsoftonline.com appHashCode 63475992
DEBUG: SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https: //management.core.windows.net//.default ] ParentRequestId:  ExpiresOn: 2022-11-29T19:43:26.0000000+00:00
DEBUG: [Common.Authentication
                ]: Received token with LoginType 'User', Tenant: 'xx-xx-xx-xx', UserId: 'First.Last@domain.com'
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https: //management.azure.com///providers/Microsoft.Authorization/roleAssignments?api-version=2020-08-01-preview

Headers:
x-ms-client-request-id        : 93007922-78cc-422b-9bdf-1ee42933441f
Accept-Language               : en-US

Body:

DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
BadRequest

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
x-ms-request-id               : f0e212fc-b275-41b1-b1c3-5f831e4621bb
X-Content-Type-Options        : nosniff
Strict-Transport-Security     : max-age=31536000; includeSubDomains
Set-Cookie                    : x-ms-gateway-slice=Production; path=/; secure; samesite=none; httponly
x-ms-ratelimit-remaining-tenant-reads: 11999
x-ms-correlation-request-id   : 3655b788-7078-4bbb-a2fa-c2a4566e70d7
x-ms-routing-request-id       : NORTHCENTRALUS: 20221129T191419Z: 3655b788-7078-4bbb-a2fa-c2a4566e70d7
Date                          : Tue,
                29 Nov 2022 19: 14: 19 GMT

Body: {
                    "error": {
                        "code": "UnsupportedFilter",
                        "message": "The role assignments query at '/' scope is not allowed without any filters."
                    }
                }

DEBUG: 1: 14: 21 PM - [ConfigManager
                ] Got [True
                ] from [EnableDataCollection
                ], Module = [], Cmdlet = [].
Get-AzRoleAssignment: Operation returned an invalid status code 'BadRequest'
DEBUG: 1: 14: 21 PM - [ConfigManager
                ] Got nothing from [DisplayBreakingChangeWarning
                ], Module = [], Cmdlet = []. Returning default value [True
                ].
DEBUG: AzureQoSEvent: Module: Az.Resources: 6.1.0; CommandName: Get-AzRoleAssignment; PSVersion: 7.2.7; IsSuccess: False; Duration: 00: 00: 00.2890101; Exception: Operation returned an invalid status code 'BadRequest';
DEBUG: Finish sending metric.
DEBUG: 1: 14: 21 PM - GetAzureRoleAssignmentCommand end processing.
DEBUG: Setting WindowTitle: C:\ - PowerShell 7.2 (33032)
C:\>

Environment data

> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      7.2.7
PSEdition                      Core
GitCommitId                    7.2.7
OS                             Microsoft Windows 10.0.22621
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Module versions

> Get-Module Az*

ModuleType Version    PreRelease Name                                ExportedCommands
---------- -------    ---------- ----                                ----------------
Script     2.9.1                 Az.Accounts                         {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext, Clear-AzDefault…}
Script     6.1.0                 Az.Resources                        {Export-AzResourceGroup, Export-AzTemplateSpec, Get-AzDenyAssignment, Get-AzDeployment…}

Error output

> Resolve-AzError
WARNING: Upcoming breaking changes in the cmdlet 'Resolve-AzError' :
The `Resolve-Error` alias will be removed in a future release.  Please change any scripts that use this alias to use `Resolve-AzError` instead.
Note : Go to https://aka.ms/azps-changewarnings for steps to suppress this breaking change warning, and other information on breaking changes in Azure PowerShell.

   HistoryId: 107

Message        : Operation returned an invalid status code 'BadRequest'
StackTrace     :    at Microsoft.Azure.Management.Authorization.RoleAssignmentsOperations.ListForScopeWithHttpMessagesAsync(String scope, ODataQuery`1 odataQuery, String tenantId, Dictionary`2       
                 customHeaders, CancellationToken cancellationToken)
                    at Microsoft.Azure.Management.Authorization.RoleAssignmentsOperationsExtensions.ListForScopeAsync(IRoleAssignmentsOperations operations, String scope, ODataQuery`1 odataQuery,    
                 String tenantId, CancellationToken cancellationToken)
                    at Microsoft.Azure.Management.Authorization.RoleAssignmentsOperationsExtensions.ListForScope(IRoleAssignmentsOperations operations, String scope, ODataQuery`1 odataQuery, String  
                 tenantId)
                    at Microsoft.Azure.Commands.Resources.Models.Authorization.AuthorizationClient.FilterRoleAssignments(FilterRoleAssignmentsOptions options, String currentSubscription, UInt64      
                 first, UInt64 skip)
                    at Microsoft.Azure.Commands.Resources.GetAzureRoleAssignmentCommand.ExecuteCmdlet()
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
Exception      : Microsoft.Azure.Management.Authorization.Models.ErrorResponseException
InvocationInfo : {Get-AzRoleAssignment}
Line           : Get-AzRoleAssignment -scope "/"
Position       : At line:1 char:1
                 + Get-AzRoleAssignment -scope "/"
                 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 107
ghost commented 2 years ago

Thank you for your feedback. This has been routed to the support team for assistance.

RakeshMohanMSFT commented 2 years ago

@ChristopherGLewis Thank you for reaching out, we are looking into it.

ghost commented 1 year ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @darshanhs90, @AshishGargMicrosoft.

Issue Details
### Description `Get-AzRoleAssignment -scope "/"` returns a BadRequest error: ``` PowerShell c:\> Get-AzRoleAssignment -scope "/" Get-AzRoleAssignment: Operation returned an invalid status code 'BadRequest' ``` but this works OK with a Where-Object ``` PowerShell c:\> Get-AzRoleAssignment | Where-Object {$_.scope -eq "/"} RoleAssignmentName : 8f0f3d8b-4536-47ce-95a0-edcb424c49db RoleAssignmentId : /providers/Microsoft.Authorization/roleAssignments/8f0f3d8b-4536-47ce-95a0-edcb424c49db Scope : / DisplayName : First Last SignInName : First.Last@domain.com RoleDefinitionName : User Access Administrator RoleDefinitionId : 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 ObjectId : 901c8c08-56c4-4df6-a651-2e4ba77c74f0 ObjectType : User CanDelegate : False Description : ConditionVersion : Condition : RoleAssignmentName : 4dd06e22-14cf-4fab-9ff4-1845878a4d6f RoleAssignmentId : /providers/Microsoft.Authorization/roleAssignments/4dd06e22-14cf-4fab-9ff4-1845878a4d6f Scope : / DisplayName : First Last SignInName : First.Last@domain.com RoleDefinitionName : Owner RoleDefinitionId : 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 ObjectId : 901c8c08-56c4-4df6-a651-2e4ba77c74f0 ObjectType : User CanDelegate : False Description : ConditionVersion : Condition : ' ``` Note this works perfectly fine using the AZ CLI: ``` sh c:\> az role assignment list --scope "/" [ { "canDelegate": null, "condition": null, "conditionVersion": null, "description": null, "id": "/providers/Microsoft.Authorization/roleAssignments/8f0f3d8b-4536-47ce-95a0-edcb424c49db", "name": "8f0f3d8b-4536-47ce-95a0-edcb424c49db", "principalId": "xx-xx-xx-xx-xx", "principalName": "First.Last@domain.com", "principalType": "User", "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9", "roleDefinitionName": "User Access Administrator", "scope": "/", "type": "Microsoft.Authorization/roleAssignments" }, { "canDelegate": null, "condition": null, "conditionVersion": null, "description": null, "id": "/providers/Microsoft.Authorization/roleAssignments/4dd06e22-14cf-4fab-9ff4-1845878a4d6f", "name": "4dd06e22-14cf-4fab-9ff4-1845878a4d6f", "principalId": "xx-xx-xx-xx-xx", "principalName": "First.Last@domain.com", "principalType": "User", "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635", "roleDefinitionName": "Owner", "scope": "/", "type": "Microsoft.Authorization/roleAssignments" } ] ``` ### Issue script & Debug output ```PowerShell c:\> $DebugPreference='Continue' DEBUG: Setting WindowTitle: C:\ - PowerShell 7.2 (33032) C:\> Get-AzRoleAssignment -scope "/" DEBUG: 1: 14: 20 PM - GetAzureRoleAssignmentCommand begin processing with ParameterSet 'ScopeParameterSet'. DEBUG: 1: 14: 20 PM - using account id 'First.Last@domain.com'... DEBUG: 1: 14: 20 PM - [ConfigManager ] Got nothing from [DisplayBreakingChangeWarning ], Module = [], Cmdlet = []. Returning default value [True ]. DEBUG: [Common.Authentication ]: Authenticating using Account: 'First.Last@domain.com', environment: 'AzureCloud', tenant: 'xx-xx-xx-xx' DEBUG: 1: 14: 20 PM - [SilentAuthenticator ] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'xx-xx-xx-xx', Scopes:'https: //graph.microsoft.com//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'First.Last@domain.com' DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https: //graph.microsoft.com//.default ] ParentRequestId: DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.84 - 90767871-2240-422a-b6da-3d8caef0e1c3 ] IsLegacyAdalCacheEnabled: yes DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.84 - 90767871-2240-422a-b6da-3d8caef0e1c3 ] [Region discovery ] Not using a regional authority. DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.84 - 90767871-2240-422a-b6da-3d8caef0e1c3 ] [Region discovery ] Not using a regional authority. DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.84 - 90767871-2240-422a-b6da-3d8caef0e1c3 ] [Region discovery ] Not using a regional authority. DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.84 - 90767871-2240-422a-b6da-3d8caef0e1c3 ] IsLegacyAdalCacheEnabled: yes DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.84 - 90767871-2240-422a-b6da-3d8caef0e1c3 ] IsLegacyAdalCacheEnabled: yes DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.84 ] Found 2 cache accounts and 0 broker accounts DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.84 ] Returning 2 accounts DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.84 - 211efbab-11f8-45e4-88ff-7b8ed44d231b ] MSAL MSAL.NetCore with assembly version '4.39.0.0'. CorrelationId(211efbab-11f8-45e4-88ff-7b8ed44d231b) DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.84 - 211efbab-11f8-45e4-88ff-7b8ed44d231b ] === AcquireTokenSilent Parameters === DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.84 - 211efbab-11f8-45e4-88ff-7b8ed44d231b ] LoginHint provided: False DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.84 - 211efbab-11f8-45e4-88ff-7b8ed44d231b ] Account provided: True DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.84 - 211efbab-11f8-45e4-88ff-7b8ed44d231b ] ForceRefresh: False DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.84 - 211efbab-11f8-45e4-88ff-7b8ed44d231b ] === Request Data === Authority Provided? - True Scopes - https: //graph.microsoft.com//.default Extra Query Params Keys (space separated) - ApiId - AcquireTokenSilent IsConfidentialClient - False SendX5C - False LoginHint ? False IsBrokerConfigured - False HomeAccountId - False CorrelationId - 211efbab-11f8-45e4-88ff-7b8ed44d231b UserAssertion set: False LongRunningOboCacheKey set: False DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.84 - 211efbab-11f8-45e4-88ff-7b8ed44d231b ] === Token Acquisition (SilentRequest) started: Scopes: https: //graph.microsoft.com//.default Authority Host: login.microsoftonline.com DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.85 - 211efbab-11f8-45e4-88ff-7b8ed44d231b ] [Region discovery ] Not using a regional authority. DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.85 - 211efbab-11f8-45e4-88ff-7b8ed44d231b ] Access token is not expired. Returning the found cache entry. [Current time (11/29/2022 19: 14: 20) - Expiration Time (11/29/2022 19: 44: 47 +00: 00) - Extended Expiration Time (11/29/2022 19: 44: 47 +00: 00) ] DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.85 - 211efbab-11f8-45e4-88ff-7b8ed44d231b ] Returning access token found in cache. RefreshOn exists ? False DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.85 - 211efbab-11f8-45e4-88ff-7b8ed44d231b ] [Region discovery ] Not using a regional authority. DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.85 - 211efbab-11f8-45e4-88ff-7b8ed44d231b ] Fetched access token from host login.microsoftonline.com. DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.85 - 211efbab-11f8-45e4-88ff-7b8ed44d231b ] === Token Acquisition finished successfully: DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.85 - 211efbab-11f8-45e4-88ff-7b8ed44d231b ] AT expiration time: 11/29/2022 7: 44: 47 PM +00: 00, scopes email openid profile https: //graph.microsoft.com//AuditLog.Read.All https://graph.microsoft.com//Directory.AccessAsUser.All https://graph.microsoft.com//.default source Cache from login.microsoftonline.com appHashCode 27500791 DEBUG: SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https: //graph.microsoft.com//.default ] ParentRequestId: ExpiresOn: 2022-11-29T19:44:47.0000000+00:00 DEBUG: [Common.Authentication ]: Received token with LoginType 'User', Tenant: 'xx-xx-xx-xx', UserId: 'First.Last@domain.com' DEBUG: [Common.Authentication ]: Authenticating using Account: 'First.Last@domain.com', environment: 'AzureCloud', tenant: 'xx-xx-xx-xx' DEBUG: 1: 14: 20 PM - [SilentAuthenticator ] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'xx-xx-xx-xx', Scopes:'https: //management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'First.Last@domain.com' DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https: //management.core.windows.net//.default ] ParentRequestId: DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.86 - 6876f069-8152-4fb3-9b8c-ae90cfd918df ] IsLegacyAdalCacheEnabled: yes DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.86 - 6876f069-8152-4fb3-9b8c-ae90cfd918df ] [Region discovery ] Not using a regional authority. DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.86 - 6876f069-8152-4fb3-9b8c-ae90cfd918df ] [Region discovery ] Not using a regional authority. DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.86 - 6876f069-8152-4fb3-9b8c-ae90cfd918df ] [Region discovery ] Not using a regional authority. DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.86 - 6876f069-8152-4fb3-9b8c-ae90cfd918df ] IsLegacyAdalCacheEnabled: yes DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.86 - 6876f069-8152-4fb3-9b8c-ae90cfd918df ] IsLegacyAdalCacheEnabled: yes DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.86 ] Found 2 cache accounts and 0 broker accounts DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.86 ] Returning 2 accounts DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.86 - 06323c4f-3a43-40ee-a2fb-ee7488614688 ] MSAL MSAL.NetCore with assembly version '4.39.0.0'. CorrelationId(06323c4f-3a43-40ee-a2fb-ee7488614688) DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.86 - 06323c4f-3a43-40ee-a2fb-ee7488614688 ] === AcquireTokenSilent Parameters === DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.86 - 06323c4f-3a43-40ee-a2fb-ee7488614688 ] LoginHint provided: False DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.86 - 06323c4f-3a43-40ee-a2fb-ee7488614688 ] Account provided: True DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.86 - 06323c4f-3a43-40ee-a2fb-ee7488614688 ] ForceRefresh: False DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.86 - 06323c4f-3a43-40ee-a2fb-ee7488614688 ] === Request Data === Authority Provided? - True Scopes - https: //management.core.windows.net//.default Extra Query Params Keys (space separated) - ApiId - AcquireTokenSilent IsConfidentialClient - False SendX5C - False LoginHint ? False IsBrokerConfigured - False HomeAccountId - False CorrelationId - 06323c4f-3a43-40ee-a2fb-ee7488614688 UserAssertion set: False LongRunningOboCacheKey set: False DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.86 - 06323c4f-3a43-40ee-a2fb-ee7488614688 ] === Token Acquisition (SilentRequest) started: Scopes: https: //management.core.windows.net//.default Authority Host: login.microsoftonline.com DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.87 - 06323c4f-3a43-40ee-a2fb-ee7488614688 ] [Region discovery ] Not using a regional authority. DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.87 - 06323c4f-3a43-40ee-a2fb-ee7488614688 ] Access token is not expired. Returning the found cache entry. [Current time (11/29/2022 19: 14: 20) - Expiration Time (11/29/2022 19: 43: 26 +00: 00) - Extended Expiration Time (11/29/2022 19: 43: 26 +00: 00) ] DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.87 - 06323c4f-3a43-40ee-a2fb-ee7488614688 ] Returning access token found in cache. RefreshOn exists ? False DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.87 - 06323c4f-3a43-40ee-a2fb-ee7488614688 ] [Region discovery ] Not using a regional authority. DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.87 - 06323c4f-3a43-40ee-a2fb-ee7488614688 ] Fetched access token from host login.microsoftonline.com. DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.87 - 06323c4f-3a43-40ee-a2fb-ee7488614688 ] === Token Acquisition finished successfully: DEBUG: False MSAL 4.39.0.0 MSAL.NetCore .NET 6.0.10 Microsoft Windows 10.0.22621 [ 11/29 19: 14: 20.87 - 06323c4f-3a43-40ee-a2fb-ee7488614688 ] AT expiration time: 11/29/2022 7: 43: 26 PM +00: 00, scopes https: //management.core.windows.net//user_impersonation https://management.core.windows.net//.default source Cache from login.microsoftonline.com appHashCode 63475992 DEBUG: SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https: //management.core.windows.net//.default ] ParentRequestId: ExpiresOn: 2022-11-29T19:43:26.0000000+00:00 DEBUG: [Common.Authentication ]: Received token with LoginType 'User', Tenant: 'xx-xx-xx-xx', UserId: 'First.Last@domain.com' DEBUG: ============================ HTTP REQUEST ============================ HTTP Method: GET Absolute Uri: https: //management.azure.com///providers/Microsoft.Authorization/roleAssignments?api-version=2020-08-01-preview Headers: x-ms-client-request-id : 93007922-78cc-422b-9bdf-1ee42933441f Accept-Language : en-US Body: DEBUG: ============================ HTTP RESPONSE ============================ Status Code: BadRequest Headers: Cache-Control : no-cache Pragma : no-cache x-ms-request-id : f0e212fc-b275-41b1-b1c3-5f831e4621bb X-Content-Type-Options : nosniff Strict-Transport-Security : max-age=31536000; includeSubDomains Set-Cookie : x-ms-gateway-slice=Production; path=/; secure; samesite=none; httponly x-ms-ratelimit-remaining-tenant-reads: 11999 x-ms-correlation-request-id : 3655b788-7078-4bbb-a2fa-c2a4566e70d7 x-ms-routing-request-id : NORTHCENTRALUS: 20221129T191419Z: 3655b788-7078-4bbb-a2fa-c2a4566e70d7 Date : Tue, 29 Nov 2022 19: 14: 19 GMT Body: { "error": { "code": "UnsupportedFilter", "message": "The role assignments query at '/' scope is not allowed without any filters." } } DEBUG: 1: 14: 21 PM - [ConfigManager ] Got [True ] from [EnableDataCollection ], Module = [], Cmdlet = []. Get-AzRoleAssignment: Operation returned an invalid status code 'BadRequest' DEBUG: 1: 14: 21 PM - [ConfigManager ] Got nothing from [DisplayBreakingChangeWarning ], Module = [], Cmdlet = []. Returning default value [True ]. DEBUG: AzureQoSEvent: Module: Az.Resources: 6.1.0; CommandName: Get-AzRoleAssignment; PSVersion: 7.2.7; IsSuccess: False; Duration: 00: 00: 00.2890101; Exception: Operation returned an invalid status code 'BadRequest'; DEBUG: Finish sending metric. DEBUG: 1: 14: 21 PM - GetAzureRoleAssignmentCommand end processing. DEBUG: Setting WindowTitle: C:\ - PowerShell 7.2 (33032) C:\> ``` ### Environment data ```PowerShell > $PSVersionTable Name Value ---- ----- PSVersion 7.2.7 PSEdition Core GitCommitId 7.2.7 OS Microsoft Windows 10.0.22621 Platform Win32NT PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…} PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 WSManStackVersion 3.0 ``` ### Module versions ```PowerShell > Get-Module Az* ModuleType Version PreRelease Name ExportedCommands ---------- ------- ---------- ---- ---------------- Script 2.9.1 Az.Accounts {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext, Clear-AzDefault…} Script 6.1.0 Az.Resources {Export-AzResourceGroup, Export-AzTemplateSpec, Get-AzDenyAssignment, Get-AzDeployment…} ``` ### Error output ```PowerShell > Resolve-AzError WARNING: Upcoming breaking changes in the cmdlet 'Resolve-AzError' : The `Resolve-Error` alias will be removed in a future release. Please change any scripts that use this alias to use `Resolve-AzError` instead. Note : Go to https://aka.ms/azps-changewarnings for steps to suppress this breaking change warning, and other information on breaking changes in Azure PowerShell. HistoryId: 107 Message : Operation returned an invalid status code 'BadRequest' StackTrace : at Microsoft.Azure.Management.Authorization.RoleAssignmentsOperations.ListForScopeWithHttpMessagesAsync(String scope, ODataQuery`1 odataQuery, String tenantId, Dictionary`2 customHeaders, CancellationToken cancellationToken) at Microsoft.Azure.Management.Authorization.RoleAssignmentsOperationsExtensions.ListForScopeAsync(IRoleAssignmentsOperations operations, String scope, ODataQuery`1 odataQuery, String tenantId, CancellationToken cancellationToken) at Microsoft.Azure.Management.Authorization.RoleAssignmentsOperationsExtensions.ListForScope(IRoleAssignmentsOperations operations, String scope, ODataQuery`1 odataQuery, String tenantId) at Microsoft.Azure.Commands.Resources.Models.Authorization.AuthorizationClient.FilterRoleAssignments(FilterRoleAssignmentsOptions options, String currentSubscription, UInt64 first, UInt64 skip) at Microsoft.Azure.Commands.Resources.GetAzureRoleAssignmentCommand.ExecuteCmdlet() at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord() Exception : Microsoft.Azure.Management.Authorization.Models.ErrorResponseException InvocationInfo : {Get-AzRoleAssignment} Line : Get-AzRoleAssignment -scope "/" Position : At line:1 char:1 + Get-AzRoleAssignment -scope "/" + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ HistoryId : 107 ```
Author: ChristopherGLewis
Assignees: -
Labels: `Resource Authorization`, `Service Attention`, `bug`, `customer-reported`, `Mgmt`
Milestone: -